prosze o sprawdzenie loga ( 2 podejrzane wpisy )

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 12:44

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 12:29:59, on 2008-06-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Panda internet security 2007\pavsrv51.exe D:\Panda internet security 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe d:\panda internet security 2007\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe D:\Panda internet security 2007\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe D:\Panda internet security 2007\AntiSpam\pskmssvc.exe D:\Panda internet security 2007\PsImSvc.exe C:\WINDOWS\system32\svchost.exe D:\Panda internet security 2007\apvxdwin.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\tIBIA\Tibia.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\GM4IE\GM4IE.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Panda internet security 2007\SRVLOAD.EXE d:\panda internet security 2007\WebProxy.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Pulpit\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\fquwnvdx.dll",b O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\hbiegsqn.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GM4IE] D:\Program Files\GM4IE\GM4IE.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series (Kopia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - d:\Program Files\Ares\chatServer.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda internet security 2007\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda internet security 2007\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Panda internet security 2007\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\panda internet security 2007\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Panda internet security 2007\PsImSvc.exe

Prosze o sprawdzenie tego loga, najbardziej niepokoją mnie dwa wpisy

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\fquwnvdx.dll",b O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\hbiegsqn.dll",s

Mimo to że je usuwam to i tak przy restarcie systemu sie pojawiają

A na www.hijackthis.de pisze że niezna aplikacji

**Posty:** 8001 · przez **Okocza** 28 Cze 2008, 12:46

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

oraz te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

potem wróć z logiem z combofixa

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 14:28

Czemu w tym SmitfraudFix wykryło mi trojana??

**Posty:** 8001 · przez **Okocza** 28 Cze 2008, 14:29

P$ychop@ta dlatego że jest to program który usuwa syf z komputera, niektóre antywirusy mogą go uznać za trojana.

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 14:54

A, i co to jst ten combofix :wow:

**Posty:** 7956 · przez **Magik** 28 Cze 2008, 14:57

P$ychop@ta napisał(a):A, i co to jst ten combofix

http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

podejżane wpisy )

i wez to popraw na "rz", bo oczy kluje :!:

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 15:39

ComboFix 08-06-20.4 - user 2008-06-28 15:08:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.57 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6fc203a4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awttRJBt.dll
C:\WINDOWS\system32\bouxbsnp.dll
C:\WINDOWS\system32\bugrakji.ini
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\fquwnvdx.dll
C:\WINDOWS\system32\frgfvxrh.ini
C:\WINDOWS\system32\fwbnnaix.dll
C:\WINDOWS\system32\gbguhdnd.dll
C:\WINDOWS\system32\gbljtwki.dll
C:\WINDOWS\system32\gcmmcxgj.ini
C:\WINDOWS\system32\hbiegsqn.dll
C:\WINDOWS\system32\hpctnlci.dll
C:\WINDOWS\system32\iclntcph.ini
C:\WINDOWS\system32\ijjaxbgn.dll
C:\WINDOWS\system32\iscvuqwc.dll
C:\WINDOWS\system32\iypxwopj.dll
C:\WINDOWS\system32\jlncneyr.ini
C:\WINDOWS\system32\kgdytmid.dll
C:\WINDOWS\system32\koqnupyc.ini
C:\WINDOWS\system32\krnxlxka.ini
C:\WINDOWS\system32\lfcttfvu.exe
C:\WINDOWS\system32\lrrgfmto.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ovbpsmol.dll
C:\WINDOWS\system32\owtnbkyu.ini
C:\WINDOWS\system32\pphbsxwp.dll
C:\WINDOWS\system32\qvsoopuh.dll
C:\WINDOWS\system32\rahdoeft.dll
C:\WINDOWS\system32\sodjrjnu.dll
C:\WINDOWS\system32\tBJRttwa.ini
C:\WINDOWS\system32\tBJRttwa.ini2
C:\WINDOWS\system32\uagvieda.dll
C:\WINDOWS\system32\vakojney.ini
C:\WINDOWS\system32\wdputqmy.ini
C:\WINDOWS\system32\wjscxxeo.ini
C:\WINDOWS\system32\wyldanpa.ini
C:\WINDOWS\system32\xdvnwuqf.ini
C:\WINDOWS\system32\xiannbwf.ini
C:\WINDOWS\system32\yapgeowt.exe
C:\WINDOWS\system32\ynfodlgm.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTMLSVC
-------\Service_NtmlSvc

