ok. daje loga z ComboFix
“user” - 2007-07-25 0:29:31 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\user\Pulpit\log ComboFix-Do.txt
((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))
2007-07-25 00:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 21:55
2007-07-24 21:23
2007-07-22 15:22
2007-07-22 15:06 5,767,168 --a------ C:\DOCUME~1\user\ntuser.dat
2007-07-22 14:21
2007-07-21 22:36
2007-07-19 07:31
2007-07-17 21:35
2007-07-17 20:41
2007-07-17 09:58
2007-07-16 18:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-15 22:43 202 --a------ C:\WINDOWS\crtl32.dll
2007-07-15 22:29
2007-07-15 14:03
2007-07-15 13:53
2007-07-15 13:53
2007-07-14 21:51 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-07-14 14:27
2007-07-14 14:22 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-07-14 14:22 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-07-14 14:22 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-07-14 14:22 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-07-14 14:22 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-07-14 14:22 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-07-14 14:22 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-07-14 14:22 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-14 14:22 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-07-14 14:22 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-07-14 14:22 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-07-14 14:22 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-07-14 14:22 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-14 14:22 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-07-14 14:22 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-07-14 14:22 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-07-14 14:22 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-07-14 14:22 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-07-14 14:22 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-07-14 14:22 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-07-14 14:22 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-07-14 14:22 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-07-14 14:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-07-14 14:22 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-07-14 14:22 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-07-14 14:22 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-07-14 14:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-07-14 14:22 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-07-14 14:22 32,866 --------- C:\WINDOWS\slrundll.exe
2007-07-14 14:22 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-07-14 14:22 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-07-14 14:22 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-07-14 14:22 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-07-14 14:22 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-07-14 14:22 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-07-14 14:22 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-07-14 14:22 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-07-14 14:22 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-07-14 14:22 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-07-14 14:22 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-07-14 14:22 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-07-14 14:22 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-07-14 14:22 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-07-14 14:22 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-07-14 14:22 275,200 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-07-14 14:22 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-07-14 14:22 25,728 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-07-14 14:22 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-07-14 14:22 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-07-14 14:22 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-07-14 14:22 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-07-14 14:22 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-07-14 14:22 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-07-14 14:22 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-07-14 14:22 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-07-14 14:22 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-07-14 14:22 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-07-14 14:22 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-07-14 14:22 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-07-14 14:22 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-07-14 14:22 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-07-14 14:22 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-07-14 14:22 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-07-14 14:22 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-07-14 14:22 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-07-14 14:22 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-07-14 14:22 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-07-14 14:22 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-07-14 14:22 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-07-14 14:22 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-07-14 14:22 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-07-14 14:22 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-07-14 14:22 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-07-14 14:22 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-07-14 14:22 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 19:53:26 41,678 ----a-w C:\WINDOWS\unins000.dat
2007-07-24 18:03:26 230 —h–w C:\Program Files\desktop.ini
2007-07-24 16:34:18 230 —ha-w C:\Program Files\desktop-alt.ini
2007-07-15 22:19:08 80,866 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-15 22:19:08 482,088 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-11 10:34:14 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-07-11 09:32:20 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\ogg.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\DivX.dll
2007-06-17 09:58:48 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Reallusion
2007-06-17 09:58:24 -------- d-----w C:\DOCUME~1\user\DANEAP~1\MusicIP
2007-06-14 11:54:22 -------- d-----w C:\DOCUME~1\user\DANEAP~1\SopCast
2007-06-14 11:19:52 -------- d-----w C:\Program Files\Winamp
