system
10
((((((((((((((((((((((((((((( snapshot@2008-01-11_21.05.42.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 12:59:49 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-12 00:25:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-11 12:59:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-12 00:25:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-11 12:59:49 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT
- 2008-01-12 00:25:54 4,128,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\ntuser.dat
- 2008-01-11 12:59:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-12 00:25:54 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-11 12:59:49 4,116,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\ntuser.dat
- 2008-01-12 00:25:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT
- 2008-01-11 12:59:49 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
- 2008-01-12 00:25:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
- 2008-01-11 12:59:57 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-01-12 00:26:01 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
- 2007-10-06 19:04:40 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-01-11 17:58:42 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-11-04 21:07:43 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-11 13:05:27 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-04 21:07:43 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 13:05:28 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 16:01:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [2007-12-17 17:13 3810544]
“ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2002-08-29 18:41 13312]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2002-08-20 15:08 1511453]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2004-10-29 16:50 4620288]
“nwiz”=“nwiz.exe” [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2004-10-29 16:50 86016]
“SoundMan”=“SOUNDMAN.EXE” [2004-09-16 20:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
“RoxioDragToDisc”=“C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe” [2005-09-20 07:53 1687552]
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe” [2005-09-20 07:29 163840]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 21:00 79224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-08-20 15:08 1511453 C:\Program Files\Messenger\msmsgs.exe
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\W700bus.sys [2007-11-04 19:57]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [2007-11-04 19:57]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\W700mdm.sys [2007-11-04 19:57]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\W700mgmt.sys [2007-11-04 19:57]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\W700obex.sys [2007-11-04 19:57]
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 08:27:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
.
Completion time: 2008-01-12 8:28:13
ComboFix-quarantined-files.txt 2008-01-12 00:27:59
