Thread: Virtumonde, etc. - pls help
View Single Post
Old 12-06-2008, 06:11 AM   #3 (permalink)
borik7
Registered User
 
Join Date: Sep 2007
Posts: 8
OS: xp


Re: Virtumonde, etc. - pls help
Quote:
Originally Posted by sUBs View Post
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.
Thanks for the quick reply. Please find the log. A comment: couldn't create XP recovery console because I have SP3. Everything else looks great so far. Best regards.

ComboFix 08-12-05.06 - Owner 2008-12-06 8:55:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.862 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\regedit.com
c:\windows\sc32.dll
c:\windows\system32\43upd.dll
c:\windows\system32\44upd.dll
c:\windows\system32\45upd.dll
c:\windows\system32\46upd.dll
c:\windows\system32\biyedepu.dll
c:\windows\system32\falukovo.dll
c:\windows\system32\godobovo.dll
c:\windows\system32\hosezora.dll
c:\windows\system32\jelukahu.dll
c:\windows\system32\lapagoyi.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nevihezu.dll
c:\windows\system32\regedit.exe
c:\windows\system32\uzehiven.ini
c:\windows\system32\wewefove.dll
c:\windows\system32\wonupago.dll
c:\windows\system32\wpknomud.ini
c:\windows\Tasks\foilozho.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 17:57 . 2008-12-04 17:57 1,995 ---hs---- c:\windows\system32\zeriweno.exe
2008-12-01 17:58 . 2008-12-04 20:18 250 --a------ c:\windows\gmer.ini
2008-12-01 07:40 . 2008-12-01 07:40 <DIR> d-------- c:\documents and settings\Administrator
2008-12-01 01:02 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-01 01:02 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-12-01 01:02 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-01 01:02 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-01 01:02 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-12-01 01:01 . 2002-08-28 22:59 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-12-01 01:01 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-12-01 01:01 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2008-12-01 01:01 . 2003-03-31 07:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-12-01 01:01 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-01 01:01 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2008-12-01 01:01 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-01 01:01 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-01 01:01 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-01 00:59 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2008-12-01 00:58 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2008-12-01 00:57 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2008-12-01 00:56 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-01 00:55 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-12-01 00:54 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2008-12-01 00:53 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2008-12-01 00:52 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-01 00:51 . 2003-03-31 07:00 311,359 --a--c--- c:\windows\system32\dllcache\OLD3B1.tmp
2008-12-01 00:50 . 2008-04-13 19:09 13,463,552 --a--c--- c:\windows\system32\dllcache\OLD371.tmp
2008-12-01 00:49 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-01 00:48 . 2001-08-17 12:17 629,952 --a--c--- c:\windows\system32\dllcache\eqn.sys
2008-12-01 00:47 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-12-01 00:46 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-01 00:45 . 2003-03-31 07:00 1,677,824 --a--c--- c:\windows\system32\dllcache\OLD17C.tmp
2008-12-01 00:44 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-01 00:43 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2008-12-01 00:42 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2008-12-01 00:41 . 2008-08-14 05:09 2,145,280 --a--c--- c:\windows\system32\dllcache\OLD1B.tmp
2008-12-01 00:41 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2008-12-01 00:30 . 2008-12-01 00:30 33,832 --a------ c:\windows\system32\hyzebryr.exe
2008-12-01 00:30 . 2008-12-01 00:30 33,832 --a------ c:\windows\system32\azcruaso.exe
2008-12-01 00:22 . 2008-12-01 00:22 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-30 18:52 . 2008-11-30 18:52 <DIR> d-------- c:\program files\Sierra Online
2008-11-30 18:39 . 2008-12-01 00:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\DeepBurner Pro
