Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hey guys! Greetings from Germany.

I have a litte problem with my notebook here.
Yesterday I lend my external HDD to a friend of mine. After I got it back, I plugged it in and KIS is saying something like Maleware in autorun.inf detected.
In the KIS log, the trojan is called "virus net-worm.win32.kido.ir"
Now, iv'e done a full scan of my internal device and KIS didn't find any infections on it.

So, the question is: Is my computer still infected? And the second one is: How can I delete the trojan from my external HDD without deleting the Files on it? Because this HDD is nearly full and I haven't another external storage device.

If you need the information: on the external device are mostly Video files & a Backup of my internal HDD

Thank you for help.
Hartie

I've had a little problem with dds.scr because it was attached to AutoCAD

Now, here are the logfiles.

DDS:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Felix at 9:56:37,33 on 04.09.2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3070.1716 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Safari\Safari.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\Felix\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = 128.112.139.108:3127
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
uRun: [AdobeBridge]
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files (x86)\icq7.0\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{E33CF602-D945-461A-83F0-819F76A199F8}
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [KeybdUtility] c:\program files\lg software\lg osd\HotKey.exe
mRun-x64: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [IaNvSrv] c:\program files (x86)\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-5-15 344600]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 27152]
R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-3-4 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-28 1038088]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl64.sys [2009-8-28 21504]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\drivers\OXSDIDRV_x64.sys [2009-2-9 51760]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-09-02 07:05:58 0 d-----w- c:\program files\iPod
2010-09-02 07:05:57 0 d-----w- c:\program files\iTunes
2010-09-02 07:05:57 0 d-----w- c:\program files (x86)\iTunes
2010-09-02 06:55:25 0 d-----w- c:\program files\Bonjour
2010-09-02 06:55:25 0 d-----w- c:\program files (x86)\Bonjour
2010-08-28 13:33:59 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-08-28 13:32:59 2332368 ----a-w- c:\windows\syswow64\d3dx9_29.dll
2010-08-28 13:32:59 2323664 ----a-w- c:\windows\syswow64\d3dx9_28.dll
2010-08-28 13:32:57 2319568 ----a-w- c:\windows\syswow64\d3dx9_27.dll
2010-08-28 13:32:56 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-08-28 13:32:56 2297552 ----a-w- c:\windows\syswow64\d3dx9_26.dll
2010-08-28 13:32:55 2337488 ----a-w- c:\windows\syswow64\d3dx9_25.dll
2010-08-28 13:32:52 2222800 ----a-w- c:\windows\syswow64\d3dx9_24.dll
2010-08-28 13:27:59 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-25 15:25:10 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 15:25:10 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-22 16:54:43 228352 ----a-w- c:\windows\system32\nvccoin.dll
2010-08-12 16:19:47 0 d-----w- c:\program files (x86)\JDownloader
2010-08-12 13:51:45 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 13:51:45 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 13:51:42 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 13:51:42 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 13:51:41 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-12 13:48:54 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 13:48:38 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 13:48:37 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-10 03:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts

==================== Find3M ====================

2010-09-04 06:36:19 668778 ----a-w- c:\windows\system32\perfh007.dat
2010-09-04 06:36:19 134562 ----a-w- c:\windows\system32\perfc007.dat
2010-07-29 15:13:00 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-29 15:13:00 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 16:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 16:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 16:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-06 16:31:42 2018920 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-07-06 16:31:36 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-07-06 16:31:36 2419176 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-07-06 16:31:30 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-07-06 16:31:24 476264 ----a-w- c:\windows\system32\RtkApi64.dll
2010-07-06 16:31:24 2624616 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-07-06 16:31:18 76904 ----a-w- c:\windows\system32\RCoInst64.dll
2010-07-06 16:31:18 233064 ----a-w- c:\windows\system32\RCoRes64.dat
2010-07-06 16:31:18 1210984 ----a-w- c:\windows\system32\RTCOM64.dll
2010-07-01 11:44:48 123104 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2010-07-01 11:44:44 124128 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2010-07-01 11:44:42 124128 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-27 17:09:39 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-06-25 11:18:32 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2010-06-25 11:18:28 78672 ----a-w- c:\windows\system32\SFAPO64.dll
2010-06-25 11:18:22 80720 ----a-w- c:\windows\system32\SFCOM64.dll
2010-06-25 11:18:04 73552 ----a-w- c:\windows\syswow64\SFCOM.dll
2010-06-24 09:13:10 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2009-07-14 17:58:41 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2009-07-14 17:58:41 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2009-07-14 17:58:41 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2009-07-14 17:58:41 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:58:29,36 ===============
 

Attachments

1 - 2 of 2 Posts
Status
Not open for further replies.
Top