Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Bamital Windows 7


  • This topic is locked This topic is locked
2 replies to this topic

#1 crewpeter

crewpeter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 12 October 2010 - 03:26 PM

Hello,

I've got a trojan. After a couple of searches, I found out that it is, at least, trojan Bamital, because I have files in C:\Users\<username>\AppData\Local\Temp like:
11/10/2010 23:39 16 384 ~DFC0272A4857A7C239.TMP
11/10/2010 23:39 307 200 Gkz.exe
11/10/2010 23:39 6 eh3w4h3hw.ini
11/10/2010 23:39 198 144 Gk0.exe
11/10/2010 23:39 16 384 ~DF5E27FC59A42C8FA1.TMP
11/10/2010 23:39 200 192 Gk1.exe
11/10/2010 23:39 307 200 Gk2.exe
11/10/2010 23:39 241 664 sshnas21.dll
11/10/2010 23:39 198 144 Gk3.exe
11/10/2010 23:39 200 192 Gk4.exe
11/10/2010 23:42 28 515 729,7504.exe
11/10/2010 23:42 794 segh3h43.tmp

Could you please help me get rid of this? I have a lot of stuff that starts up in weird errors when I startup Windows 7.

I couldn't do the GMER Log because I get an windows\system32\config\system the specified file cannot be found when I launch it, etc. maybe there's a similar app I could run?

Here is the DDS.txt file.

Also note that I've installed AVG anti virus AFTER getting hit by the trojan. I know, not so bright...


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Carl at 23:37:37,95 on 12/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4014.2163 [GMT 2:00]


============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\SFR\Media Center\httpd\httpd.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spyware Removal Toolkit\SpywareRemovalToolkit.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Carl\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uDefault_Page_URL = hxxp://msi.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Neuf Media Center] "C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ewrgetuj] C:\Users\Carl\AppData\Local\Temp\geurge.exe
mRun: [dnheds] RUNDLL32.EXE C:\windows\system32\msdaozls.dll,w
mRun: [aaaaaaaaD] C:\windows\System32\aaaaaaaaD.exe
mRun: [aaaaaaaaÀ] C:\windows\System32\aaaaaaaaÀ.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SpywareRemovalToolkit.exe] C:\Program Files (x86)\Spyware Removal Toolkit\SpywareRemovalToolkit.exe
mRun: [SRTHelper.exe] C:\Program Files (x86)\Spyware Removal Toolkit\SRTHelper.exe -0
mExplorerRun: [ahb9z] C:\Users\Carl\AppData\Local\Temp\zfd3mig.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
TCP: {D879154E-94DF-4DC7-B8EC-D98A98726B00} = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL acaptuser32.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
AppInit_DLLs-X64: acaptuser64.dll
Hosts: 192.168.1.1 router
Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\eiz0ph0q.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\eiz0ph0q.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-3-17 20392]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-14 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-3-17 637192]
R2 DUMeterSvc;DU Meter Service;C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2010-9-25 1411616]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-14 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-8-17 160768]
R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\System32\drivers\UBSBM.sys [2010-2-26 24064]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\System32\drivers\UBUMAPI.sys [2010-2-26 92160]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-14 6789632]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-14 221184]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-3-17 4154120]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2010-3-17 70656]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-17 1028096]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-3-17 140128]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-8 215040]
R3 UBFWNet6;Unibrain 1394 FireNet6 Adapter Driver;C:\Windows\System32\drivers\ubfwnet6.sys [2010-2-26 21504]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\System32\drivers\ubohci.sys [2010-2-26 132608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-8-17 21480]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-29 136176]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-3-17 1029896]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2010-3-17 51200]
S3 BTMHID;BTMHID;C:\Windows\System32\drivers\btmhid.sys [2010-3-17 34048]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2010-3-17 461312]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Program Files (x86)\DU Meter\DUMetr64.sys [2010-9-25 20904]
S3 enecirhid;ENE CIR HID Receiver;C:\Windows\System32\drivers\enecirhid.sys [2010-3-17 14848]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\System32\drivers\enecirhidma.sys [2010-3-17 6656]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-8-14 30192]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-17 855328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-12 20:48:21 29312 ----a-w- C:\windows\SysWow64\drivers\RKHit.sys
2010-10-12 20:48:20 -------- d-----w- C:\Program Files (x86)\Spyware Removal Toolkit
2010-10-11 22:16:09 -------- d--h--w- C:\$AVG
2010-10-11 22:00:11 -------- d-----w- C:\Users\Carl\AppData\Roaming\AVG10
2010-10-11 21:58:32 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-11 21:58:25 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2010-10-11 21:57:57 -------- d-----w- C:\windows\System32\drivers\AVG
2010-10-11 21:57:57 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-11 21:57:29 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-11 21:48:27 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-02 19:47:16 -------- d-----w- C:\Program Files (x86)\StarCraft II (US)
2010-09-29 17:37:00 -------- d-----w- C:\Program Files\iPod
2010-09-29 17:36:59 -------- d-----w- C:\Program Files\iTunes
2010-09-29 17:36:59 -------- d-----w- C:\Program Files (x86)\iTunes
2010-09-29 17:33:27 -------- d-----w- C:\Program Files\Bonjour
2010-09-29 17:33:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-09-28 19:40:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-09-25 21:20:04 -------- d-----w- C:\Users\Carl\AppData\Local\Neuf
2010-09-25 21:19:23 -------- d-----w- C:\Program Files (x86)\SFR
2010-09-22 19:05:34 -------- d-----w- C:\Program Files (x86)\DU Meter
2010-09-22 19:04:11 -------- d-----w- C:\PROGRA~3\Hagel Technologies
2010-09-18 19:32:49 -------- d-----w- C:\Users\Carl\AppData\Roaming\NewsLeecher
2010-09-16 19:57:19 -------- d-----w- C:\Users\Carl\Mes fichiers reçus
2010-09-15 10:32:12 -------- d-----w- C:\Program Files (x86)\NewsLeecher
2010-09-13 14:28:00 27216 ----a-w- C:\windows\System32\drivers\AVGIDSEH.sys

