mialem ostatnio jakies dziwne trojany
udalo mi sie je zfixowac roznymi programami ale zostal maly jeden problem
mianowicie w moj komputer nie widac 2 partycji ( C i D) E wyswietla sie normalnie
w menu start zniknelo polowe ikonek m in moj komp oraz uruchom itp
mam raport z combifixa
ComboFix 08-05-26.2 - pantera 2008-05-28 20:32:44.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.635 [GMT 2:00]
Running from: C:\Documents and Settings\pantera\Pulpit\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\HRrCffii.ini
C:\WINDOWS\system32\HRrCffii.ini2
C:\WINDOWS\system32\jhpyqada.ini
C:\WINDOWS\system32\QpqWxGgh.ini
C:\WINDOWS\system32\QpqWxGgh.ini2
C:\WINDOWS\system32\ulqconay.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.
2008-05-28 20:37 . 2008-05-28 20:37 294 ---hs---- C:\WINDOWS\system32\jhpyqada.ini
2008-05-28 20:28 . 2008-05-28 20:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 20:26 . 2008-05-28 20:26 322,816 --a------ C:\WINDOWS\system32\hgGxWqpQ.dll
2008-05-28 20:26 . 2008-05-28 20:26 95,232 --a------ C:\WINDOWS\system32\adaqyphj.dll
2008-05-28 20:12 . 2008-05-28 20:12 95 --a------ C:\WINDOWS\wininit.ini
2008-05-28 17:02 . 2008-05-28 17:02 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\Panda Security
2008-05-27 17:40 . 2008-05-27 17:42 354 ---hs---- C:\WINDOWS\system32\aixgifpq.ini
2008-05-27 02:53 . 2008-05-27 02:53 90,112 --a------ C:\WINDOWS\system32\sbfkwtvp.dll
2008-05-26 19:48 . 2008-05-27 02:48 594 ---hs---- C:\WINDOWS\system32\epowvpwd.ini
2008-05-26 17:00 . 2006-03-03 11:02 1,680,896 --a------ C:\WINDOWS\system32\vcl100.bpl
2008-05-26 17:00 . 2006-03-03 11:02 843,264 --a------ C:\WINDOWS\system32\rtl100.bpl
2008-05-24 23:09 . 233,472 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-05-24 23:09 . 233,472 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\ntuser.dat
2008-05-24 17:02 . 2008-05-28 17:14 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Dane aplikacji\Spyware Terminator
2008-05-24 16:51 . 2008-05-28 17:32 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-24 16:51 . 2008-05-24 18:19 <DIR> d-------- C:\Documents and Settings\pantera\Dane aplikacji\Spyware Terminator
2008-05-24 16:51 . 2008-05-28 17:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spyware Terminator
2008-05-24 16:51 . 2008-05-24 16:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-24 14:19 . 2008-05-24 14:19 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Dane aplikacji\Bitdefender
2008-05-24 14:10 . 2008-05-24 14:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-24 14:09 . 2008-05-27 17:42 <DIR> d--h----- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Ustawienia lokalne
2008-05-24 14:09 . 2008-05-28 17:40 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Ulubione
2008-05-24 14:09 . 2008-01-11 21:29 <DIR> d--h----- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Szablony
2008-05-24 14:09 . 2008-05-28 17:41 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Pulpit
2008-05-24 14:09 . 2008-01-11 22:21 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Moje dokumenty
2008-05-24 14:09 . 2008-01-11 22:21 <DIR> dr------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Menu Start
2008-05-24 14:09 . 2008-05-24 17:02 <DIR> dr-h----- C:\Documents and Settings\Administrator.PANTERA-43FEFA5\Dane aplikacji
2008-05-24 14:09 . 2008-05-28 17:42 <DIR> d-------- C:\Documents and Settings\Administrator.PANTERA-43FEFA5
2008-05-24 12:17 . 2008-05-24 13:57 <DIR> d-------- C:\Documents and Settings\pantera\Dane aplikacji\TmpRecentIcons
2008-05-24 09:15 . 2008-05-23 20:50 176,128 --a------ C:\WINDOWS\eope.exe
2008-05-24 09:15 . 2008-05-24 09:15 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-24 09:15 . 2008-05-23 20:51 159,744 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-24 09:15 . 2008-05-24 09:15 29,312 --a------ C:\WINDOWS\system32\yayxyyyw.dll
2008-05-23 06:52 . 2008-05-27 03:23 <DIR> d-------- C:\Program Files\vghd
2008-05-23 06:52 . 2008-05-23 06:52 <DIR> d-------- C:\Documents and Settings\pantera\Dane aplikacji\vghd
2008-05-11 07:55 . 2008-05-25 10:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 07:55 . 2008-05-11 07:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 21:09 . 2008-05-01 21:09 <DIR> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 18:35 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-28 18:35 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-28 18:35 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-24 12:30 --------- d-----w C:\Program Files\Kodak
2008-04-23 13:33 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-17 17:08 --------- d-----w C:\Program Files\AnMing
2008-04-07 13:22 --------- d-----w C:\Program Files\Opera
2008-04-03 04:35 --------- d-----w C:\Program Files\Virtual Hottie 2
2008-04-02 19:15 --------- d-----w C:\Program Files\Act-3D
2008-03-31 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 16:15 --------- d-----w C:\Program Files\Realtek
2008-03-31 15:59 --------- d-----w C:\Program Files\Realtek AC97
2008-03-31 15:59 --------- d-----w C:\Program Files\AvRack
2008-01-21 15:50 432 ----a-w C:\Program Files\INSTALL.LOG
.
- Kod: Zaznacz wszystko
<pre>
----a-w 1,065,288 2008-01-11 16:17:52 C:\Program Files\Spyware Doctor\SDTrayApp .exe
----a-w 2,351,864 2008-01-11 16:47:33 C:\Program Files\WapSter\AQQ\AQQ .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-05-27_17.20.37.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 15:19:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 18:36:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 10:56:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 12:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2008-05-28 18:36:52 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-05-28 18:36:52 16,384 ----a-w C:\WINDOWS\Temp\Historia\History.IE5\index.dat
+ 2008-05-28 18:36:52 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
2008-05-24 09:15 29312 --a------ C:\WINDOWS\system32\yayxyyyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AFEC22B-8A07-4403-8A23-99B65F10E5FB}]
2008-05-28 20:26 322816 --a------ C:\WINDOWS\system32\hgGxWqpQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6A82B82-CDEF-4DEE-81E5-86525B594A1B}]
C:\WINDOWS\system32\iiffCrRH.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 17:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 04:24 86016 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-01 07:02 7311360]
"c0bbb37e"="C:\WINDOWS\system32\adaqyphj.dll" [2008-05-28 20:26 95232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-20 02:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}"= C:\WINDOWS\system32\yayxyyyw.dll [2008-05-24 09:15 29312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxyyyw]
yayxyyyw.dll 2008-05-24 09:15 29312 C:\WINDOWS\system32\yayxyyyw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ .exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ~1.EXE"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-24 16:51]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 18:40]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 09:32:57 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200736016.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:36:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayxyyyw.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\adaqyphj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Completion time: 2008-05-28 20:38:24 - machine was rebooted [pantera]
ComboFix-quarantined-files.txt 2008-05-28 18:38:12
ComboFix2.txt 2008-05-27 15:42:07
ComboFix3.txt 2008-05-27 15:21:00
ComboFix4.txt 2008-05-26 18:05:36
Pre-Run: 16,859,815,936 bajtów wolnych
Post-Run: 16,853,331,968 bajt˘w wolnych
183
[/list]
code lub quote