2008-11-30 18:37 . 2008-11-30 18:37 <DIR> d-------- c:\program files\Astonsoft
2008-11-30 16:26 . 2008-12-01 09:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 16:26 . 2008-12-01 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 15:59 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\mlJCtusq.dll
2008-11-30 15:59 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\ddcATlJC.dll
2008-11-30 15:52 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\urqPfGAr.dll
2008-11-30 15:52 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\iifecaYq.dll
2008-11-30 15:51 . 2008-11-30 15:51 47,598 --a------ c:\windows\system32\iitkjhnousmet.exe
2008-11-30 15:50 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\vtUkhfec.dll
2008-11-30 15:50 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\hgGaxyYQ.dll
2008-11-30 15:50 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\awtsSmjK.dll
2008-11-30 15:49 . 2008-12-04 08:47 <DIR> d-------- c:\windows\system32\vi
2008-11-30 15:49 . 2008-11-30 16:13 <DIR> d-------- c:\windows\system32\TEC
2008-11-30 15:49 . 2008-12-04 08:47 <DIR> d-------- c:\windows\system32\op8
2008-11-30 15:49 . 2008-11-30 15:51 <DIR> d-------- c:\windows\system32\IN
2008-11-30 15:49 . 2008-11-30 15:49 <DIR> d-------- c:\windows\system32\giv
2008-11-30 15:49 . 2008-12-04 08:15 <DIR> d-------- c:\windows\system32\gi3
2008-11-30 15:49 . 2008-11-30 15:49 <DIR> d-------- c:\temp\DIV55
2008-11-30 15:49 . 2008-11-30 15:49 905,354 --a------ c:\temp\uVN23L.exe
2008-11-30 15:49 . 2008-11-30 16:50 32,768 --a------ c:\windows\system32\hgGabYSj.dll
2008-11-30 15:38 . 2008-12-01 01:14 403 --a------ c:\windows\iexplore.htm
2008-11-30 15:30 . 2008-11-30 15:30 <DIR> d-------- c:\program files\Sierra On-Line
2008-11-30 15:18 . 2008-12-03 21:42 151 --a------ c:\windows\wininit.ini
2008-11-30 12:08 . 2008-11-30 15:31 <DIR> d-------- C:\SIERRA
2008-11-30 12:07 . 2008-11-30 12:07 <DIR> d-------- c:\documents and settings\Owner\WINDOWS
2008-11-30 12:07 . 1997-06-02 12:32 314,880 --a------ c:\windows\IsUninst.exe
2008-11-30 12:07 . 2008-11-30 15:30 418 --a------ c:\windows\SIERRA.INI
2008-11-30 12:07 . 2008-10-12 20:16 231 --a------ c:\windows\system.bak
2008-11-30 11:26 . 2008-11-30 11:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImgBurn
2008-11-30 11:26 . 2008-11-30 11:26 176,324,608 --a------ C:\Image.iso
2008-11-30 11:24 . 2008-11-30 11:24 <DIR> d-------- c:\program files\ImgBurn
2008-11-30 11:00 . 2008-11-30 11:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\InfraRecorder
2008-11-30 10:21 . 2008-11-30 10:22 31,049 --a------ c:\windows\system32\LSHPRN.EXE
2008-11-30 00:03 . 2008-11-30 00:03 <DIR> dr-h----- c:\documents and settings\Owner\Application Data\SecuROM
2008-11-30 00:02 . 2008-11-30 00:02 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-29 12:58 . 2008-11-29 13:45 <DIR> d-------- C:\Old
2008-11-29 12:55 . 2008-11-29 13:46 <DIR> d-------- c:\program files\DOSBox-0.72
2008-11-24 19:16 . 2008-11-24 19:16 <DIR> dr-h----- C:\MSOCache
2008-11-21 08:29 . 2008-11-21 08:29 <DIR> d-------- C:\iEntertainment Network
2008-11-20 19:41 . 2008-11-20 19:41 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-20 19:41 . 2004-04-30 09:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys
2008-11-20 19:41 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys
2008-11-18 19:11 . 2008-11-18 19:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Babylon
2008-11-18 19:11 . 2008-11-18 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2008-11-17 23:22 . 2008-11-17 23:22 <DIR> d-------- c:\program files\FreeGamePick.com
2008-11-15 09:10 . 2008-11-15 09:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Apple Computer
2008-11-13 20:45 . 2008-11-13 20:45 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-13 20:44 . 2008-11-13 20:45 <DIR> d-------- c:\program files\QuickTime
2008-11-13 20:44 . 2008-11-13 20:44 <DIR> d-------- c:\program files\Apple Software Update
2008-11-13 20:44 . 2008-11-15 09:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-13 20:44 . 2008-11-13 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-09 09:29 . 2008-11-09 09:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 09:19 . 2008-11-09 09:22 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-09 09:06 . 2008-11-13 03:08 <DIR> d-------- c:\program files\NOS