==================== Find3M ====================

2010-09-08 09:17:46 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2010-09-07 01:48:58 381008 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2010-09-07 01:48:56 41040 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2010-09-07 01:48:52 305232 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2010-09-07 01:48:50 30288 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2010-08-19 19:42:38 35920 ----a-w- C:\windows\System32\drivers\AVGIDSFilter.sys
2010-08-19 19:42:38 157264 ----a-w- C:\windows\System32\drivers\AVGIDSDriver.sys
2010-08-13 22:46:30 6 ----a-w- C:\windows\silentOnce.tmp
2010-07-27 16:55:50 95520 ----a-w- C:\windows\System32\dnssd.dll
2010-07-27 16:55:50 69408 ----a-w- C:\windows\System32\jdns_sd.dll
2010-07-27 16:55:50 237856 ----a-w- C:\windows\System32\dnssdX.dll
2010-07-27 16:55:50 119584 ----a-w- C:\windows\System32\dns-sd.exe
2010-07-27 16:44:10 91424 ----a-w- C:\windows\SysWow64\dnssd.dll
2010-07-27 16:44:10 75040 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2010-07-27 16:44:10 197920 ----a-w- C:\windows\SysWow64\dnssdX.dll
2010-07-27 16:44:10 107808 ----a-w- C:\windows\SysWow64\dns-sd.exe

============= FINISH: 23:38:23,83 ===============

Attached Files


Edited by crewpeter, 13 October 2010 - 09:24 AM.


BC AdBot (Login to Remove)

 


#2 crewpeter

crewpeter
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 14 October 2010 - 02:05 AM

Hello,

I think I removed everything..

Thanks anyway

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 14 October 2010 - 04:30 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users