Skocz do zawartości


Close Open
Close Open
Zdjęcie
- - - - -

Jak usunąc ciągle wyskakujące okienko. . . ?


  • Please log in to reply
4 replies to this topic

#1 graffitilove

graffitilove

    Adept

  • Forumowicze
  • Pip
  • 23 Postów:
  • Płeć:Mężczyzna
  • Lokalizacja:Warszawa, Polska

Napisany 18 styczeń 2008 - 12:50

Witam serdecznie, w sumie od kilku dni wyskakuje mi nieustannie ( z małymi przerwami ) komunikat abym przeskanował swój komputer i zainstalował oprogramowanie. Niedawno podobnie sie działo i gdy dałem przypadkowo ok pozniej nie mogłem usunać prograamu ktory sie zainstalowal. Co z tym mozna zrobic? DDAje loga z ComboFix


ComboFix 08-01-18.4 - graffitilove 2008-01-18 12:32:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.358 [GMT 1:00]
Running from: C:\Documents and Settings\graffitilove\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\ddwlxtqdpn.dll
C:\WINDOWS\enqvwkp.dll
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 12:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 22:16 . 2008-01-16 22:16 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Lavasoft
2008-01-16 19:33 . 2008-01-16 19:33 83 --a------ C:\WINDOWS\wa.INI
2008-01-16 16:39 . 2008-01-16 11:26 229,376 --a------ C:\WINDOWS\agrlmvp.dll
2008-01-16 16:39 . 2008-01-16 11:26 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-16 14:36 . 2008-01-16 14:36 <DIR> d-------- C:\Program Files\ESKK
2008-01-15 21:13 . 2008-01-15 21:13 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-15 21:13 . 2008-01-15 21:13 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-15 18:26 . 2008-01-16 16:02 <DIR> d-------- C:\Program Files\Warzone 2100
2008-01-15 18:07 . 2008-01-15 18:23 <DIR> d-------- C:\Program Files\Tremulous
2008-01-15 10:39 . 2008-01-15 10:39 <DIR> d-------- C:\WINDOWS\Sun
2008-01-15 10:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 10:38 . 2008-01-15 10:39 <DIR> d-------- C:\Program Files\Java
2008-01-15 10:36 . 2008-01-15 10:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-14 17:25 . 2008-01-14 17:25 <DIR> d-------- C:\Documents and Settings\graffitilove\AbiSuite
2008-01-14 17:24 . 2008-01-14 17:24 <DIR> d-------- C:\Program Files\AbiSuite2
2008-01-14 14:18 . 2008-01-14 14:18 <DIR> d-------- C:\WINDOWS\system32\Nexus Radio
2008-01-14 14:18 . 2008-01-18 12:31 <DIR> d-------- C:\Program Files\Nexus Radio
2008-01-14 13:57 . 2008-01-14 21:51 <DIR> d-------- C:\Program Files\Nexus_Radio
2008-01-14 13:57 . 2008-01-16 21:56 <DIR> d-------- C:\My Recorded Files
2008-01-13 22:00 . 2004-08-04 00:44 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-13 22:00 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-13 22:00 . 2004-08-04 00:44 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-13 22:00 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-13 22:00 . 2004-08-04 00:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-13 21:58 . 2008-01-13 21:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 21:58 . 2008-01-13 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-01-13 21:58 . 2006-06-09 10:46 102,400 --a------ C:\WINDOWS\removeARKIRDA.exe
2008-01-13 21:58 . 2004-08-09 05:04 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-13 21:58 . 2006-06-16 11:53 25,088 --a------ C:\WINDOWS\system32\drivers\IrUSB.sys
2008-01-13 21:47 . 2008-01-13 21:48 <DIR> d-------- C:\Program Files\BearShare
2008-01-13 21:47 . 2008-01-17 21:14 <DIR> d-------- C:\My Downloads
2008-01-13 18:32 . 2008-01-13 18:37 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-12 22:54 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-12 15:01 . 2008-01-12 15:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-12 15:01 . 2008-01-12 15:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-12 13:51 . 2008-01-12 14:02 <DIR> d-------- C:\Program Files\Winamp
2008-01-12 13:51 . 2008-01-13 11:38 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Winamp
2008-01-11 22:49 . 2008-01-13 21:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-11 22:49 . 2008-01-11 22:49 <DIR> d-------- C:\NVIDIA
2008-01-11 22:49 . 2005-12-10 04:16 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-11 22:49 . 2005-12-10 03:06 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-11 22:49 . 2008-01-18 10:49 43,573 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-11 22:49 . 2005-12-10 03:06 16,356 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-11 17:32 . 2008-01-11 17:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-11 17:19 . 2008-01-11 17:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-11 17:07 . 2008-01-11 17:07 944 --a------ C:\WINDOWS\SOFPLAT.ini
2008-01-11 17:05 . 2008-01-11 17:05 <DIR> d-------- C:\Program Files\Xplosiv
2008-01-11 17:05 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-11 16:12 . 2008-01-15 10:39 1,279 --a------ C:\WINDOWS\mozver.dat
2008-01-11 14:50 . 2008-01-11 14:52 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 14:50 . 2008-01-11 14:50 <DIR> d-------- C:\Program Files\Ahead
2008-01-11 14:50 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-01-11 14:50 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-01-11 14:50 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-01-11 14:50 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-11 14:50 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-11 14:50 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-01-11 14:44 . 2008-01-11 14:44 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Gadu-Gadu
2008-01-11 08:55 . 2008-01-12 10:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-11 08:55 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-10 23:22 . 2008-01-10 23:42 <DIR> d-------- C:\Documents and Settings\graffitilove\WapSter
2008-01-10 23:01 . 2008-01-11 14:45 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-01-10 23:01 . 2008-01-12 09:51 <DIR> d-------- C:\Documents and Settings\graffitilove\Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:30 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-01-10 21:07 --------- d-----w C:\Program Files\Alwil Software
2008-01-10 20:46 --------- d-----w C:\Program Files\SiSLan
2008-01-10 20:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 20:32 --------- d-----w C:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
2008-01-14 21:51 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2462D2D8-B36E-44AB-84BF-C5A9383D2429}

