MyCity » Ambulanta -> Arhiva Ambulante » kgv.exe virus

kgv.exe virus

Napisano na dan: 7.4.2010

kgv.exe virus

Sledeća strana

Pagination

Odgovori

mirjanagb Poslao: 07 Apr 2010 14:12 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: e o cemu se radi. skinem neki program (I to ne za sebe!!!) sa krekom, i naravno javi av javi da je virus trojan (i to ne samo kgv nego uz njega jos kgu, kgs ...) i u karantin ga stavi. koje sam logove izgleda obrisala. medjutim ja kad sam otvorila run, msconfig i u start stoji mi ovo kgv.exe (kao nalazi se u temp) iako je temp folder prazan. i ja sam iskljucila da se startuje sa windowsom, medjutim nisam sad 100% sigurna da li je i nestao virus, i zasto on tu jos uvek stoj DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Miki at 12:44:11,92 on 07.04.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1086 [GMT 2:00] AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe svchost.exe C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\OSDCtrl.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\uTorrent\uTorrent.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Opera\opera.exe C:\Programme\Software Informer\softinfo.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Miki\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Bar = google.at uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [uTorrent] "c:\programme\utorrent\uTorrent.exe" uRun: [fsm] uRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run mRun: [LaunchAp] c:\programme\launch manager\LaunchAp.exe mRun: [HotkeyApp] c:\programme\launch manager\HotkeyApp.exe mRun: [LMgrVolOSD] c:\programme\launch manager\OSD.exe mRun: [LMgrOSD] c:\programme\launch manager\OSDCtrl.exe mRun: [Wbutton] "c:\programme\launch manager\Wbutton.exe" mRun: [CtrlVol] c:\programme\launch manager\CtrlVol.exe mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [egui] "c:\programme\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262480044031 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262521954828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360] R2 ekrn;ESET Service;c:\programme\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840] R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2010-3-13 303952] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-13 20824] S1 mailKmd;mailKmd; [x] S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-3 1691480] S3 flash;flash;c:\windows\system32\drivers\flash.sys [2010-1-2 8064] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2010-1-3 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2010-1-3 13440] =============== Created Last 30 ================ 2010-04-07 10:00:06 699904 ----a-w- c:\windows\isRS-000.tmp 2010-03-31 21:52:15 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-21 13:32:30 162816 ----a-w- c:\windows\system32\fmod.dll 2010-03-19 21:19:34 0 d-----w- c:\programme\Microsoft ActiveSync 2010-03-19 21:18:52 0 d-----w- c:\windows\Downloaded Installations 2010-03-19 13:09:38 0 d-----w- c:\programme\VideoLAN 2010-03-14 21:15:21 0 d--h--w- c:\windows\PIF 2010-03-14 16:29:35 0 d-----w- c:\programme\MagicDVDRipper 2010-03-14 13:50:27 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-03-14 13:50:19 0 d-----w- c:\programme\MagicDisc 2010-03-14 13:46:40 0 d-----w- c:\programme\MagicISO 2010-03-14 07:16:37 0 d-----w- c:\windows\SxsCaPendDel 2010-03-13 19:01:51 0 d-----w- c:\dokume~1\alluse~1\anwend~1\WEBREG 2010-03-13 18:58:34 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-03-13 18:58:26 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2010-03-13 18:57:46 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2010-03-13 18:57:45 452408 ----a-r- c:\windows\system32\hpzids01.dll 2010-03-13 18:57:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-03-13 18:52:12 0 d-----w- c:\programme\Yahoo! 2010-03-13 18:45:11 0 d-----w- c:\programme\gemeinsame dateien\Hewlett-Packard 2010-03-13 18:43:17 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-03-13 18:43:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-03-13 18:43:06 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-03-13 18:42:21 0 d-----w- c:\programme\HP 2010-03-13 10:46:11 0 d-----w- c:\programme\Foxit Software 2010-03-13 08:50:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-13 08:50:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 08:49:58 0 d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-03-13 07:42:26 0 d-----w- c:\programme\FastStone Image Viewer 2010-03-12 23:46:34 0 d-----w- c:\dokume~1\miki\anwend~1\FastStone 2010-03-12 23:45:55 0 d-----w- c:\programme\FastStone Capture 2010-03-12 21:59:11 0 d-----w- c:\programme\Xilisoft 2010-03-11 13:15:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe ==================== Find3M ==================== 2010-03-30 16:59:39 84728 ----a-w- c:\windows\system32\perfc007.dat 2010-03-30 16:59:39 459390 ----a-w- c:\windows\system32\perfh007.dat 2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-28 08:56:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-02-28 08:56:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-25 06:15:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-08 17:50:26 90112 -c--a-w- c:\windows\DUMP4d06.tmp 2010-02-08 17:49:43 90112 -c--a-w- c:\windows\DUMP514c.tmp ============= FINISH: 12:44:55,20 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 07 Apr 2010 14:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

