Jump to content

Доста коварен вирус... "windows - no disk"...


Препоръчан пост

имам вирус на компютъра от няколко дни... постоянно ми изписва грешка "Windows - No Disk. THere is no disk in the drive. Please inter disk into drive." Преиснталирах пц-то и форматирах този дял дет е уин-а другите не съм ги... вируса е тук все още... не ми позволява да влеза под сейф мод, да включвам антивирусни прогорами (НОД, Касперски и т.н.) даже и таск мениджъра не мога да пусна... Преименувах всички букви на устройствата понеже четох, че така би трябвало да се махне грешката... Ако форматирам целия хард ще се махне ли гадината ?

Ако някой може нека да ми обясни какво да правя с HiJackThis... ЩЕ СЪМ МНОГО БЛАГОДАРЕН АКО МИ ПОМОГНЕТЕ! ПРОСТО ОТКАЧАМ ЗАРАДИ ТАЗИ ГАД !!!

Link to comment
Сподели другаде

Обясни кога се появява това съобщение, с каква операционна система си, какво се появява, когато се опиташ да стартираш Task Manager и как така не ти позволява да стартираш в Safe Mode?

 

Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, и:

1) стартирай програмата;

2) кликни Do a system scan and save a logfile, което ще създаде текстов файл в същата папка;

3) копирай съдържанието му тук или прикачи файла към коментара.

 

Изтегли Autoruns и:

1) стартирай програмата;

2) избери Options -> Hide Microsoft and Windows Entries;

3) меню File -> Refresh;

4) меню File -> Export...;

5) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

Link to comment
Сподели другаде

С "XP" съм а за сейф мод-а - тъкмо почне да зарежда и се рестартира пц-то, а грешката я пуска още с включването...

Лога

Logfile of HijackThis v1.99.1

Scan saved at 9:32:57 PM, on 2/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\kor\Desktop\alabala.exe

 

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: FlexType 2K.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{E848F774-D166-4FB1-9E6B-BE1A0175596C}: NameServer = 88.80.116.1,88.80.96.6

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

 

От Autoruns

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe

+ Cmaudio CmiCnfg DLL C-Media Corporation c:\windows\system\cmicnfg.cpl

+ High Definition Audio Property Page Shortcut High Definition Audio Property Page Shortcut v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\hdashcut.exe

+ TrojanScanner Trojan Scanner Simply Super Software c:\program files\trojan remover\trjscan.exe

+ WinampAgent c:\program files\winamp\winampa.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ FlexType 2K.lnk c:\windows\datecs\flex2k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Skype Skype Skype Technologies S.A. c:\program files\skype\phone\skype.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll

+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll

+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ Trojan Remover Shell Extension Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll

+ Web traffic protection statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\scieplgn.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IEVkbdBHO Class IE Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe

HKLM\System\CurrentControlSet\Services

+ asc3360pr File not found: C:\WINDOWS\system32\drivers\lhmnjn.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ cmudax C-Media Audio WDM Driver C-Media Inc. c:\windows\system32\drivers\cmudax.sys

+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5b.sys

+ HdAudAddService High Definition Audio Function Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys

+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys

+ klbg Kaspersky Lab Boot Guard Kaspersky Lab c:\windows\system32\drivers\klbg.sys

+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ NTSIM Network Device Monitor Utility VIA Networking Technologies, Inc. c:\windows\system32\ntsim.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll Mozilla 2 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd.dll

+ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll Mozilla 3 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd3.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll

+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll

Link to comment
Сподели другаде

Отвори HiJackThis, избери Do a system scan only и сложи отметки на следните редове:

 

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

И накрая избери Fix checked.

 

След това:

 

1. Изтеглете ComboFix

2. Запазете го на десктопа

3. Влезте в Start -> Run... и въведете следната команда последвана от OK:

 

"%userprofile%\desktop\combofix.exe" /killall

 

4. След, като програмата приключи ще Ви се отвори Notepad, копирайте съдържанието му и го поставете в следващия си пост тук.

Link to comment
Сподели другаде

ComboFix 09-02-10.01 - kor 2009-02-10 21:46:05.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1023.718 [GMT 2:00]

Running from: c:\documents and settings\kor\desktop\combofix.exe

Command switches used :: /killall

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\kbdbds.Dll

c:\windows\system32\KBDBPH.dLL

c:\windows\system32\kbdbphz.dLL

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

-------\Service_asc3360pr

 

 

((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))

.

 

2009-02-10 19:59 . 2009-02-10 19:59 96,976 --a------ c:\windows\system32\drivers\klin.dat

2009-02-10 19:59 . 2009-02-10 19:59 87,855 --a------ c:\windows\system32\drivers\klick.dat

2009-02-10 19:58 . 2009-02-10 19:58 <DIR> d-------- c:\program files\Kaspersky Lab

2009-02-10 19:58 . 2009-02-10 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-02-10 19:52 . 2009-02-10 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-10 10:49 . 2009-02-10 10:49 <DIR> dr------- c:\program files\Skype

2009-02-10 10:49 . 2009-02-10 10:49 <DIR> d-------- c:\program files\Common Files\Skype

2009-02-10 10:46 . 2009-02-10 10:46 <DIR> d-------- c:\windows\Datecs

2009-02-10 10:46 . 1997-04-04 02:00 66,594 --a------ c:\windows\system32\c_856.nls

2009-02-10 10:46 . 2000-12-13 00:55 28,672 --a------ c:\windows\system32\newdll.dll

2009-02-10 10:46 . 1999-11-18 10:04 7,440 --a------ c:\windows\system32\KBDDLL.DLL

2009-02-10 10:46 . 1999-11-11 18:47 6,928 --a------ c:\windows\system32\kbdhebx.Dll

