ComboFix 08-05-29.1 - Roman 2008-06-01 10:38:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1051.18.834 [GMT 2:00]
Running from: C:\Users\Roman\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 00:23 --------- d-----w C:\Users\Roman\AppData\Roaming\Skype
2008-06-01 00:22 --------- d-----w C:\ProgramData\SecTaskMan
2008-06-01 00:18 --------- d-----w C:\Users\Roman\AppData\Roaming\Hamachi
2008-06-01 00:12 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 22:03 --------- d-----w C:\Users\Roman\AppData\Roaming\skypePM
2008-05-31 10:19 --------- d-----w C:\Users\Roman\AppData\Roaming\GHISLER
2008-05-31 10:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-30 22:44 --------- d-----w C:\Users\Roman\AppData\Roaming\Ahead
2008-05-30 22:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-30 22:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-30 22:34 --------- d-----w C:\ProgramData\Nero
2008-05-30 22:34 --------- d-----w C:\Program Files\Nero
2008-05-30 21:45 --------- d-----w C:\Users\Roman\AppData\Roaming\vlc
2008-05-30 21:45 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 19:54 --------- d-----w C:\Program Files\Hamachi
2008-05-30 19:53 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-05-28 19:05 --------- d-----w C:\ProgramData\Skype
2008-05-28 19:05 --------- d-----w C:\Program Files\Skype
2008-05-28 19:05 --------- d-----w C:\Program Files\Google
2008-05-28 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-28 19:04 --------- d-----w C:\Users\Roman\AppData\Roaming\ICQ
2008-05-28 19:04 --------- d-----w C:\Program Files\ICQ6
2008-05-28 19:00 --------- d-----w C:\Users\Roman\AppData\Roaming\InstallShield
2008-04-29 15:40 210,472 ----a-w C:\Windows\system32\drivers\Si3114r5.sys
2008-04-29 15:40 17,064 ----a-w C:\Windows\system32\drivers\SiWinAcc.sys
2008-04-29 15:40 12,200 ----a-w C:\Windows\system32\drivers\SiRemFil.sys
2008-03-08 04:21 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 02:08 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-06 20:08 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-28 21:05 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\Windows\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8126EBA0-6DA4-44B2-8CFA-422DA01E3D74}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2222150-8814-4B74-A8EA-84A663AC40CF}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{4E222417-3465-43DE-95D4-4122D94A85CD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9456B827-CF04-4F8D-9773-29F380BFCB7A}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{E27350DF-C81B-40F6-A0A8-E5A29528E5A8}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{89E323ED-4675-4B78-8616-5C8FB2F10C21}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{4A2EE369-F5EC-4273-819B-92211F36ACCF}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-01-18 22:55]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-05 21:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db6b81c6-2cdb-11dd-83b0-806e6f6e6963}]
\shell\AutoRun\command - F:\Bin\Assetup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-01 10:41:22
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-01 10:42:22
ComboFix-quarantined-files.txt 2008-06-01 08:42:16
Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
102 --- E O F --- 2008-05-30 20:51:57