mirjanagb Poslao: 07 Apr 2010 15:23 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 07 Apr 2010 15:11 evo cisto jos da kazem: kad je combofix zavrsio tj kad je krenuo da restartuje kompjuter pojavio mi se prozorcic kao neki error catchme.dll i sad mi se pojavila ikonica IE na desktopu (koje inace nije bilo). ComboFix 10-04-06.03 - Miki 07.04.2010 14:36:03.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1206 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Miki\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Service_SSHNAS ((((((((((((((((((((((( Dateien erstellt von 2010-03-07 bis 2010-04-07 )))))))))))))))))))))))))))))) . 2010-04-07 09:59 . 2010-04-07 09:59 5918776 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-31 21:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-31 21:49 . 2010-03-31 21:49 -------- d-----w- c:\programme\Opera 2010-03-30 17:16 . 2010-03-30 17:16 -------- d-----w- c:\windows\Sun 2010-03-30 17:16 . 2010-03-30 17:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2010-03-30 17:02 . 2010-03-30 17:02 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\msvcp71.dll 2010-03-30 17:02 . 2010-03-30 17:02 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\jmc.dll 2010-03-30 17:02 . 2010-03-30 17:02 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\msvcr71.dll 2010-03-30 17:02 . 2010-03-30 17:02 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b747ecb-n\decora-sse.dll 2010-03-30 17:02 . 2010-03-30 17:02 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b747ecb-n\decora-d3d.dll 2010-03-22 11:25 . 2010-03-22 11:25 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET 2010-03-21 13:32 . 2010-03-21 13:54 162816 ----a-w- c:\windows\system32\fmod.dll 2010-03-19 21:19 . 2010-03-19 21:40 -------- d-----w- c:\programme\Microsoft ActiveSync 2010-03-19 21:18 . 2010-03-19 21:18 -------- d-----w- c:\windows\Downloaded Installations 2010-03-19 13:20 . 2010-04-05 19:10 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\dvdcss 2010-03-19 13:20 . 2010-04-07 10:08 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\vlc 2010-03-19 13:09 . 2010-03-19 13:09 -------- d-----w- c:\programme\VideoLAN 2010-03-14 21:15 . 2010-03-14 21:15 -------- d--h--w- c:\windows\PIF 2010-03-14 16:29 . 2010-03-14 16:31 -------- d-----w- c:\programme\MagicDVDRipper 2010-03-14 13:50 . 2009-02-24 17:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-03-14 13:50 . 2010-03-14 13:50 -------- d-----w- c:\programme\MagicDisc 2010-03-14 13:46 . 2010-03-14 13:47 -------- d-----w- c:\programme\MagicISO 2010-03-14 07:16 . 2010-03-14 07:32 -------- d-----w- c:\windows\SxsCaPendDel 2010-03-14 07:10 . 2010-03-14 07:10 -------- d-----w- c:\dokumente und einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft Help 2010-03-13 19:07 . 2010-03-13 19:07 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\HP 2010-03-13 19:01 . 2010-03-13 19:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WEBREG 2010-03-13 18:59 . 2010-03-13 19:02 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\HP 2010-03-13 18:58 . 2008-10-28 03:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-03-13 18:58 . 2008-10-28 03:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2010-03-13 18:57 . 2009-04-20 11:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll 2010-03-13 18:57 . 2009-04-20 11:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll 2010-03-13 18:57 . 2009-04-15 14:53 452408 ----a-r- c:\windows\system32\hpzids01.dll 2010-03-13 18:57 . 2008-10-28 03:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-03-13 18:52 . 2010-03-13 18:52 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Yahoo! 2010-03-13 18:52 . 2010-03-14 07:36 -------- d-----w- c:\programme\Yahoo! 2010-03-13 18:45 . 2010-03-14 07:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP 2010-03-13 18:45 . 2010-03-13 18:45 -------- d-----w- c:\programme\Gemeinsame Dateien\Hewlett-Packard 2010-03-13 18:43 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-03-13 18:43 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-03-13 18:43 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-03-13 18:42 . 2010-03-14 07:35 -------- d-----w- c:\programme\HP 2010-03-13 10:46 . 2010-03-13 10:46 -------- d-----w- c:\programme\Foxit Software 2010-03-13 08:50 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-13 08:50 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 08:49 . 2010-04-07 10:11 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-03-13 07:42 . 2010-03-13 07:42 -------- d-----w- c:\programme\FastStone Image Viewer 2010-03-12 23:46 . 2010-03-13 07:42 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\FastStone 2010-03-12 23:45 . 2010-03-12 23:46 -------- d-----w- c:\programme\FastStone Capture 2010-03-12 21:59 . 2010-03-12 21:59 -------- d-----w- c:\programme\Xilisoft 2010-03-11 13:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-07 12:47 . 2010-01-11 18:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\uTorrent 2010-04-07 10:25 . 2010-02-28 08:47 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Software Informer 2010-03-31 21:46 . 2010-02-28 11:03 -------- d-----w- c:\programme\Opera 10.50 Beta 2010-03-30 17:01 . 2010-01-03 12:27 -------- d-----w- c:\programme\Java 2010-03-30 16:59 . 