Доста коварен вирус... "windows - no disk"...

simlanbg · Февруари 10, 2009

имам вирус на компютъра от няколко дни... постоянно ми изписва грешка "Windows - No Disk. THere is no disk in the drive. Please inter disk into drive." Преиснталирах пц-то и форматирах този дял дет е уин-а другите не съм ги... вируса е тук все още... не ми позволява да влеза под сейф мод, да включвам антивирусни прогорами (НОД, Касперски и т.н.) даже и таск мениджъра не мога да пусна... Преименувах всички букви на устройствата понеже четох, че така би трябвало да се махне грешката... Ако форматирам целия хард ще се махне ли гадината ?

Ако някой може нека да ми обясни какво да правя с HiJackThis... ЩЕ СЪМ МНОГО БЛАГОДАРЕН АКО МИ ПОМОГНЕТЕ! ПРОСТО ОТКАЧАМ ЗАРАДИ ТАЗИ ГАД !!!

Night_Raven · Февруари 10, 2009

Обясни кога се появява това съобщение, с каква операционна система си, какво се появява, когато се опиташ да стартираш Task Manager и как така не ти позволява да стартираш в Safe Mode?

Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, и:

1) стартирай програмата;

2) кликни Do a system scan and save a logfile, което ще създаде текстов файл в същата папка;

3) копирай съдържанието му тук или прикачи файла към коментара.

Изтегли Autoruns и:

1) стартирай програмата;

2) избери Options -> Hide Microsoft and Windows Entries;

3) меню File -> Refresh;

4) меню File -> Export...;

5) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

simlanbg · Февруари 10, 2009

С "XP" съм а за сейф мод-а - тъкмо почне да зарежда и се рестартира пц-то, а грешката я пуска още с включването...

Лога

Logfile of HijackThis v1.99.1
Scan saved at 9:32:57 PM, on 2/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kor\Desktop\alabala.exe

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: FlexType 2K.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E848F774-D166-4FB1-9E6B-BE1A0175596C}: NameServer = 88.80.116.1,88.80.96.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

От Autoruns

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
+ Cmaudio CmiCnfg DLL C-Media Corporation c:\windows\system\cmicnfg.cpl
+ High Definition Audio Property Page Shortcut High Definition Audio Property Page Shortcut v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\hdashcut.exe
+ TrojanScanner Trojan Scanner Simply Super Software c:\program files\trojan remover\trjscan.exe
+ WinampAgent c:\program files\winamp\winampa.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ FlexType 2K.lnk c:\windows\datecs\flex2k.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ Skype Skype Skype Technologies S.A. c:\program files\skype\phone\skype.exe
HKLM\SOFTWARE\Classes\Protocols\Handler
+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll
+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\shellex.dll
+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ Trojan Remover Shell Extension Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll
+ Web traffic protection statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\scieplgn.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ IEVkbdBHO Class IE Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe
HKLM\System\CurrentControlSet\Services
+ asc3360pr File not found: C:\WINDOWS\system32\drivers\lhmnjn.sys
+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ cmudax C-Media Audio WDM Driver C-Media Inc. c:\windows\system32\drivers\cmudax.sys
+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5b.sys
+ HdAudAddService High Definition Audio Function Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys
+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys
+ klbg Kaspersky Lab Boot Guard Kaspersky Lab c:\windows\system32\drivers\klbg.sys
+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ NTSIM Network Device Monitor Utility VIA Networking Technologies, Inc. c:\windows\system32\ntsim.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll Mozilla 2 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd.dll
+ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll Mozilla 3 Virtual Keyboard Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 2009\mzvkbd3.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll
+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll

Maniac · Февруари 10, 2009

Отвори HiJackThis, избери Do a system scan only и сложи отметки на следните редове:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

И накрая избери Fix checked.