2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinori.Dll

2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinasa.Dll

2009-02-10 10:46 . 1999-12-07 14:00 6,416 --a------ c:\windows\system32\kbdbp.Dll

2009-02-10 10:46 . 1997-01-06 11:35 5,120 --a------ c:\windows\system32\vga856.fon

2009-02-10 10:46 . 2000-06-08 17:00 398 --a------ c:\windows\system32\kbdus.kbd

2009-02-09 12:08 . 2009-02-09 12:08 <DIR> d-------- c:\program files\SoftwareClub.ws

2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d-------- c:\program files\Webteh

2009-02-08 22:01 . 2009-02-08 22:01 <DIR> d--h----- c:\windows\PIF

2009-02-08 21:59 . 2009-02-08 21:59 <DIR> d-------- c:\program files\101 MP3 Splitter and Joiner

2009-02-08 21:22 . 2009-02-08 21:22 <DIR> d-------- c:\program files\BitComet

2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\program files\TVUPlayer

2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\kor\LocalLow

2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks

2009-02-08 19:08 . 2009-02-06 01:54 2,929,528 --a------ c:\windows\system32\rmt.trb

2009-02-08 19:08 . 2009-02-03 18:31 1,299,320 --a------ c:\windows\system32\rmvtrjan.trb

2009-02-08 19:08 . 2009-02-10 19:24 1,237,896 --a------ c:\windows\system32\trjscan.trb

2009-02-08 19:08 . 2009-02-10 19:24 898,440 --a------ c:\windows\system32\trupd.trb

2009-02-08 19:08 . 2005-04-28 19:07 3,351 --a------ c:\windows\undo.reg

2009-02-08 19:03 . 2009-02-10 20:14 <DIR> d-------- c:\program files\Trojan Remover

2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\kor\Application Data\Simply Super Software

2009-02-08 19:03 . 2009-02-10 20:15 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software

2009-02-08 19:03 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll

2009-02-08 19:03 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll

2009-02-08 19:03 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll

2009-02-08 19:03 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll

2009-02-08 19:03 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll

2009-02-08 18:55 . 2009-02-08 18:55 <DIR> d-------- c:\documents and settings\kor\Application Data\Media Player Classic

2009-02-08 16:59 . 2009-02-10 18:59 <DIR> d-------- c:\documents and settings\kor\Application Data\skypePM

2009-02-08 16:58 . 2009-02-10 21:23 <DIR> d-------- c:\documents and settings\kor\Application Data\Skype

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-10 18:00 --------- d-----w c:\program files\ESET

2009-02-10 08:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-08 13:53 --------- d-----w c:\program files\Winamp

2009-02-08 13:41 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-08 13:41 --------- d-----w c:\program files\ATI Technologies

2009-02-08 13:40 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-08 13:31 --------- d-----w c:\program files\microsoft frontpage

2009-02-08 13:28 --------- d-----w c:\program files\Windows Media Connect 2

2008-11-11 18:00 218,376 ----a-w c:\windows\system32\klogon.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 421888]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-20 33792]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-10 1237896]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-16 c:\windows\system32\HDAShCut.exe]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-02-10 229376]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\instal\\WinRAR 3.51 Final\\wrar351.exe"=

"d:\\instal\\WinAmp 5.11 Surround Final\\winamp511_pro.exe"=

"c:\\WINDOWS\\system32\\Ati2evxx.exe"=

"c:\\WINDOWS\\system32\\HDAShCut.exe"=

"d:\\half-life 1.1.1.0 + counter-strike 1.5\\Half-Life 1.1.1.0 + Counter-Strike 1.5\\hl.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\WINDOWS\\system32\\CF27940.exe"=

"c:\\WINDOWS\\Datecs\\Flex2K.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14910:TCP"= 14910:TCP:BitComet 14910 TCP

"14910:UDP"= 14910:UDP:BitComet 14910 UDP

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-02-08 1287296]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - ASC3360PR

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200094f8-f5f3-11dd-8f94-000c6e1edb5c}]

\sheLL\AuTopLAY\commaND - I:\ekxex.cmd

\sheLL\AutoRun\command - I:\ekxex.cmd

\sheLL\explORe\commaND - I:\ekxex.cmd

\sheLL\OpeN\cOMmAnD - I:\ekxex.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e98a5cc2-f5f3-11dd-8f8f-a998e7adb847}]

\sHell\AuToPLay\commaNd - N:\stljl.pif

\sHell\AutoRun\command - N:\stljl.pif

\sHell\exPlore\Command - N:\stljl.pif

\sHell\OpeN\coMmaND - N:\stljl.pif

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

 

 

.

------- Supplementary Scan -------

.

TCP: {E848F774-D166-4FB1-9E6B-BE1A0175596C} = 88.80.116.1,88.80.96.6

FF - ProfilePath - c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\

FF - prefs.js: browser.startup.homepage - google.bg

FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-10 21:49:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1004)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\netsh.exe

c:\windows\system32\wscntfy.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2009-02-10 21:50:39 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-10 19:50:36

 

Pre-Run: 115,922,247,680 bytes free

Post-Run: 115,854,352,384 bytes free

 

168

Link to comment
Сподели другаде

Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.

А и следните обекти са безвредни:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

SimLanBG, сигурен ли си, че логовете са пълни?

 

Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете.

Link to comment
Сподели другаде

Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.

А и следните обекти са безвредни:

 

 

SimLanBG, сигурен ли си, че логовете са пълни?

 

Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете.

Явно нищо не помага... кажете ми поне ще се махне ли вируса ако направя пълен формат на хард диска ?

Link to comment
Сподели другаде

Ако нямаш намерение да съдействаш, можеш да преминаваш към формата, който толкова държиш да направиш.

не че нямам намерение да съдействам просто опитах нещата които предложихте но няма ефект...

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...