kgv.exe virus

kgv.exe virus

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

e o cemu se radi. skinem neki program (I to ne za sebe!!!)
sa krekom, i naravno javi av javi da je virus trojan (i to ne samo kgv nego uz njega jos kgu, kgs ...)
i u karantin ga stavi. koje sam logove izgleda obrisala.
medjutim ja kad sam otvorila run, msconfig i u start stoji mi ovo kgv.exe (kao nalazi se u temp) iako je temp folder prazan.

i ja sam iskljucila da se startuje sa windowsom, medjutim nisam sad 100% sigurna da li je i nestao virus, i zasto on tu jos uvek stoj

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Miki at 12:44:11,92 on 07.04.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1086 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\OSDCtrl.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\uTorrent\uTorrent.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Opera\opera.exe
C:\Programme\Software Informer\softinfo.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Miki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = google.at
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\programme\utorrent\uTorrent.exe"
uRun: [fsm]
uRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run
mRun: [LaunchAp] c:\programme\launch manager\LaunchAp.exe
mRun: [HotkeyApp] c:\programme\launch manager\HotkeyApp.exe
mRun: [LMgrVolOSD] c:\programme\launch manager\OSD.exe
mRun: [LMgrOSD] c:\programme\launch manager\OSDCtrl.exe
mRun: [Wbutton] "c:\programme\launch manager\Wbutton.exe"
mRun: [CtrlVol] c:\programme\launch manager\CtrlVol.exe
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [egui] "c:\programme\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262480044031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262521954828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\programme\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2010-3-13 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-13 20824]
S1 mailKmd;mailKmd; [x]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-3 1691480]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [2010-1-2 8064]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2010-1-3 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2010-1-3 13440]

=============== Created Last 30 ================

2010-04-07 10:00:06 699904 ----a-w- c:\windows\isRS-000.tmp
2010-03-31 21:52:15 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-21 13:32:30 162816 ----a-w- c:\windows\system32\fmod.dll
2010-03-19 21:19:34 0 d-----w- c:\programme\Microsoft ActiveSync
2010-03-19 21:18:52 0 d-----w- c:\windows\Downloaded Installations
2010-03-19 13:09:38 0 d-----w- c:\programme\VideoLAN
2010-03-14 21:15:21 0 d--h--w- c:\windows\PIF
2010-03-14 16:29:35 0 d-----w- c:\programme\MagicDVDRipper
2010-03-14 13:50:27 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-03-14 13:50:19 0 d-----w- c:\programme\MagicDisc
2010-03-14 13:46:40 0 d-----w- c:\programme\MagicISO
2010-03-14 07:16:37 0 d-----w- c:\windows\SxsCaPendDel
2010-03-13 19:01:51 0 d-----w- c:\dokume~1\alluse~1\anwend~1\WEBREG
2010-03-13 18:58:34 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-13 18:58:26 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-13 18:57:46 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2010-03-13 18:57:45 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-13 18:57:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-13 18:52:12 0 d-----w- c:\programme\Yahoo!
2010-03-13 18:45:11 0 d-----w- c:\programme\gemeinsame dateien\Hewlett-Packard
2010-03-13 18:43:17 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-13 18:43:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-13 18:43:06 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-13 18:42:21 0 d-----w- c:\programme\HP
2010-03-13 10:46:11 0 d-----w- c:\programme\Foxit Software
2010-03-13 08:50:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 08:50:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 08:49:58 0 d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-03-13 07:42:26 0 d-----w- c:\programme\FastStone Image Viewer
2010-03-12 23:46:34 0 d-----w- c:\dokume~1\miki\anwend~1\FastStone
2010-03-12 23:45:55 0 d-----w- c:\programme\FastStone Capture
2010-03-12 21:59:11 0 d-----w- c:\programme\Xilisoft
2010-03-11 13:15:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-30 16:59:39 84728 ----a-w- c:\windows\system32\perfc007.dat
2010-03-30 16:59:39 459390 ----a-w- c:\windows\system32\perfh007.dat
2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 08:56:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-02-28 08:56:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-25 06:15:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-08 17:50:26 90112 -c--a-w- c:\windows\DUMP4d06.tmp
2010-02-08 17:49:43 90112 -c--a-w- c:\windows\DUMP514c.tmp

============= FINISH: 12:44:55,20 ===============




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

Napisano: 07 Apr 2010 15:11

evo cisto jos da kazem:

kad je combofix zavrsio tj kad je krenuo da restartuje kompjuter pojavio mi se prozorcic kao neki error catchme.dll

i sad mi se pojavila ikonica IE na desktopu (koje inace nije bilo).