2007-05-31 17:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 17:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
2007-05-03 20:25:04 28 ----a-w C:\WINDOWS\mscpt.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-03-11 20:00:06 73,728 —ha-w C:\DOCUME~1\user\DANEAP~1\RBRegEx550.dll
2007-03-11 20:00:06 38,912 —ha-w C:\DOCUME~1\user\DANEAP~1\RBShell550.dll
2007-03-11 20:00:06 29,184 —ha-w C:\DOCUME~1\user\DANEAP~1\RBInternetEncodings550.dll
2007-03-11 20:00:06 1,166,772 —ha-w C:\DOCUME~1\user\DANEAP~1\RBXML550.dll
2007-01-25 01:52:26 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2006-08-22 09:04:44 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-22 09:04:42 88 --sh–r C:\WINDOWS\system32\FE66C6EF12.sys
2006-10-28 19:10:12 5 --sha-w C:\WINDOWS\system32\afccbdd1_s.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]
“Resume copy”=“copyfstq.exe” [2006-08-16 21:13 C:\WINDOWS\copyfstq.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-01-12 03:01]
“nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
“VisualTooltip”=“C:\Program Files\VisualTooltip\VisualToolTip.exe” [2007-04-25 09:45]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 09:34 C:\WINDOWS\RTHDCPL.EXE]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LClock”=“C:\Program Files\LClock\lclock.exe” [2004-09-19 19:27]
“UberIcon”=“C:\Program Files\UberIcon\UberIcon Manager.exe” [2006-07-17 23:16]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-08-09 14:28]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
C:\Documents and Settings\user\Menu Start\Programy\Autostart\
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2005-01-03 03:10:00]
Thoosje Sidebar .lnk - C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe [2007-06-19 15:24:52]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-11 12:34:03]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSaveSettings”=00000000
“ClearRecentDocsOnExit”=00000000
R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe
R2 SVKP;SVKP;??\C:\WINDOWS\system32\SVKP.sys
R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys
S3 firewall;firewall;??\C:\Program Files\Foxie Suite\firewall.sys
S3 GMSIPCI;GMSIPCI;??\D:\INSTALL\GMSIPCI.SYS
S3 idsvc;Windows CardSpace;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”
S3 irsir;Sterownik portu szeregowego podczerwieni Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe”
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{10d69b26-6cb8-11db-9d72-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{388d38a4-52b0-11db-9d03-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4c2bc236-52f1-11db-9d05-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{50d4fd5e-6195-11db-9d40-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff8-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff9-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffa-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffb-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffc-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b647c267-61a3-11db-9d41-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 00:30:22
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 0:30:46
C:\ComboFix-quarantined-files.txt … 2007-07-25 00:30
C:\ComboFix2.txt … 2007-07-25 00:24
— E O F —
Złączono Posta : 25.07.2007 (Sro) 0:38
ok. daje loga z ComboFix
“user” - 2007-07-25 0:29:31 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\user\Pulpit\log ComboFix-Do.txt
((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))
2007-07-25 00:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 21:55
2007-07-24 21:23
2007-07-22 15:22
2007-07-22 15:06 5,767,168 --a------ C:\DOCUME~1\user\ntuser.dat
2007-07-22 14:21
2007-07-21 22:36
2007-07-19 07:31
2007-07-17 21:35
2007-07-17 20:41
2007-07-17 09:58
2007-07-16 18:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-15 22:43 202 --a------ C:\WINDOWS\crtl32.dll
2007-07-15 22:29
2007-07-15 14:03
2007-07-15 13:53
2007-07-15 13:53
2007-07-14 21:51 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-07-14 14:27
2007-07-14 14:22 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-07-14 14:22 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-07-14 14:22 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-07-14 14:22 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-07-14 14:22 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-07-14 14:22 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-07-14 14:22 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-07-14 14:22 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-14 14:22 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-07-14 14:22 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-07-14 14:22 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-07-14 14:22 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-07-14 14:22 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-14 14:22 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-07-14 14:22 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-07-14 14:22 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-07-14 14:22 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-07-14 14:22 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-07-14 14:22 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-07-14 14:22 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-07-14 14:22 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-07-14 14:22 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-07-14 14:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-07-14 14:22 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-07-14 14:22 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-07-14 14:22 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-07-14 14:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-07-14 14:22 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-07-14 14:22 32,866 --------- C:\WINDOWS\slrundll.exe
