ComboFix 09-01-21.02 - cristi 2009-01-22 16:27:00.1 - NTFSx86 [GMT 2:00] Running from: c:\documents and settings\cristi\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\cristi\Desktop\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\[u]0[/u]37589.log C:\AUTORUN.INF C:\lsass.exe.48247687.exe C:\NetApi00.sys c:\pagefile.pif c:\windows\system32\com\lsass.exe c:\windows\system32\com\netcfg.000 c:\windows\system32\com\netcfg.dll c:\windows\system32\com\smss.exe c:\windows\system32\dnsq.dll . ((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 ))))))))))))))))))))))))))))))) . 2009-01-22 16:17 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-22 16:04 . 2009-01-22 16:04 d-------- c:\program files\INFOGate . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 11:56 --------- d-----w c:\program files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 c:\documents and settings\All Users\Start Menu\Programs\Startup\ Czone.lnk - c:\program files\INFOGate\CZone\Czone.exe [2009-01-22 1380864] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ TCP: {F1FC8EB3-D270-474A-BD37-FE7E45E527AC} = 81.181.111.2,80.96.198.2 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 16:28:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-22 16:30:53 ComboFix-quarantined-files.txt 2009-01-22 14:30:15 Pre-Run: 7,489,429,504 bytes free Post-Run: 7,481,339,904 bytes free 58