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2008-01-14 21:51 1502232]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"Nexus Radio"="C:\Program Files\Nexus Radio\Nexus Radio.exe" [2007-12-23 23:14 2948608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {9BF386C4-F72D-4300-A998-F57337D77EF4} - C:\WINDOWS\agrlmvp.dll [2008-01-16 11:26 229376]
"bmlvqkn"= {DE681E03-745C-4065-9F6A-6F9DC422C1CE} - C:\WINDOWS\bmlvqkn.dll [ ]

S3 IrUSB;ArkMicro USB Infrared Miniport Adapter;C:\WINDOWS\system32\DRIVERS\IrUSB.sys [2006-06-16 11:53]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 12:33:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 12:34:23
ComboFix-quarantined-files.txt 2008-01-18 11:34:08
.
2008-01-13 14:45:04 --- E O F ---

#2 filutka78

filutka78

    Entuzjasta

  • Forumowicze
  • PipPipPipPipPipPipPip
  • 4874 Postów:

Napisany 18 styczeń 2008 - 13:00

Wklej do Notatnika:
File::
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\fxtqdrl.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"=-
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku -->Dodaj obrazek
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C: \Qoobox.

Daj ten log, który powstanie w trakcie usuwania.

---------------------------------------------
F.

#3 graffitilove

graffitilove

    Adept

  • Forumowicze
  • Pip
  • 23 Postów:
  • Płeć:Mężczyzna
  • Lokalizacja:Warszawa, Polska