След това:

1. Изтеглете ComboFix
2. Запазете го на десктопа
3. Влезте в Start -> Run... и въведете следната команда последвана от OK:
"%userprofile%\desktop\combofix.exe" /killall
4. След, като програмата приключи ще Ви се отвори Notepad, копирайте съдържанието му и го поставете в следващия си пост тук.

simlanbg · Февруари 10, 2009

ComboFix 09-02-10.01 - kor 2009-02-10 21:46:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1023.718 [GMT 2:00]
Running from: c:\documents and settings\kor\desktop\combofix.exe
Command switches used :: /killall
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbdbds.Dll
c:\windows\system32\KBDBPH.dLL
c:\windows\system32\kbdbphz.dLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 19:59 . 2009-02-10 19:59 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-10 19:59 . 2009-02-10 19:59 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-10 19:58 . 2009-02-10 19:58 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-10 19:58 . 2009-02-10 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-10 19:52 . 2009-02-10 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-10 10:49 . 2009-02-10 10:49 <DIR> dr------- c:\program files\Skype
2009-02-10 10:49 . 2009-02-10 10:49 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-10 10:46 . 2009-02-10 10:46 <DIR> d-------- c:\windows\Datecs
2009-02-10 10:46 . 1997-04-04 02:00 66,594 --a------ c:\windows\system32\c_856.nls
2009-02-10 10:46 . 2000-12-13 00:55 28,672 --a------ c:\windows\system32\newdll.dll
2009-02-10 10:46 . 1999-11-18 10:04 7,440 --a------ c:\windows\system32\KBDDLL.DLL
2009-02-10 10:46 . 1999-11-11 18:47 6,928 --a------ c:\windows\system32\kbdhebx.Dll
2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinori.Dll
2009-02-10 10:46 . 1999-11-11 18:47 6,416 --a------ c:\windows\system32\kbdinasa.Dll
2009-02-10 10:46 . 1999-12-07 14:00 6,416 --a------ c:\windows\system32\kbdbp.Dll
2009-02-10 10:46 . 1997-01-06 11:35 5,120 --a------ c:\windows\system32\vga856.fon
2009-02-10 10:46 . 2000-06-08 17:00 398 --a------ c:\windows\system32\kbdus.kbd
2009-02-09 12:08 . 2009-02-09 12:08 <DIR> d-------- c:\program files\SoftwareClub.ws
2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d-------- c:\program files\Webteh
2009-02-08 22:01 . 2009-02-08 22:01 <DIR> d--h----- c:\windows\PIF
2009-02-08 21:59 . 2009-02-08 21:59 <DIR> d-------- c:\program files\101 MP3 Splitter and Joiner
2009-02-08 21:22 . 2009-02-08 21:22 <DIR> d-------- c:\program files\BitComet
2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\program files\TVUPlayer
2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\kor\LocalLow
2009-02-08 20:56 . 2009-02-08 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-02-08 19:08 . 2009-02-06 01:54 2,929,528 --a------ c:\windows\system32\rmt.trb
2009-02-08 19:08 . 2009-02-03 18:31 1,299,320 --a------ c:\windows\system32\rmvtrjan.trb
2009-02-08 19:08 . 2009-02-10 19:24 1,237,896 --a------ c:\windows\system32\trjscan.trb
2009-02-08 19:08 . 2009-02-10 19:24 898,440 --a------ c:\windows\system32\trupd.trb
2009-02-08 19:08 . 2005-04-28 19:07 3,351 --a------ c:\windows\undo.reg
2009-02-08 19:03 . 2009-02-10 20:14 <DIR> d-------- c:\program files\Trojan Remover
2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\kor\Application Data\Simply Super Software
2009-02-08 19:03 . 2009-02-10 20:15 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 19:03 . 2009-02-08 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-08 19:03 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-08 19:03 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-08 19:03 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-08 19:03 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-08 19:03 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-08 18:55 . 2009-02-08 18:55 <DIR> d-------- c:\documents and settings\kor\Application Data\Media Player Classic
2009-02-08 16:59 . 2009-02-10 18:59 <DIR> d-------- c:\documents and settings\kor\Application Data\skypePM
2009-02-08 16:58 . 2009-02-10 21:23 <DIR> d-------- c:\documents and settings\kor\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:00 --------- d-----w c:\program files\ESET
2009-02-10 08:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-08 13:53 --------- d-----w c:\program files\Winamp
2009-02-08 13:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 13:41 --------- d-----w c:\program files\ATI Technologies
2009-02-08 13:40 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 13:31 --------- d-----w c:\program files\microsoft frontpage
2009-02-08 13:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-11 18:00 218,376 ----a-w c:\windows\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-20 33792]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-10 1237896]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-16 c:\windows\system32\HDAShCut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-02-10 229376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\instal\\WinRAR 3.51 Final\\wrar351.exe"=
"d:\\instal\\WinAmp 5.11 Surround Final\\winamp511_pro.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"d:\\half-life 1.1.1.0 + counter-strike 1.5\\Half-Life 1.1.1.0 + Counter-Strike 1.5\\hl.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\CF27940.exe"=
"c:\\WINDOWS\\Datecs\\Flex2K.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14910:TCP"= 14910:TCP:BitComet 14910 TCP
"14910:UDP"= 14910:UDP:BitComet 14910 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-02-08 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200094f8-f5f3-11dd-8f94-000c6e1edb5c}]
\sheLL\AuTopLAY\commaND - I:\ekxex.cmd
\sheLL\AutoRun\command - I:\ekxex.cmd
\sheLL\explORe\commaND - I:\ekxex.cmd
\sheLL\OpeN\cOMmAnD - I:\ekxex.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e98a5cc2-f5f3-11dd-8f8f-a998e7adb847}]
\sHell\AuToPLay\commaNd - N:\stljl.pif
\sHell\AutoRun\command - N:\stljl.pif
\sHell\exPlore\Command - N:\stljl.pif
\sHell\OpeN\coMmaND - N:\stljl.pif
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
TCP: {E848F774-D166-4FB1-9E6B-BE1A0175596C} = 88.80.116.1,88.80.96.6
FF - ProfilePath - c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\
FF - prefs.js: browser.startup.homepage - google.bg
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\kor\Application Data\Mozilla\Firefox\Profiles\leyfi202.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:49:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\netsh.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-02-10 21:50:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-10 19:50:36

