ComboFix 07-12-21.4 - Robert 2007-12-24 16:44:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.678 [GMT 1:00]
Running from: C:\Documents and Settings\Robert\Skrivebord\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.
2007-12-24 12:43 . 2007-12-24 12:42 122,880 --a------ C:\WINDOWS\system32\drhtdoxqyi.exe
2007-12-22 03:00 . 2007-12-22 03:00
d-------- C:\WINDOWS\LastGood
2007-12-16 19:52 . 2007-12-16 19:53 d-------- C:\Documents and Settings\Robert\Programdata\dvdcss
2007-12-08 13:16 . 2007-12-08 13:16 d-------- C:\Programfiler\Disc2Phone
2007-12-08 12:59 . 2007-12-11 22:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-08 12:59 . 2007-12-08 12:59 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-06 17:10 . 2007-12-06 17:10 0 --a------ C:\WINDOWS\mngui.INI
2007-12-06 16:57 . 2007-12-06 16:58 d-------- C:\Documents and Settings\Robert\Programdata\Teleca
2007-12-06 16:57 . 2007-12-06 16:57 d-------- C:\Documents and Settings\Robert\Programdata\Sony Ericsson
2007-12-06 16:55 . 2007-12-06 16:55 d-------- C:\Programfiler\Sony Ericsson
2007-12-06 16:55 . 2007-12-06 16:55 d-------- C:\Programfiler\Fellesfiler\Teleca Shared
2007-12-06 16:55 . 2007-12-06 16:55 d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared
2007-12-06 16:55 . 2007-12-06 16:55 d-------- C:\Documents and Settings\All Users\Programdata\Teleca
2007-12-06 16:55 . 2007-12-06 16:55 d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 15:44 --------- d-----w C:\Documents and Settings\Robert\Programdata\uTorrent
2007-12-23 23:32 --------- d-----w C:\Programfiler\PokerStars
2007-11-17 00:04 --------- d-----w C:\Programfiler\uTorrent
2007-11-13 21:06 --------- d-----w C:\Documents and Settings\Robert\Programdata\LimeWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}
[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2004-02-25 00:35 136312 --a------ C:\WINDOWS\system32\AcSignIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Steam"="c:\documents and settings\robert\mine dokumenter\programmer\steam\steam.exe" [2007-11-30 15:42]
"Power2GoExpress"="C:\Programfiler\CyberLink\Power2Go\Power2GoExpress.exe" [2005-05-31 17:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-09-24 17:32 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 17:58]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe" [2005-04-11 15:34]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36]
"drhtdoxqyi"="C:\WINDOWS\system32\drhtdoxqyi.exe" [2007-12-24 12:42]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-28 16:15:05]
AutoCAD Startup Accelerator.lnk - C:\Programfiler\Fellesfiler\Autodesk Shared\acstart16.exe [2004-02-25 00:35:22]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\VIAMRAID.SYS [2004-03-29 06:45]
S2 eauiva1oyup9o4z;Print Spooler Service;C:\WINDOWS\system32\drhtdoxqyi.exe /service []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 10:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 16:45:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-24 16:46:54
.
2007-12-22 02:00:41 --- E O F ---