ComboFix 10-04-06.03 - Miki 07.04.2010 14:36:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1206 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Miki\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((( Dateien erstellt von 2010-03-07 bis 2010-04-07 ))))))))))))))))))))))))))))))
.

2010-04-07 09:59 . 2010-04-07 09:59 5918776 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 21:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-31 21:49 . 2010-03-31 21:49 -------- d-----w- c:\programme\Opera
2010-03-30 17:16 . 2010-03-30 17:16 -------- d-----w- c:\windows\Sun
2010-03-30 17:16 . 2010-03-30 17:16 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-03-30 17:02 . 2010-03-30 17:02 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\msvcp71.dll
2010-03-30 17:02 . 2010-03-30 17:02 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\jmc.dll
2010-03-30 17:02 . 2010-03-30 17:02 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b618282-n\msvcr71.dll
2010-03-30 17:02 . 2010-03-30 17:02 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b747ecb-n\decora-sse.dll
2010-03-30 17:02 . 2010-03-30 17:02 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7b747ecb-n\decora-d3d.dll
2010-03-22 11:25 . 2010-03-22 11:25 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET
2010-03-21 13:32 . 2010-03-21 13:54 162816 ----a-w- c:\windows\system32\fmod.dll
2010-03-19 21:19 . 2010-03-19 21:40 -------- d-----w- c:\programme\Microsoft ActiveSync
2010-03-19 21:18 . 2010-03-19 21:18 -------- d-----w- c:\windows\Downloaded Installations
2010-03-19 13:20 . 2010-04-05 19:10 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\dvdcss
2010-03-19 13:20 . 2010-04-07 10:08 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\vlc
2010-03-19 13:09 . 2010-03-19 13:09 -------- d-----w- c:\programme\VideoLAN
2010-03-14 21:15 . 2010-03-14 21:15 -------- d--h--w- c:\windows\PIF
2010-03-14 16:29 . 2010-03-14 16:31 -------- d-----w- c:\programme\MagicDVDRipper
2010-03-14 13:50 . 2009-02-24 17:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-03-14 13:50 . 2010-03-14 13:50 -------- d-----w- c:\programme\MagicDisc
2010-03-14 13:46 . 2010-03-14 13:47 -------- d-----w- c:\programme\MagicISO
2010-03-14 07:16 . 2010-03-14 07:32 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-14 07:10 . 2010-03-14 07:10 -------- d-----w- c:\dokumente und einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2010-03-13 19:07 . 2010-03-13 19:07 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\HP
2010-03-13 19:01 . 2010-03-13 19:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WEBREG
2010-03-13 18:59 . 2010-03-13 19:02 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\HP
2010-03-13 18:58 . 2008-10-28 03:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-13 18:58 . 2008-10-28 03:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-13 18:57 . 2009-04-20 11:23 315904 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-03-13 18:57 . 2009-04-20 11:23 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
2010-03-13 18:57 . 2009-04-15 14:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-13 18:57 . 2008-10-28 03:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-13 18:52 . 2010-03-13 18:52 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Yahoo!
2010-03-13 18:52 . 2010-03-14 07:36 -------- d-----w- c:\programme\Yahoo!
2010-03-13 18:45 . 2010-03-14 07:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP
2010-03-13 18:45 . 2010-03-13 18:45 -------- d-----w- c:\programme\Gemeinsame Dateien\Hewlett-Packard
2010-03-13 18:43 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-13 18:43 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-13 18:43 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-13 18:42 . 2010-03-14 07:35 -------- d-----w- c:\programme\HP
2010-03-13 10:46 . 2010-03-13 10:46 -------- d-----w- c:\programme\Foxit Software
2010-03-13 08:50 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 08:50 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 08:49 . 2010-04-07 10:11 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-03-13 07:42 . 2010-03-13 07:42 -------- d-----w- c:\programme\FastStone Image Viewer
2010-03-12 23:46 . 2010-03-13 07:42 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\FastStone
2010-03-12 23:45 . 2010-03-12 23:46 -------- d-----w- c:\programme\FastStone Capture
2010-03-12 21:59 . 2010-03-12 21:59 -------- d-----w- c:\programme\Xilisoft
2010-03-11 13:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 12:47 . 2010-01-11 18:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\uTorrent
2010-04-07 10:25 . 2010-02-28 08:47 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Software Informer
2010-03-31 21:46 . 2010-02-28 11:03 -------- d-----w- c:\programme\Opera 10.50 Beta
2010-03-30 17:01 . 2010-01-03 12:27 -------- d-----w- c:\programme\Java
