Trojan onlinegames 2

[sklozgos]

Siemka juz wczesniej mialem problem z tym wirem, pomogliscie i komp dziala. Problem w tym ze teraz wirus pokazuje sie na drugim kompie i prosze o sprawdzenie logow.

Kod: Zaznacz wszystko

ComboFix 08-09-01.03 - Skalar 2008-09-02 20:56:21.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.678 [GMT 2:00]
Running from: C:\Wiruas\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2008-09-02 20:47 . 2008-09-02 20:47   <DIR>   d--------   C:\Documents and Settings\GoťŠ\Ustawienia lokalne
2008-09-02 20:47 . 2008-09-02 20:47   <DIR>   d--------   C:\Documents and Settings\GoťŠ
2008-09-02 20:41 . 2008-09-02 20:41   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-02 20:39 . 2008-09-02 20:39   <DIR>   d--------   C:\Wiruas
2008-08-26 20:24 . 2008-08-26 20:24   <DIR>   d--------   C:\Program Files\3DNA
2008-08-26 19:50 . 2008-04-14 22:50   219,648   --a------   C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-08-24 18:59 . 2008-08-24 18:59   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-08-24 18:59 . 2008-08-24 18:59   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-08-24 18:58 . 2008-08-24 18:58   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2008-08-15 13:45 . 2008-08-15 13:45   <DIR>   d--------   C:\Program Files\RegCleaner
2008-08-15 13:35 . 2008-09-01 13:00   31   --a------   C:\WINDOWS\TSCTNDBG.INI
2008-08-15 13:30 . 2004-08-03 23:08   48,640   --a------   C:\WINDOWS\system32\drivers\stream.sys
2008-08-15 13:30 . 2004-08-03 23:08   48,640   --a------   C:\WINDOWS\system32\dllcache\stream.sys
2008-08-13 11:54 . 2007-08-21 07:18   683,520   --a------   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 11:54 . 2008-05-01 16:37   331,776   ---------   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 09:12 . 2004-08-04 00:43   97,280   --a------   C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-10 09:11 . 2008-08-10 09:11   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2008-08-10 09:11 . 2008-08-10 09:11   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-08-10 09:11 . 2008-08-10 09:11   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-08-10 09:11 . 2008-08-10 09:11   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-08-10 09:07 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]05697_.tmp
2008-08-10 09:05 . 2007-10-25 17:57   8,483,328   --a------   C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-05 14:37 . 2008-08-05 14:37   90,474   -r-hs----   C:\xvlyb.exe
2008-08-03 19:48 . 2008-08-03 19:48   89,885   -r-hs----   C:\xqf.com
2008-08-03 19:47 . 2008-08-02 11:04   88,881   -r-hs----   C:\e.com

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 16:08   ---------   d-----w   C:\Program Files\easyCALL
2008-07-15 15:03   ---------   d-----w   C:\Program Files\Axis Communications
2008-07-07 20:29   253,952   ------w   C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:46   74,240   ------w   C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42   148,992   ----a-w   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:01   273,024   ----a-w   C:\WINDOWS\system32\dllcache\bthport.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 1410304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 8429568]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-10-28 558080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\win_42.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Scheduler.lnk
backup=C:\WINDOWS\pss\Scheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Skalar^Menu Start^Programy^Autostart^MSWin--2057905908.exe]
path=C:\Documents and Settings\Skalar\Menu Start\Programy\Autostart\MSWin--2057905908.exe
backup=C:\WINDOWS\pss\MSWin--2057905908.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 14:51 212992 C:\Program Files\Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
--a------ 2007-02-06 00:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2007-04-19 23:05 8429568 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-20 00:05 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 17:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
--a------ 2007-03-06 11:18 212992 C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:44 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-20 00:05 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--------- 2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 30728]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-12-09 3026]
R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2000-11-28 4256]
R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2000-04-09 278280]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2000-03-29 15200]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2000-03-29 12632]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\drivers\DLPortIO.sys [1996-09-27 3584]
R2 IOPort;IOPort;C:\WINDOWS\system32\DRIVERS\IOPORT.SYS [2004-05-24 6656]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]
R2 ScanDrv;ScanDrv;C:\WINDOWS\system32\drivers\ScanDrv.sys [1999-04-08 195384]
S1 alcom;ALcom server;C:\WINDOWS\system32\alcom.sys [ ]
S3 dTVdrvNT;dTVdrvNT;C:\WINDOWS\SYSTEM32\dTVdrvNT.sys [ ]
S3 NetTimeSvc;NetTime;C:\Program Files\NetTime\NeTmSvNT.exe [2001-08-12 428032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6013d814-c911-11dc-ba68-001583c06fb8}]
\Shell\AutoRun\command - N:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed717bc6-84ab-11dc-b200-e3b2017e6bf2}]
\Shell\AutoRun\command - N:\tyktjfww.exe
\Shell\explore\Command - N:\tyktjfww.exe
\Shell\open\Command - N:\tyktjfww.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kamery.darlowo.pl/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 20:57:11
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-02 20:57:34
ComboFix-quarantined-files.txt  2008-09-02 18:57:34

Pre-Run: 8,147,959,808 bajtów wolnych
Post-Run: 8,138,752,000 bajtów wolnych

175   --- E O F ---   2008-07-10 08:54:10


Dodano Dzisiaj, 21:09:
to drugi

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:10, on 2008-09-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ldr.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://kamery.darlowo.pl/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_42.dll
O20 - Winlogon Notify: alcomt - alcomt.dll (file missing)
O20 - Winlogon Notify: kerberos4 - win32ueb.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe (file missing)
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: lxdc_device -   - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6358 bytes


Dodano Dzisiaj, 21:11:
wykonalem juz reszte rzeczy o ktorych mowiliscie wczesnije pozostaly tylko logi

[djarta]

1)


Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format


2)

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\xvlyb.exe
C:\xqf.com
C:\e.com
N:\xqf.com
N:\xvlyb.exe
N:\e.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6013d814-c911-11dc-ba68-001583c06fb8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed717bc6-84ab-11dc-b200-e3b2017e6bf2}]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Odrazu mówię, że nie sprawdziłem dokładnie loga (bardzo źle się czuję).



========================
K.

[sklozgos]

to poczekam moze ktos inny to zrobi a to z pendrivem juz zrobilem tylko logi pozostaly. sprawdziles tylko jeden ?? bo dwa wkleilem z combofixa i tego drugiego na h

[wojtas]

zrob co kazał djarta i wróc z logami...