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-28 14:47 . 2008-06-28 14:56 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-28 14:46 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-28 14:46 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-28 14:46 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-28 14:46 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-28 14:46 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-28 14:46 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-28 14:46 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-28 14:46 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-28 14:46 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-13 22:20 . 2008-06-13 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-13 14:21 . 2008-06-13 14:21 <DIR> d-------- C:\Program Files\Skype
2008-06-13 14:21 . 2008-06-13 14:21 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-13 14:21 . 2008-06-27 18:13 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\Skype
2008-06-13 14:18 . 2008-06-13 14:18 <DIR> d-------- C:\Documents and Settings\user\Dane aplikacji\FlashGet
2008-06-13 14:18 . 2006-04-20 13:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-10 21:00 . 2008-06-13 20:28 1,592 --a------ C:\WINDOWS\unins000.dat
2008-06-06 15:15 . 2008-06-06 15:15 <DIR> d--hs---- C:\found.001
2008-06-04 13:54 . 2008-06-04 13:54 101,440 --------- C:\WINDOWS\system32\mihdceqv.dll_old

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 13:21 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-06-28 12:45 262,252 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-06-24 15:57 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Tibia
2008-06-13 12:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 12:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-10 19:08 --------- d-----w C:\Program Files\Gpotato
2008-06-06 14:04 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\skypePM
2008-05-09 14:00 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\GanymedeNet
2008-05-02 19:15 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\gtk-2.0
2008-05-01 18:13 --------- d-----w C:\Program Files\Cheat Engine
2008-04-08 11:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-28 14:22 123,463 ----a-w C:\PAVVTS.DAT
2008-03-28 14:22 10,160 ----a-w C:\PAVPROT.BIN
2008-03-10 15:06 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
1998-04-30 13:56 129,024 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{156BF837-4549-4CB0-8669-9BF34F9AFF15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA8BE6D5-40E0-48B8-B317-18A4A590918A}]
C:\WINDOWS\system32\opnklIbA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"GM4IE"="D:\Program Files\GM4IE\GM4IE.exe" [2006-07-23 10:32 61440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 15:01 180736]
"EPSON Stylus DX4400 Series (Kopia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 15:01 180736]
"SpybotSD TeaTimer"="d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"= C:\WINDOWS\system32\opnklIbA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklIbA]
opnklIbA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\cda\\bonus\\Male gierki\\Kaboodle.exe"=
"D:\\cda\\bonus\\Male gierki\\Kaboodle Helper\\vncviewer.exe"=
"D:\\cda\\bonus\\Male gierki\\Kaboodle Helper\\WinVNC.exe"=
"D:\\cda\\bonus\\Male gierki\\Kaboodle Helper\\zebedee.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

.

**Posty:** 18165 · przez **wojtas** 28 Cze 2008, 15:40

log jest niepełny i nie jest w tagach

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 16:02

Teraz jest już chyba dobrze :banan:

Edit@
Omg po kropce nic już nie ma, to ja już nie wiem teraz powinno być już dobrze

**Posty:** 18165 · przez **wojtas** 28 Cze 2008, 16:05

nie jest urwany nie ma dolnej części

popraw

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 17:44

Ile jeszcze

**Posty:** 7956 · przez **Magik** 28 Cze 2008, 17:57

P$ychop@ta napisał(a):Ile jeszcze

wojtasowi brakuje wpisow rejestru//zamiennie zamiast combo mozesz wrzucic z DSS'a

daj to na fix musowo i smialo

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\fquwnvdx.dll",b O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\hbiegsqn.dll",s

jesli jeszcze sa bo patzrac na log z combo powinny juz byc w eterze

wklej jeszcze z DSS'a i zrob to by okocz' i bedzie wtedy kompletny obraz kompa

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 8 · przez **P$ychop@ta** 28 Cze 2008, 19:13

Deckard's System Scanner v20071014.68
Run by user on 2008-06-28 19:00:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
20: 2008-06-28 16:50:38 UTC - RP193 - Deckard's System Scanner Restore Point
19: 2008-06-28 16:49:47 UTC - RP192 - Usunięto: Skype™ 3.6
18: 2008-06-28 13:07:29 UTC - RP191 - ComboFix created restore point
17: 2008-06-13 12:21:04 UTC - RP190 - Operacja przywracania
16: 2008-06-13 12:12:36 UTC - RP189 - Usunięto: Skype™ 3.6

-- First Restore Point --
1: 2008-05-16 13:15:01 UTC - RP174 - Punkt kontrolny systemu