2010-03-30 16:59 . 2004-08-04 03:00 84728 ----a-w- c:\windows\system32\perfc007.dat
2010-03-30 16:59 . 2004-08-04 03:00 459390 ----a-w- c:\windows\system32\perfh007.dat
2010-03-14 07:42 . 2010-01-02 23:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-03-14 07:33 . 2010-01-02 21:37 29816 ----a-w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-03-13 07:31 . 2010-01-11 18:52 -------- d-----w- c:\programme\uTorrent
2010-03-09 02:28 . 2010-01-03 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 22:48 . 2010-01-03 00:51 -------- d-----w- c:\programme\ESET
2010-03-06 11:38 . 2010-01-02 20:34 -------- d-----w- c:\programme\Launch Manager
2010-02-28 10:37 . 2010-02-28 10:37 -------- d-s---w- c:\programme\Total CMA Pack
2010-02-28 09:50 . 2010-01-16 10:35 -------- d-----w- c:\programme\UlisesSoft
2010-02-28 09:27 . 2010-02-28 09:24 -------- d-----w- c:\programme\NOD32view
2010-02-28 09:27 . 2010-02-28 09:26 -------- d-----w- c:\programme\iTunes
2010-02-28 09:26 . 2010-02-28 09:26 -------- d-----w- c:\programme\iPod
2010-02-28 09:26 . 2010-01-03 12:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-02-28 09:21 . 2010-02-28 09:21 72488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-28 08:56 . 2010-02-28 08:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-02-28 08:56 . 2010-02-28 08:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-28 08:50 . 2010-02-28 08:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Canneverbe Limited
2010-02-28 08:50 . 2010-01-03 12:21 -------- d-----w- c:\programme\CDBurnerXP
2010-02-28 08:47 . 2010-02-28 08:47 -------- d-----w- c:\programme\Software Informer
2010-02-25 06:15 . 2004-08-04 03:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-08 17:50 . 2010-01-02 20:53 90112 -c--a-w- c:\windows\DUMP4d06.tmp
2010-02-08 17:49 . 2010-01-02 20:53 90112 -c--a-w- c:\windows\DUMP514c.tmp
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-03-12 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^MagicDisc.lnk]
path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
2007-07-26 11:28 105544 -c--a-w- c:\programme\Pinnacle\TVCenter Pro\PMCLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack]
2009-09-01 15:18 43255 ----a-w- c:\programme\Total CMA Pack\Total CMA Pack.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\programme\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.05.2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.05.2009 16:49 94360]
R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [14.05.2009 16:47 731840]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.03.2010 10:50 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.03.2010 10:50 20824]
S1 mailKmd;mailKmd; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.01.2010 00:04 1691480]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [02.01.2010 23:18 8064]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [03.01.2010 12:42 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [03.01.2010 12:42 13440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-fsm - (no file)
MSConfigStartUp-MSMSGS - c:\programme\Messenger\msmsgs.exe
MSConfigStartUp-YVIBBBHA8C - c:\dokume~1\Miki\LOKALE~1\Temp\Kgv.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\programme\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-07 14:45
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????0???\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@????????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?D???6@??D?????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2688-)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-07 14:50:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-07 12:50

Vor Suchlauf: 4.840.423.424 Bytes frei
Nach Suchlauf: 4.730.671.104 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BE98117C5AE19AC9A86154C14D9F5C7D

Dopuna: 07 Apr 2010 15:23

i jos nesto:

nema vise ovog u msconfig, start ...

ali gmer je napravio neka dva fajla, mislim da je jedan .exe a drugi kao kad snimam u regedit.

cemu sad to sluzi? jel mogu obrisati ili da ga sacuvam negde?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\drivers\flash.sys

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

hi,

uploadovano je!!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

To bi bilo to:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

ok. hvala na pomoci!!!!

Ko je trenutno na forumu
 

Ukupno su 949 korisnika na forumu :: 31 registrovanih, 6 sakrivenih i 912 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., ajo baba, bladesu, bojank, Boris90, celik, DeerHunter, Denaya, Dimitrije Paunovic, Dogma21, FOX, ILGromovnik, indja, kuntalo, laurusri, mile23, milenko crazy north, milutin134, nikoladim, opt1, ozzy, pein, pera12345, RILE-NS, royst33, sombrero, vathra, vladaa012, vukdra, zbazin