Napisany 18 styczeń 2008 - 15:08

ComboFix 08-01-18.4 - graffitilove 2008-01-18 14:54:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.396 [GMT 1:00]
Running from: C:\Documents and Settings\graffitilove\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\graffitilove\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\fxtqdrl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\fxtqdrl.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 12:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 22:16 . 2008-01-16 22:16 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Lavasoft
2008-01-16 19:33 . 2008-01-16 19:33 83 --a------ C:\WINDOWS\wa.INI
2008-01-16 14:36 . 2008-01-16 14:36 <DIR> d-------- C:\Program Files\ESKK
2008-01-15 21:13 . 2008-01-15 21:13 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-15 21:13 . 2008-01-15 21:13 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-15 18:26 . 2008-01-16 16:02 <DIR> d-------- C:\Program Files\Warzone 2100
2008-01-15 18:07 . 2008-01-15 18:23 <DIR> d-------- C:\Program Files\Tremulous
2008-01-15 10:39 . 2008-01-15 10:39 <DIR> d-------- C:\WINDOWS\Sun
2008-01-15 10:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 10:38 . 2008-01-15 10:39 <DIR> d-------- C:\Program Files\Java
2008-01-15 10:36 . 2008-01-15 10:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-14 17:25 . 2008-01-14 17:25 <DIR> d-------- C:\Documents and Settings\graffitilove\AbiSuite
2008-01-14 17:24 . 2008-01-14 17:24 <DIR> d-------- C:\Program Files\AbiSuite2
2008-01-14 14:18 . 2008-01-14 14:18 <DIR> d-------- C:\WINDOWS\system32\Nexus Radio
2008-01-14 14:18 . 2008-01-18 14:53 <DIR> d-------- C:\Program Files\Nexus Radio
2008-01-14 13:57 . 2008-01-14 21:51 <DIR> d-------- C:\Program Files\Nexus_Radio
2008-01-14 13:57 . 2008-01-16 21:56 <DIR> d-------- C:\My Recorded Files
2008-01-13 22:00 . 2004-08-04 00:44 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-13 22:00 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-13 22:00 . 2004-08-04 00:44 27,648 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-13 22:00 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-13 22:00 . 2004-08-04 00:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-13 21:58 . 2008-01-13 21:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 21:58 . 2008-01-13 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-01-13 21:58 . 2006-06-09 10:46 102,400 --a------ C:\WINDOWS\removeARKIRDA.exe
2008-01-13 21:58 . 2004-08-09 05:04 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-13 21:58 . 2006-06-16 11:53 25,088 --a------ C:\WINDOWS\system32\drivers\IrUSB.sys
2008-01-13 21:47 . 2008-01-13 21:48 <DIR> d-------- C:\Program Files\BearShare
2008-01-13 21:47 . 2008-01-17 21:14 <DIR> d-------- C:\My Downloads
2008-01-13 18:32 . 2008-01-13 18:37 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-12 22:54 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-12 15:01 . 2008-01-12 15:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-12 15:01 . 2008-01-12 15:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-12 13:51 . 2008-01-12 14:02 <DIR> d-------- C:\Program Files\Winamp
2008-01-12 13:51 . 2008-01-13 11:38 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Winamp
2008-01-11 22:49 . 2008-01-13 21:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-11 22:49 . 2008-01-11 22:49 <DIR> d-------- C:\NVIDIA
2008-01-11 22:49 . 2005-12-10 04:16 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-11 22:49 . 2005-12-10 03:06 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-11 22:49 . 2008-01-18 13:21 43,573 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-11 22:49 . 2005-12-10 03:06 16,356 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-11 17:32 . 2008-01-11 17:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-11 17:19 . 2008-01-11 17:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-11 17:07 . 2008-01-11 17:07 944 --a------ C:\WINDOWS\SOFPLAT.ini
2008-01-11 17:05 . 2008-01-11 17:05 <DIR> d-------- C:\Program Files\Xplosiv
2008-01-11 17:05 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-11 16:12 . 2008-01-15 10:39 1,279 --a------ C:\WINDOWS\mozver.dat
2008-01-11 14:50 . 2008-01-11 14:52 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 14:50 . 2008-01-11 14:50 <DIR> d-------- C:\Program Files\Ahead
2008-01-11 14:50 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-01-11 14:50 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-01-11 14:50 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-01-11 14:50 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-11 14:50 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-11 14:50 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-01-11 14:44 . 2008-01-11 14:44 <DIR> d-------- C:\Documents and Settings\graffitilove\Dane aplikacji\Gadu-Gadu
2008-01-11 08:55 . 2008-01-12 10:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-11 08:55 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-10 23:22 . 2008-01-10 23:42 <DIR> d-------- C:\Documents and Settings\graffitilove\WapSter
2008-01-10 23:01 . 2008-01-11 14:45 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-01-10 23:01 . 2008-01-12 09:51 <DIR> d-------- C:\Documents and Settings\graffitilove\Gadu-Gadu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:30 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-01-10 21:07 --------- d-----w C:\Program Files\Alwil Software
2008-01-10 20:46 --------- d-----w C:\Program Files\SiSLan
2008-01-10 20:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 20:32 --------- d-----w C:\Program Files\Usługi online
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_12.33.55,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 11:32:28 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 13:54:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 11:32:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 11:32:28 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 13:54:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 11:32:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 11:32:28 1,867,776 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 13:54:44 1,867,776 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 11:32:28 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 13:54:44 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 12:21:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
2008-01-14 21:51 1502232 --a------ C:\Program Files\Nexus_Radio\tbNex1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2462D2D8-B36E-44AB-84BF-C5A9383D2429}

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNex1.dll [2008-01-14 21:51 1502232]

[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"Nexus Radio"="C:\Program Files\Nexus Radio\Nexus Radio.exe" [2007-12-23 23:14 2948608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {DE681E03-745C-4065-9F6A-6F9DC422C1CE} - C:\WINDOWS\bmlvqkn.dll [ ]

S3 IrUSB;ArkMicro USB Infrared Miniport Adapter;C:\WINDOWS\system32\DRIVERS\IrUSB.sys [2006-06-16 11:53]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 14:56:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 14:56:40
ComboFix-quarantined-files.txt 2008-01-18 13:56:26
ComboFix2.txt 2008-01-18 11:34:24
.
2008-01-13 14:45:04 --- E O F ---
Witam Pania ponownie:) to jest ten log

#4 filutka78

filutka78

    Entuzjasta

  • Forumowicze
  • PipPipPipPipPipPipPip
  • 4874 Postów:

Napisany 18 styczeń 2008 - 15:29

Prawie się udało...

>>Start >>> Uruchom >>> wybierz (lub wpisz) REGEDIT>>OK>
>rozwiń ten klucz,klikając na (+):
>(+)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
>zaznacz: ShellServiceObjectDelayLoad>
>w okienku po prawej zaznacz: "bmlvqkn">>prawoklik>>usuń
>zwiń ten klucz, klikając na (-).



To wszystko z mojej strony.

---------------------------------------------
F.

#5 graffitilove

graffitilove

    Adept

  • Forumowicze
  • Pip
  • 23 Postów:
  • Płeć:Mężczyzna
  • Lokalizacja:Warszawa, Polska

Napisany 18 styczeń 2008 - 17:06

Dziekuje serdecznie za pomoc:)




0 Użytkowników czyta ten temat

0 użytkowników, 0 gości, 0 anonimowych użytkowników