2008-11-09 09:06 . 2008-11-13 03:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 05:43 33,832 ----a-w c:\windows\system32\upcrnhqy.exe
2008-11-30 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 17:17 --------- d-----w c:\program files\eMule
2008-11-29 19:57 --------- d-----w c:\documents and settings\Owner\Application Data\Vso
2008-11-29 19:37 --------- d-----w c:\documents and settings\Owner\Application Data\SolSuite
2008-11-08 06:10 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-05 01:05 --------- d-----w c:\program files\DivX
2008-10-30 19:59 --------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:40 --------- d-----w c:\program files\Quicken
2008-10-16 22:37 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-10-16 22:37 --------- d-----w c:\program files\Common Files\Intuit
2008-10-16 22:37 --------- d-----w c:\documents and settings\Owner\Application Data\Intuit
2008-10-16 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-14 12:04 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-14 12:02 --------- d-----w c:\program files\Microsoft.NET
2008-10-14 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-10-13 22:52 --------- d-----w c:\program files\Windows Defender
2008-10-13 22:35 --------- d-----w c:\program files\ffdshow
2008-10-13 22:35 --------- d-----w c:\program files\AC3Filter
2008-10-13 22:33 --------- d-----w c:\program files\Xvid
2008-10-13 22:33 --------- d-----w c:\documents and settings\Owner\Application Data\DivX
2008-10-13 22:23 --------- d-----w c:\documents and settings\Owner\Application Data\ICAClient
2008-10-13 22:22 --------- d-----w c:\program files\Citrix
2008-10-13 22:09 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-13 22:09 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2008-10-13 22:09 --------- d-----w c:\program files\VSO
2008-10-13 22:07 --------- d-----w c:\program files\WinZip Self-Extractor
2008-10-13 22:01 --------- d-----w c:\program files\SolSuite
2008-10-13 11:38 --------- d-----w c:\program files\McAfee
2008-10-13 09:32 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-13 09:31 --------- d-----w c:\program files\McAfee.com
2008-10-13 09:31 --------- d-----w c:\program files\Common Files\McAfee
2008-10-13 09:26 --------- d-----w c:\program files\Intel
2008-10-13 09:26 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-13 09:23 --------- d-----w c:\program files\Analog Devices
2008-10-13 07:03 --------- d-----w c:\program files\microsoft frontpage
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\davijawozu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinterSecurityLayer]
--a------ 2008-11-30 10:22 31049 c:\windows\system32\LSHPRN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQ931STI]
--a------ 2007-01-24 13:24 151552 c:\windows\SQ931STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\Mcshield.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys [2008-10-30 530432]
S1 8adc79fa;8adc79fa;c:\windows\system32\drivers\8adc79fa.sys []
S1 atinpdxxx;atinpdxxx;c:\windows\system32\drivers\atinpdxxx.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{37211d51-b7fb-4c33-9570-0f32563b5947} - c:\windows\system32\falukovo.dll
BHO-{421B0608-9183-8757-D91D-77F3D214EEED} - c:\windows\system32\iobhmxdatlther.dll
BHO-{ECD3EFDF-7EC0-46C3-850C-D9E9A03ED4C4} - c:\windows\system32\fccdefgf.dll
HKLM-Run-davijawozu - c:\windows\system32\supilime.dll
Notify-nnnmnlKd - nnnmnlKd.dll
MSConfigStartUp-b46a9676 - c:\windows\system32\wonupago.dll
MSConfigStartUp-CPMb759a5ea - c:\windows\system32\feyimupa.dll
MSConfigStartUp-mjkxwgfkmh - c:\windows\system32\iobhmxdatlther.dll
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe


.
------- Supplementary Scan -------
.
uStart Page = https://wmusremote.ubs.com/Citrix/Me...uth/login.aspx
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {85F9F13A-8885-4FEC-B2F6-05358A6058E8} = 207.69.188.172,207.69.188.171
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6zyxrz7w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 09:00:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-06 9:02:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 14:02:09

Pre-Run: 180,391,362,560 bytes free
Post-Run: 180,331,708,416 bytes free

302 --- E O F --- 2008-11-28 23:08:26
borik7 is offline