ComboFix 08-01-13.1 - Kai Rune 2008-01-13 15:32:25.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1279 [GMT 1:00] Running from: C:\Documents and Settings\Kai Rune\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Kai Rune\Skrivebord\CFScript.txt..txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 15:25 . 2008-01-13 15:25 dr-h----- C:\Documents and Settings\Kai Rune\Siste 2008-01-13 14:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 14:46 . 2008-01-13 14:46 106 --a------ C:\delete.bat 2008-01-13 13:59 . 2008-01-13 13:59 d-------- C:\Programfiler\MSN Messenger 2008-01-12 20:48 . 2008-01-12 20:48 28,784 --a------ C:\WINDOWS\rawr6.rar 2007-12-27 16:35 . 2007-12-27 16:35 d-------- C:\Programfiler\CDBurnerXP 2007-12-23 14:53 . 2007-12-23 14:58 d-------- C:\Programfiler\IrfanView 2007-12-23 11:23 . 2007-12-23 11:24 d-------- C:\Programfiler\GBTimelapse 2007-12-22 18:15 . 2007-12-22 18:18 d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 12:51 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-01-13 08:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor 2008-01-13 08:22 --------- d-----w C:\Programfiler\McAfee 2007-12-30 13:40 --------- d-----w C:\Documents and Settings\Kai Rune\Programdata\uTorrent 2007-12-23 09:49 --------- d-----w C:\Programfiler\MediaMonkey 2007-12-22 12:47 --------- d-----w C:\Programfiler\DivX 2007-12-21 19:47 --------- d-----w C:\Programfiler\Opera 2007-12-18 17:26 --------- d-----w C:\Programfiler\SiteAdvisor 2007-12-13 18:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-03 18:45 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-03 18:45 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-12-03 18:42 --------- d-----w C:\Documents and Settings\Kai Rune\Programdata\Logitech 2007-12-03 18:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogiShrd 2007-12-03 18:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-03 18:41 --------- d-----w C:\Programfiler\Logitech 2007-12-03 18:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2007-12-03 18:40 --------- d-----w C:\Documents and Settings\Kai Rune\Programdata\InstallShield 2007-11-17 17:01 --------- d-----w C:\Programfiler\trayit 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-13_14.54.44.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-13 13:48:49 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-13 14:32:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-13 13:48:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-13 14:32:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-13 13:48:49 4,644,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-13 14:32:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-13 13:48:49 212,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-13 14:32:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-13 13:48:50 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-13 14:32:18 4,653,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-13 13:48:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-13 14:32:18 212,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat - 2008-01-13 13:01:49 72,428 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-13 13:56:10 72,428 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-13 13:01:49 81,132 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-01-13 13:56:10 81,132 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-01-13 13:01:49 444,422 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-13 13:56:10 444,422 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-13 13:01:49 447,474 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-01-13 13:56:10 447,474 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 17:04 802816] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 16:58 696320] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 03:39 36904] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947] "CTSVolFE.exe"="C:\Programfiler\Creative\Mixer\CTSVolFE.exe" [2005-02-23 14:57 57344] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 14:52 849280] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2006-08-03 17:51 1032192] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe] "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 11:00 388096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 18:28:28] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-03 19:41:24] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programfiler\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 15:51] R2 NMSAccessU;NMSAccessU;C:\Programfiler\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34] S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 20:51] . Contents of the 'Scheduled Tasks' folder "2007-12-21 20:07:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-04-02 14:23:43 C:\WINDOWS\Tasks\McDefragTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe' "2008-01-01 00:00:08 C:\WINDOWS\Tasks\McQcTask.job" - c:\programfiler\mcafee\mqc\QcConsol.exe "2007-04-04 15:44:53 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job" - C:\Programfiler\Microsoft IntelliPoint\ipoint.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 15:38:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 15:39:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-13 14:39:54 ComboFix2.txt 2008-01-13 13:54:59 . 2008-01-09 18:51:22 --- E O F ---