2004-08-04 03:00 84728 ----a-w- c:\windows\system32\perfc007.dat 2010-03-30 16:59 . 2004-08-04 03:00 459390 ----a-w- c:\windows\system32\perfh007.dat 2010-03-14 07:42 . 2010-01-02 23:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-03-14 07:33 . 2010-01-02 21:37 29816 ----a-w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-03-13 07:31 . 2010-01-11 18:52 -------- d-----w- c:\programme\uTorrent 2010-03-09 02:28 . 2010-01-03 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-07 22:48 . 2010-01-03 00:51 -------- d-----w- c:\programme\ESET 2010-03-06 11:38 . 2010-01-02 20:34 -------- d-----w- c:\programme\Launch Manager 2010-02-28 10:37 . 2010-02-28 10:37 -------- d-s---w- c:\programme\Total CMA Pack 2010-02-28 09:50 . 2010-01-16 10:35 -------- d-----w- c:\programme\UlisesSoft 2010-02-28 09:27 . 2010-02-28 09:24 -------- d-----w- c:\programme\NOD32view 2010-02-28 09:27 . 2010-02-28 09:26 -------- d-----w- c:\programme\iTunes 2010-02-28 09:26 . 2010-02-28 09:26 -------- d-----w- c:\programme\iPod 2010-02-28 09:26 . 2010-01-03 12:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-02-28 09:21 . 2010-02-28 09:21 72488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-28 08:56 . 2010-02-28 08:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-02-28 08:56 . 2010-02-28 08:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-28 08:50 . 2010-02-28 08:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Canneverbe Limited 2010-02-28 08:50 . 2010-01-03 12:21 -------- d-----w- c:\programme\CDBurnerXP 2010-02-28 08:47 . 2010-02-28 08:47 -------- d-----w- c:\programme\Software Informer 2010-02-25 06:15 . 2004-08-04 03:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-08 17:50 . 2010-01-02 20:53 90112 -c--a-w- c:\windows\DUMP4d06.tmp 2010-02-08 17:49 . 2010-01-02 20:53 90112 -c--a-w- c:\windows\DUMP514c.tmp . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-03-12 319792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800] "egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^MagicDisc.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] 2007-07-26 11:28 105544 -c--a-w- c:\programme\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack] 2009-09-01 15:18 43255 ----a-w- c:\programme\Total CMA Pack\Total CMA Pack.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-12 20:02 37888 ----a-w- c:\programme\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.05.2009 16:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.05.2009 16:49 94360] R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [14.05.2009 16:47 731840] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.03.2010 10:50 303952] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.03.2010 10:50 20824] S1 mailKmd;mailKmd; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.01.2010 00:04 1691480] S3 flash;flash;c:\windows\system32\drivers\flash.sys [02.01.2010 23:18 8064] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [03.01.2010 12:42 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [03.01.2010 12:42 13440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners 2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-fsm - (no file) MSConfigStartUp-MSMSGS - c:\programme\Messenger\msmsgs.exe MSConfigStartUp-YVIBBBHA8C - c:\dokume~1\Miki\LOKALE~1\Temp\Kgv.exe AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\programme\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-07 14:45 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????0???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@????????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?D???6@??D????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2688-) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\CDBurnerXP\NMSAccessU.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe . ************************************************************************ . Zeit der Fertigstellung: 2010-04-07 14:50:39 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-07 12:50 Vor Suchlauf: 4.840.423.424 Bytes frei Nach Suchlauf: 4.730.671.104 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BE98117C5AE19AC9A86154C14D9F5C7D Dopuna: 07 Apr 2010 15:23 i jos nesto: nema vise ovog u msconfig, start ... ali gmer je napravio neka dva fajla, mislim da je jedan .exe a drugi kao kad snimam u regedit. cemu sad to sluzi? jel mogu obrisati ili da ga sacuvam negde?

Profil

helen1 Poslao: 07 Apr 2010 15:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\windows\system32\drivers\flash.sys preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

mirjanagb Poslao: 07 Apr 2010 15:57 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hi, uploadovano je!!

Profil

helen1 Poslao: 07 Apr 2010 21:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To bi bilo to: Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

mirjanagb Poslao: 07 Apr 2010 21:46 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok. hvala na pomoci!!!!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » kgv.exe virus

Ko je trenutno na forumu

Ukupno su 847 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 840 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ALBION101, babaroga, gorantrojka, Marko Marković, Maschinekalibar, suton

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by