simlanbg Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 имам вирус на компютъра от няколко дни... постоянно ми изписва грешка "Windows - No Disk. THere is no disk in the drive. Please inter disk into drive." Преиснталирах пц-то и форматирах този дял дет е уин-а другите не съм ги... вируса е тук все още... не ми позволява да влеза под сейф мод, да включвам антивирусни прогорами (НОД, Касперски и т.н.) даже и таск мениджъра не мога да пусна... Преименувах всички букви на устройствата понеже четох, че така би трябвало да се махне грешката... Ако форматирам целия хард ще се махне ли гадината ? Ако някой може нека да ми обясни какво да правя с HiJackThis... ЩЕ СЪМ МНОГО БЛАГОДАРЕН АКО МИ ПОМОГНЕТЕ! ПРОСТО ОТКАЧАМ ЗАРАДИ ТАЗИ ГАД !!! Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 Обясни кога се появява това съобщение, с каква операционна система си, какво се появява, когато се опиташ да стартираш Task Manager и как така не ти позволява да стартираш в Safe Mode? Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, и:1) стартирай програмата;2) кликни Do a system scan and save a logfile, което ще създаде текстов файл в същата папка;3) копирай съдържанието му тук или прикачи файла към коментара. Изтегли Autoruns и:1) стартирай програмата;2) избери Options -> Hide Microsoft and Windows Entries;3) меню File -> Refresh;4) меню File -> Export...;5) запази файла някъде и след това го прикачи към темата или му копирай съдържанието. Цитирай Link to comment Сподели другаде More sharing options...
simlanbg Публикувано Февруари 10, 2009 Author Report Share Публикувано Февруари 10, 2009 С "XP" съм а за сейф мод-а - тъкмо почне да зарежда и се рестартира пц-то, а грешката я пуска още с включването...Лога Logfile of HijackThis v1.99.1Scan saved at 9:32:57 PM, on 2/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\Datecs\Flex2K.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\kor\Desktop\alabala.exe O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Global Startup: FlexType 2K.lnk = ?O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{E848F774-D166-4FB1-9E6B-BE1A0175596C}: NameServer = 88.80.116.1,88.80.96.6O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe От AutorunsHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe+ AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe+ Cmaudio CmiCnfg DLL C-Media Corporation c:\windows\system\cmicnfg.cpl+ High Definition Audio Property Page Shortcut High Definition Audio Property Page Shortcut v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\hdashcut.exe+ TrojanScanner Trojan Scanner Simply Super Software c:\program files\trojan remover\trjscan.exe+ WinampAgent c:\program files\winamp\winampa.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup + FlexType 2K.lnk c:\windows\datecs\flex2k.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + Skype Skype Skype Technologies S.A. c:\program files\skype\phone\skype.exeHKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ Trojan Remover Shell Extension Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ Web traffic protection statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\scieplgn.dll+ WinRAR shell extension c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + IEVkbdBHO Class IE Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dllHKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exeHKLM\System\CurrentControlSet\Services + asc3360pr File not found: C:\WINDOWS\system32\drivers\lhmnjn.sys+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ cmudax C-Media Audio WDM Driver C-Media Inc. c:\windows\system32\drivers\cmudax.sys+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5b.sys+ HdAudAddService High Definition Audio Function Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys+ klbg Kaspersky Lab Boot Guard Kaspersky Lab c:\windows\system32\drivers\klbg.sys+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ NTSIM Network Device Monitor Utility VIA Networking Technologies, Inc. c:\windows\system32\ntsim.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll Mozilla 2 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd.dll+ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll Mozilla 3 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd3.dllHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll Цитирай Link to comment Сподели другаде More sharing options...