Pre-Run: 115,922,247,680 bytes free
Post-Run: 115,854,352,384 bytes free

168

Night_Raven · Февруари 10, 2009

Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.

А и следните обекти са безвредни:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

SimLanBG, сигурен ли си, че логовете са пълни?

Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете.

simlanbg · Февруари 10, 2009

Maniac, отново бързаш с този ComboFix. Някой ден това ще доведе до създаване на проблеми, вместо решаването им.
А и следните обекти са безвредни:

SimLanBG, сигурен ли си, че логовете са пълни?

Бих ти предложил да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Теглиш, инсталираш, стартираш, обновяваш (ако не са се обновили вече) и пускаш по едно бързо (quick) сканиране. Дай после логове от двете.

Явно нищо не помага... кажете ми поне ще се махне ли вируса ако направя пълен формат на хард диска ?

Night_Raven · Февруари 10, 2009

Ако нямаш намерение да съдействаш, можеш да преминаваш към формата, който толкова държиш да направиш.

simlanbg · Февруари 10, 2009

Ако нямаш намерение да съдействаш, можеш да преминаваш към формата, който толкова държиш да направиш.

не че нямам намерение да съдействам просто опитах нещата които предложихте но няма ефект...

Night_Raven · Февруари 10, 2009

А логове от SUPERAntiSpyware и Malwarebytes' Anti-Malware няма ли да дадеш?

Влез

Доста коварен вирус... "windows - no disk"...

Препоръчан пост

simlanbg

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

simlanbg

Link to comment

Сподели другаде

Maniac

Link to comment

Сподели другаде

simlanbg

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

simlanbg

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

simlanbg

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?