Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Domain Redirection and persistent autorun.inf


  • This topic is locked This topic is locked
2 replies to this topic

#1 widshin

widshin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 12 February 2009 - 01:12 AM

2 symptoms

1st - I got an autorun.inf on c:\ that opened a file named "S-1-5-21-1417001333-842925246-682003330-1003" in the recycle bin, temporarily got rid of it by making autorun.inf folder on c: and S-1-5-21-1417001333-842925246-682003330-1003 folder in recycle bin
2nd - Pretty much all security related domains are redirected to google.de - including for example update servers of windowsupdate.microsoft.com, AVG, AntiVir, SUPERAntispyware, Malwarebytes' Anti-Malware, Spybot S&D, CounterSpy and Adaware - I set the dns servers manually to the denic dns servers, HOSTS file is empty, but even setting values there would have no effect.

I got definition files for some of the above mentioned programs manually, and in the course of action got rid of the following malware in the last days.

According to malwarebytes' Anti-Malware :
Trojan.BHO urlsearchhook.toolbarurlsearchhook
Trojan.Agent iamfamous.dll
Trojan.DNSChanger

According to AVG :
Vundo.Gen C:\Dokumente und Einstellungen\scivias\Lokale Einstellungen\Temp\tmpXX.tmp (xx for various values here)
TR/Crypt.XPACK.Gen c:\Software\h4vok640.exe
TR/Click.LZ c:\Software\hbm_ecn_v1.2.rar

At this point all the above programs don't report any more malware, yet the 2 symptoms persist



DDS (Ver_09-02-01.01) - NTFSx86
Run by scivias at 6:51:31,39 on 12.02.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1081 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Programme\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\EVEMon\EVEMon.exe
C:\Programme\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\mmc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Dokumente und Einstellungen\scivias\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://stinastina.livejournal.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programme\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\programme\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
uRun: [EVEMon] "c:\programme\evemon\EVEMon.exe" -startMinimized
uRun: [SUPERAntiSpyware] c:\programme\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
mRun: [Launch LCDMon] "c:\programme\gemeinsame dateien\logitech\lcd manager\lcdmon.exe"
mRun: [<NO NAME>]
mRun: [Launch LGDCore] "c:\programme\gemeinsame dateien\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe
mRun: [LanguageShortcut] c:\programme\cyberlink\powerdvd\language\Language.exe
mRun: [LGODDFU] c:\programme\lg_fwupdate\fwupdate.exe blrun
mRun: [NeroFilterCheck] c:\programme\gemeinsame dateien\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\programme\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\programme\nero\nero 7\incd\InCD.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\programme\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\programme\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
Trusted Zone: elementmagie.de
Trusted Zone: microsoft.com
Trusted Zone: windowsupdate.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231080917515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {5E83C330-CB3B-48A8-ABC8-99604CDD5145} = 81.91.164.5,89.213.253.189
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programme\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programme\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programme\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\scivias\anwend~1\mozilla\firefox\profiles\default.6rh\
FF - prefs.js: browser.search.selectedEngine - thebod's Multi Search
FF - prefs.js: browser.startup.homepage - hxxp://windowsupdate.microsoft.com/
FF - component: c:\programme\avg\avg8\firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-9 64160]
R1 avgio;avgio;c:\programme\avira\antivir personaledition classic\avgio.sys [2009-2-9 11840]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-22 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-22 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-22 107272]
R1 SASDIFSV;SASDIFSV;c:\programme\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\programme\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-2-11 13360]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer;c:\programme\avira\antivir personaledition classic\sched.exe [2009-2-9 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\programme\avira\antivir personaledition classic\avguard.exe [2009-2-9 151297]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298264]
R2 SBAMSvc;CounterSpy Antispyware;c:\programme\sunbelt software\counterspy\SBAMSvc.exe [2008-10-28 886056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-2-11 69168]
R3 avgntflt;avgntflt;c:\programme\avira\antivir personaledition classic\avgntflt.sys [2009-2-9 52032]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-10 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-10 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-10 81288]
R3 SASENUM;SASENUM;c:\programme\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-10 16512]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2008-5-22 231040]
S3 MRVW225;A/WLAN-1 Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-5-22 299904]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-4 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-4 8320]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-1-20 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\spyware doctor\pctsAuxs.exe [2009-2-10 356920]
S3 sdCoreService;PC Tools Security Service;c:\programme\spyware doctor\pctsSvc.exe [2009-2-10 1079176]
S4 GNUnet Auto Share;GNUnet Auto Share;"c:\programme\gnu\gnunet\\bin\gnunet-auto-share.exe" --win-service --> c:\programme\gnu\gnunet\\bin\gnunet-auto-share.exe [?]