Maniac Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 Отвори HiJackThis, избери Do a system scan only и сложи отметки на следните редове: O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) И накрая избери Fix checked. След това: 1. Изтеглете ComboFix2. Запазете го на десктопа3. Влезте в Start -> Run... и въведете следната команда последвана от OK: "%userprofile%\desktop\combofix.exe" /killall 4. След, като програмата приключи ще Ви се отвори Notepad, копирайте съдържанието му и го поставете в следващия си пост тук. Цитирай Link to comment Сподели другаде More sharing options...
simlanbg Публикувано Февруари 10, 2009 Author Report Share Публикувано Февруари 10, 2009 ComboFix 09-02-10.01 - kor 2009-02-10 21:46:05.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1023.718 [GMT 2:00]Running from: c:\documents and settings\kor\desktop\combofix.exeCommand switches used :: /killallAV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). c:\windows\system32\kbdbds.Dllc:\windows\system32\KBDBPH.dLLc:\windows\system32\kbdbphz.dLL .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_ASC3360PR-------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 ))))))))))))))))))))))))))))))). 2009-02-10 19:59 . 2009-02-10 19:59 96,976 --a------ c:\windows\system32\drivers\klin.dat2009-02-10 19:59 . 2009-02-10 19:59 87,855 --a------ c:\windows\system32\drivers\klick.dat2009-02-10 19:58 . 2009-02-10 19:58 <DIR> d-------- c:\program files\Kaspersky Lab2009-02-10 19:58 . 2009-02-10 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab2009-02-10 19:52 . 2009-02-10 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files2009-02-10 10:49 . 2009-02-10 10:49 <DIR> dr------- c:\program files\Skype2009-02-10 10:49 . 2009-02-10 10:49 <DIR> d-------- c:\program files\Common Files\Skype2009-02-10 10:46 . 2009-02-10 10:46 <DIR> d-------- c:\windows\Datecs2009-02-10 10:46 . 1997-04-04 02:00 66,594 --a------ c:\windows\system32\c_856.nls2009-02-10 10:46 . 2000-12-13 00:55 28,672 --a------ c:\windows\system32\newdll.dll2009-02-10 10:46 . 1999-11-18 10:04 7,440 --a------ c:\windows\system32\KBDDLL.DLL2009-02-10 10:46 . 1999-11-11 18:47 6,928 --a------ c:\windows\system32\kbdhebx.Dll2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinori.Dll2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinasa.Dll2009-02-10 10:46 . 1999-12-07 14:00 6,416 --a------ c:\windows\system32\kbdbp.Dll2009-02-10 10:46 . 1997-01-06 11:35 5,120 --a------ c:\windows\system32\vga856.fon2009-02-10 10:46 . 2000-06-08 17:00 398 --a------ c:\windows\system32\kbdus.kbd2009-02-09 12:08 . 2009-02-09 12:08 <DIR> d-------- c:\program files\SoftwareClub.ws2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d-------- c:\program files\Webteh2009-02-08 22:01 . 2009-02-08 22:01 <DIR> d--h----- c:\windows\PIF2009-02-08 21:59 . 2009-02-08 21:59 <DIR> d-------- c:\program files\101 MP3 Splitter and Joiner2009-02-08 21:22 . 2009-02-08 21:22 <DIR> d-------- c:\program files\BitComet2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\program files\TVUPlayer2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\kor\LocalLow2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks2009-02-08 19:08 . 2009-02-06 01:54 2,929,528 --a------ c:\windows\system32\rmt.trb2009-02-08 19:08 . 2009-02-03 18:31 1,299,320 --a------ c:\windows\system32\rmvtrjan.trb2009-02-08 19:08 . 2009-02-10 19:24 1,237,896 --a------ c:\windows\system32\trjscan.trb2009-02-08 19:08 . 2009-02-10 19:24 898,440 --a------ c:\windows\system32\trupd.trb2009-02-08 19:08 . 2005-04-28 19:07 3,351 --a------ c:\windows\undo.reg2009-02-08 19:03 . 2009-02-10 20:14 <DIR> d-------- c:\program files\Trojan Remover2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\kor\Application Data\Simply Super Software2009-02-08 19:03 . 2009-02-10 20:15 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software2009-02-08 19:03 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll2009-02-08 19:03 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll2009-02-08 19:03 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll2009-02-08 19:03 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll2009-02-08 19:03 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll2009-02-08 18:55 . 2009-02-08 18:55 <DIR> d-------- c:\documents and settings\kor\Application Data\Media Player Classic2009-02-08 16:59 . 2009-02-10 18:59 <DIR> d-------- c:\documents and settings\kor\Application Data\skypePM2009-02-08 16:58 . 2009-02-10 21:23 <DIR> d-------- c:\documents and settings\kor\Application Data\Skype .