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis (run as user.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-28 19:02:43
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Panda internet security 2007\PAVSRV51.EXE
D:\Panda internet security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
D:\Panda internet security 2007\FIREWALL\PNmSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Panda internet security 2007\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
D:\Panda internet security 2007\AntiSpam\pskmssvc.exe
D:\Panda internet security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\GM4IE\gm4ie.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Panda internet security 2007\SrvLoad.exe
C:\Documents and Settings\user\Pulpit\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {156BF837-4549-4CB0-8669-9BF34F9AFF15} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {FA8BE6D5-40E0-48B8-B317-18A4A590918A} - C:\WINDOWS\system32\opnklIbA.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GM4IE] D:\Program Files\GM4IE\GM4IE.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series (Kopia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: opnklIbA - C:\WINDOWS\system32\opnklIbA.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - d:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda internet security 2007\PAVFNSVR.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda internet security 2007\PAVSRV51.EXE
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Panda internet security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - D:\Panda internet security 2007\FIREWALL\PNmSrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Panda internet security 2007\PsImSvc.exe

--
End of file - 6941 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\user\Pulpit\Pulpit\backups\) ----------

backup-20080520-124825-325 O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\mloivfuj.dll",s
backup-20080520-124825-348 O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\duuupmhx.dll",b
backup-20080525-110219-390 O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\rdemxcxv.dll",b
backup-20080525-110219-473 O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\qekymsnm.dll",s
backup-20080616-124923-124 O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\fwbnnaix.dll",b
backup-20080616-124923-903 O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\uagvieda.dll",s
backup-20080622-132557-868 O4 - HKLM\..\Run: [BM6fc203a4] Rundll32.exe "C:\WINDOWS\system32\bouxbsnp.dll",s
backup-20080622-132557-925 O4 - HKLM\..\Run: [6cf13038] rundll32.exe "C:\WINDOWS\system32\hpctnlci.dll",b

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - js_file - DefaultIcon - Plik js
.js - js_file - shell\open\command - "d:\Program Files\Ager Web Edytor\AgerWebEdytor.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - shell\open\command - D:\PANDAI~1\PAVSCRIP.EXE "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 netflt (Panda Net Driver [NDIS Layer]) - c:\windows\system32\drivers\netflt.sys <Not Verified; Panda Software International; Panda Residents>
R1 APPFLT (App Filter Plugin) - c:\windows\system32\drivers\appflt.sys <Not Verified; Panda Software; Panda Network Manager>
R1 DSAFLT (DSA Filter Plugin) - c:\windows\system32\drivers\dsaflt.sys <Not Verified; Panda Software International; Panda Residents>
R1 FNETMON (NetMon Filter Plugin) - c:\windows\system32\drivers\fnetmon.sys <Not Verified; Panda Software; Panda Network Manager>
R1 IDSFLT (Ids Filter Plugin) - c:\windows\system32\drivers\idsflt.sys <Not Verified; Panda Software International; Panda residents>
R1 NETFLTDI (Panda Net Driver [TDI Layer]) - c:\windows\system32\drivers\netfltdi.sys <Not Verified; Panda Software; Panda®Network Manager>
R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shlddrv.sys <Not Verified; Panda Software; Panda®Shield>
R1 SMSFLT (SMS Filter Plugin) - c:\windows\system32\drivers\smsflt.sys <Not Verified; Panda Software International; Panda Residents>
R1 WNMFLT (Wifi Monitor Filter Plugin) - c:\windows\system32\drivers\wnmflt.sys <Not Verified; Panda Software International; Panda Residents>
R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint.sys <Not Verified; Panda Software; © Panda Software 2005>
R2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys <Not Verified; Panda Software; PandaShield>
R3 ac97intc (Intel(r) 82801DB/DBM Audio Driver Service (WDM)) - c:\windows\system32\drivers\ac97ich4.sys <Not Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 ddsxeiservice (ddsxeiservice2) - d:\program files\sxe injected\ddsxei.sys
S3 kbeepm - c:\docume~1\user\ustawi~1\temp\kbeepm.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PAVFNSVR (Panda Function Service) - "d:\panda internet security 2007\pavfnsvr.exe" <Not Verified; Panda Software International; Panda Residents>
R2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" <Not Verified; Panda Software; PandaShield>
R2 PAVSRV (Panda anti-virus service) - "d:\panda internet security 2007\pavsrv51.exe" <Not Verified; Panda Software International; Panda residents>
R2 pmshellsrv (Panda Antispam Engine) - d:\panda internet security 2007\antispam\pskmssvc.exe <Not Verified; Panda Software International; Panda Anti-malware>
R2 PNMSRV (Panda Network Manager) - "d:\panda internet security 2007\firewall\pnmsrv.exe" <Not Verified; Panda Software International; Panda residents>
R2 PSIMSVC (Panda IManager Service) - "d:\panda internet security 2007\psimsvc.exe" <Not Verified; Panda Software; Panda Antivirus>