=============== Created Last 30 ================

2009-02-12 06:24 <DIR> --d----- c:\programme\Trend Micro
2009-02-11 19:15 <DIR> --d----- C:\gfhngfhn
2009-02-11 17:33 69,168 a------- c:\windows\system32\drivers\sbapifs.sys
2009-02-11 17:33 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-02-11 17:32 <DIR> --d----- c:\dokume~1\scivias\anwend~1\Sunbelt
2009-02-11 17:32 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Sunbelt
2009-02-11 17:31 <DIR> --d----- c:\programme\Sunbelt Software
2009-02-11 07:30 28 a------- c:\windows\Lic.xxx
2009-02-11 07:30 626,688 a------- c:\windows\system32\msvcr80.dll
2009-02-11 07:30 548,864 a------- c:\windows\system32\msvcp80.dll
2009-02-11 07:30 28,672 a------- c:\windows\system32\eEmpty.exe
2009-02-11 07:30 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-11 07:30 153,600 a------- c:\windows\REGEDIT.COM
2009-02-11 07:30 153,600 a------- c:\windows\R.COM
2009-02-11 07:30 140,800 a------- c:\windows\system32\TASKMGR.COM
2009-02-11 07:30 140,800 a------- c:\windows\system32\T.COM
2009-02-11 07:30 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\MicroWorld
2009-02-10 18:45 <DIR> --d----- c:\programme\BOINC
2009-02-10 06:26 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-02-10 06:26 <DIR> --d----- c:\programme\SpywareBlaster
2009-02-10 06:24 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-10 06:24 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-10 06:24 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-10 06:24 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-10 06:24 <DIR> --d----- c:\programme\Spyware Doctor
2009-02-10 06:24 <DIR> --d----- c:\dokume~1\scivias\anwend~1\PC Tools
2009-02-10 06:06 61,440 a------- c:\windows\system32\drivers\jkfb.sys
2009-02-09 22:32 <DIR> --d----- c:\dokume~1\scivias\anwend~1\Malwarebytes
2009-02-09 22:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 22:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 22:32 <DIR> --d----- c:\programme\Malwarebytes' Anti-Malware
2009-02-09 22:32 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2009-02-09 22:28 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\SUPERAntiSpyware.com
2009-02-09 22:28 <DIR> --d----- c:\programme\SUPERAntiSpyware
2009-02-09 22:28 <DIR> --d----- c:\dokume~1\scivias\anwend~1\SUPERAntiSpyware.com
2009-02-09 22:18 <DIR> --d----- C:\autorun.inf
2009-02-09 22:00 <DIR> --d----- C:\fixwareout
2009-02-09 21:49 <DIR> --d----- c:\programme\Avira
2009-02-09 21:49 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Avira
2009-02-09 21:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-09 20:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-09 20:23 <DIR> -cd-h--- c:\dokume~1\alluse~1\anwend~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-09 20:23 <DIR> --d----- c:\programme\Lavasoft
2009-02-08 12:42 <DIR> --d----- c:\programme\8 Kingdoms
2009-02-08 12:40 <DIR> --d----- c:\programme\ProjektW
2009-02-08 11:36 <DIR> --d----- c:\dokumente und einstellungen\scivias\Liquid War 6
2009-02-07 16:23 <DIR> --d----- c:\programme\Empire Interactive
2009-02-06 17:03 <DIR> --d----- c:\programme\TRON 2.0
2009-02-04 19:04 227,328 ---shr-- c:\windows\system32\ac3DX.ax
2009-02-04 19:04 216,064 ---shr-- c:\windows\system32\nbDX.dll
2009-02-04 19:04 169,472 ---shr-- c:\windows\system32\MatroskaDX.ax
2009-02-04 19:04 163,328 ---shr-- c:\windows\system32\flvDX.dll
2009-02-04 19:04 161,792 ---shr-- c:\windows\system32\RealMediaDX.ax
2009-02-04 19:04 123,904 ---shr-- c:\windows\system32\AVCDX.ax
2009-02-04 19:04 54,784 ---shr-- c:\windows\system32\RLAPEDec.ax
2009-02-04 19:04 37,888 ---shr-- c:\windows\system32\RLMPCDec.ax
2009-02-04 19:04 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-02-04 19:04 <DIR> --d----- c:\programme\eRightSoft
2009-02-03 22:08 <DIR> --d----- C:\18d7116904faf6feed
2009-02-03 21:43 <DIR> --d----- c:\programme\JRE
2009-02-03 21:43 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-01 20:02 <DIR> --d----- c:\dokume~1\scivias\anwend~1\Armagetron
2009-02-01 20:02 <DIR> --d----- c:\programme\Armagetron Advanced
2009-02-01 20:02 <DIR> --d----- c:\dokume~1\alluse~1\anwend~1\Armagetron
2009-01-26 18:20 <DIR> --d----- c:\dokume~1\scivias\anwend~1\FLV Extract
2009-01-20 19:02 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 19:02 <DIR> --d----- c:\programme\SiSoftware
2009-01-18 11:49 <DIR> --d----- c:\programme\gemeinsame dateien\Apple

==================== Find3M ====================

2009-02-10 18:36 473,624 a------- c:\windows\system32\perfh007.dat
2009-02-10 18:36 89,914 a------- c:\windows\system32\perfc007.dat
2009-02-08 19:37 136,888 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-08 19:37 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-01-30 08:40 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-30 08:40 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-30 08:40 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-10 16:13 87,608 a------- c:\dokume~1\scivias\anwend~1\inst.exe
2009-01-10 16:13 47,360 a------- c:\dokume~1\scivias\anwend~1\pcouffin.sys
2009-01-10 16:12 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-04 19:34 410,984 a------- c:\windows\system32\deploytk.dll
2008-05-22 21:35 14,852 a------- c:\programme\settings.dat
2006-05-03 11:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 6:51:42,29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 widshin

widshin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 13 February 2009 - 04:05 PM

ComboFix helped me to get rid of it, topic can be closed ;-)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:37 AM

Posted 18 February 2009 - 06:29 PM

Thanks for telling us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users