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-10 18:00 --------- d-----w c:\program files\ESET2009-02-10 08:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype2009-02-08 13:53 --------- d-----w c:\program files\Winamp2009-02-08 13:41 --------- d--h--w c:\program files\InstallShield Installation Information2009-02-08 13:41 --------- d-----w c:\program files\ATI Technologies2009-02-08 13:40 --------- d-----w c:\program files\Common Files\InstallShield2009-02-08 13:31 --------- d-----w c:\program files\microsoft frontpage2009-02-08 13:28 --------- d-----w c:\program files\Windows Media Connect 22008-11-11 18:00 218,376 ----a-w c:\windows\system32\klogon.dll. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 421888]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-20 33792]"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-10 1237896]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-16 c:\windows\system32\HDAShCut.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-02-10 229376] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"= 1 (0x1)"DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="d:\\instal\\WinRAR 3.51 Final\\wrar351.exe"="d:\\instal\\WinAmp 5.11 Surround Final\\winamp511_pro.exe"="c:\\WINDOWS\\system32\\Ati2evxx.exe"="c:\\WINDOWS\\system32\\HDAShCut.exe"="d:\\half-life 1.1.1.0 + counter-strike 1.5\\Half-Life 1.1.1.0 + Counter-Strike 1.5\\hl.exe"="c:\\Program Files\\Winamp\\winamp.exe"="c:\\WINDOWS\\system32\\CF27940.exe"="c:\\WINDOWS\\Datecs\\Flex2K.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"14910:TCP"= 14910:TCP:BitComet 14910 TCP"14910:UDP"= 14910:UDP:BitComet 14910 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-02-08 1287296]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200094f8-f5f3-11dd-8f94-000c6e1edb5c}]\sheLL\AuTopLAY\commaND - I:\ekxex.cmd\sheLL\AutoRun\command - I:\ekxex.cmd\sheLL\explORe\commaND - I:\ekxex.cmd\sheLL\OpeN\cOMmAnD - I:\ekxex.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e98a5cc2-f5f3-11dd-8f8f-a998e7adb847}]\sHell\AuToPLay\commaNd - N:\stljl.pif\sHell\AutoRun\command - N:\stljl.pif\sHell\exPlore\Command - N:\stljl.pif\sHell\OpeN\coMmaND - N:\stljl.pif.- - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl .------- Supplementary Scan -------.TCP: {E848F774-D166-4FB1-9E6B-BE1A0175596C} = 88.80.116.1,88.80.96.6FF - ProfilePath - c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\FF - prefs.js: browser.startup.homepage - google.bgFF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dllFF - plugin: c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-10 21:49:26Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004)c:\windows\system32\Ati2evxx.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exec:\windows\system32\rundll32.exec:\windows\system32\netsh.exec:\windows\system32\wscntfy.exec:\program files\Skype\Plugin Manager\skypePM.exe.**************************************************************************.Completion time: 2009-02-10 21:50:39 - machine was rebootedComboFix-quarantined-files.txt 2009-02-10 19:50:36 Pre-Run: 115,922,247,680 bytes freePost-Run: 115,854,352,384 bytes free 168 Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.А и следните обекти са безвредни:O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) SimLanBG, сигурен ли си, че логовете са пълни? Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете. Цитирай Link to comment Сподели другаде More sharing options...
simlanbg Публикувано Февруари 10, 2009 Author Report Share Публикувано Февруари 10, 2009 Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.А и следните обекти са безвредни: SimLanBG, сигурен ли си, че логовете са пълни? Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете.Явно нищо не помага... кажете ми поне ще се махне ли вируса ако направя пълен формат на хард диска ? Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 Ако нямаш намерение да съдействаш, можеш да преминаваш към формата, който толкова държиш да направиш. Цитирай Link to comment Сподели другаде More sharing options...
simlanbg Публикувано Февруари 10, 2009 Author Report Share Публикувано Февруари 10, 2009 Ако нямаш намерение да съдействаш, можеш да преминаваш към формата, който толкова държиш да направиш.не че нямам намерение да съдействам просто опитах нещата които предложихте но няма ефект... Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 10, 2009 Report Share Публикувано Февруари 10, 2009 А логове от SUPERAntiSpyware и Malwarebytes' Anti-Malware няма ли да дадеш? Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.