S3 AresChatServer (Ares Chatroom server) - d:\program files\ares\chatserver.exe (file missing)
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 15:06:50 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 15:06:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 15:06:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 15:06:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 15:06:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 15:06:50 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 15:06:50 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 15:06:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-28 14:47:15 1092 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-28 14:46:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-28 14:46:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-28 14:46:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-28 14:46:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-28 14:46:01 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-28 14:46:01 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-28 14:46:01 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-28 14:46:01 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-10 21:00:57 1592 --a------ C:\WINDOWS\unins000.dat
2008-06-06 15:15:01 0 d--hs---- C:\found.001
2008-05-28 21:54:53 0 --a------ C:\Documents and Settings\user\set
2008-05-28 21:54:53 0 --a------ C:\Documents and Settings\user\plot

-- Find3M Report ---------------------------------------------------------------

2008-06-28 18:49:50 0 d-------- C:\Program Files\Common Files
2008-06-24 17:57:34 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Tibia
2008-06-13 14:22:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-13 14:18:32 0 d-------- C:\Documents and Settings\user\Dane aplikacji\FlashGet
2008-06-12 19:31:46 0 d-------- C:\Program Files\Messenger
2008-06-10 21:08:34 0 d-------- C:\Program Files\Gpotato
2008-06-06 16:04:23 0 d-------- C:\Documents and Settings\user\Dane aplikacji\skypePM
2008-05-20 10:26:14 11183 --a------ C:\WINDOWS\mozver.dat
2008-05-09 16:00:03 0 d-------- C:\Documents and Settings\user\Dane aplikacji\GanymedeNet
2008-05-08 14:33:17 4 --a------ C:\WINDOWS\system32\proc625010911.bin
2008-05-02 21:15:12 0 d-------- C:\Documents and Settings\user\Dane aplikacji\gtk-2.0
2008-05-01 20:13:02 0 d-------- C:\Program Files\Cheat Engine
2008-04-08 13:58:44 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-08 13:55:37 1 --a------ C:\WINDOWS\system32\SI.bin
2008-03-30 09:37:03 392808 --a------ C:\WINDOWS\system32\perfh015.dat
2008-03-30 09:37:03 70332 --a------ C:\WINDOWS\system32\perfc015.dat
2008-03-29 22:14:17 59 --a------ C:\WINDOWS\Commando.dat
2008-03-28 16:22:39 123463 --a------ C:\PAVVTS.DAT
2008-03-28 16:22:38 10160 --a------ C:\PAVPROT.BIN

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{156BF837-4549-4CB0-8669-9BF34F9AFF15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA8BE6D5-40E0-48B8-B317-18A4A590918A}]
C:\WINDOWS\system32\opnklIbA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"GM4IE"="D:\Program Files\GM4IE\GM4IE.exe" [2006-07-23 10:32]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 15:01]
"EPSON Stylus DX4400 Series (Kopia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 15:01]
"SpybotSD TeaTimer"="d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"= C:\WINDOWS\system32\opnklIbA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnklIbA]
opnklIbA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-06-28 19:04:28 ------------

Zapominom no xD

**Posty:** 18165 · przez **wojtas** 28 Cze 2008, 20:01

a gdzie tagi code lub quote ? czy to takie trudne?

**Posty:** 8 · przez **P$ychop@ta** 02 Lip 2008, 22:02

Nadal jest źle?

**Posty:** 18165 · przez **wojtas** 03 Lip 2008, 14:54

skasuj:

O2 - BHO: (no name) - {156BF837-4549-4CB0-8669-9BF34F9AFF15} - (no file)
O2 - BHO: (no name) - {FA8BE6D5-40E0-48B8-B317-18A4A590918A} - C:\WINDOWS\system32\opnklIbA.dll (file missing)
O20 - Winlogon Notify: opnklIbA - C:\WINDOWS\system32\opnklIbA.dll (file missing)

sciagnij dafta i go zastosuj

i daj nowy log z dss

prosze o sprawdzenie loga ( 2 podejrzane wpisy )

prosze o sprawdzenie loga ( 2 podejrzane wpisy )

Kto jest na forum