2007-07-14 14:22 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-07-14 14:22 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-07-14 14:22 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-07-14 14:22 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-07-14 14:22 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-07-14 14:22 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-07-14 14:22 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-07-14 14:22 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-07-14 14:22 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-07-14 14:22 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-07-14 14:22 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-07-14 14:22 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-07-14 14:22 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-07-14 14:22 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-07-14 14:22 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-07-14 14:22 275,200 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-07-14 14:22 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-07-14 14:22 25,728 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-07-14 14:22 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-07-14 14:22 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-07-14 14:22 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-07-14 14:22 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-07-14 14:22 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-07-14 14:22 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-07-14 14:22 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-07-14 14:22 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-07-14 14:22 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-07-14 14:22 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-07-14 14:22 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-07-14 14:22 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-07-14 14:22 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-07-14 14:22 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-07-14 14:22 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-07-14 14:22 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-07-14 14:22 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-07-14 14:22 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-07-14 14:22 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-07-14 14:22 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-07-14 14:22 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-07-14 14:22 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-07-14 14:22 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-07-14 14:22 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-07-14 14:22 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-07-14 14:22 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-07-14 14:22 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-07-14 14:22 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 19:53:26 41,678 ----a-w C:\WINDOWS\unins000.dat
2007-07-24 18:03:26 230 —h–w C:\Program Files\desktop.ini
2007-07-24 16:34:18 230 —ha-w C:\Program Files\desktop-alt.ini
2007-07-15 22:19:08 80,866 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-15 22:19:08 482,088 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-11 10:34:14 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-07-11 09:32:20 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\ogg.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\DivX.dll
2007-06-17 09:58:48 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Reallusion
2007-06-17 09:58:24 -------- d-----w C:\DOCUME~1\user\DANEAP~1\MusicIP
2007-06-14 11:54:22 -------- d-----w C:\DOCUME~1\user\DANEAP~1\SopCast
2007-06-14 11:19:52 -------- d-----w C:\Program Files\Winamp
2007-05-31 17:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 17:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
2007-05-03 20:25:04 28 ----a-w C:\WINDOWS\mscpt.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-03-11 20:00:06 73,728 —ha-w C:\DOCUME~1\user\DANEAP~1\RBRegEx550.dll
2007-03-11 20:00:06 38,912 —ha-w C:\DOCUME~1\user\DANEAP~1\RBShell550.dll
2007-03-11 20:00:06 29,184 —ha-w C:\DOCUME~1\user\DANEAP~1\RBInternetEncodings550.dll
2007-03-11 20:00:06 1,166,772 —ha-w C:\DOCUME~1\user\DANEAP~1\RBXML550.dll
2007-01-25 01:52:26 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2006-08-22 09:04:44 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-22 09:04:42 88 --sh–r C:\WINDOWS\system32\FE66C6EF12.sys
2006-10-28 19:10:12 5 --sha-w C:\WINDOWS\system32\afccbdd1_s.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]
“Resume copy”=“copyfstq.exe” [2006-08-16 21:13 C:\WINDOWS\copyfstq.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-01-12 03:01]
“nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
“VisualTooltip”=“C:\Program Files\VisualTooltip\VisualToolTip.exe” [2007-04-25 09:45]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 09:34 C:\WINDOWS\RTHDCPL.EXE]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LClock”=“C:\Program Files\LClock\lclock.exe” [2004-09-19 19:27]
“UberIcon”=“C:\Program Files\UberIcon\UberIcon Manager.exe” [2006-07-17 23:16]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-08-09 14:28]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
C:\Documents and Settings\user\Menu Start\Programy\Autostart\
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2005-01-03 03:10:00]
Thoosje Sidebar .lnk - C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe [2007-06-19 15:24:52]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-11 12:34:03]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSaveSettings”=00000000
“ClearRecentDocsOnExit”=00000000
R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe
R2 SVKP;SVKP;??\C:\WINDOWS\system32\SVKP.sys
R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys
S3 firewall;firewall;??\C:\Program Files\Foxie Suite\firewall.sys
S3 GMSIPCI;GMSIPCI;??\D:\INSTALL\GMSIPCI.SYS
S3 idsvc;Windows CardSpace;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”
S3 irsir;Sterownik portu szeregowego podczerwieni Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe”
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{10d69b26-6cb8-11db-9d72-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{388d38a4-52b0-11db-9d03-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4c2bc236-52f1-11db-9d05-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{50d4fd5e-6195-11db-9d40-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff8-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff9-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffa-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffb-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffc-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b647c267-61a3-11db-9d41-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 00:30:22
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 0:30:46
C:\ComboFix-quarantined-files.txt … 2007-07-25 00:30
C:\ComboFix2.txt … 2007-07-25 00:24
— E O F —
Złączono Posta : 25.07.2007 (Sro) 0:39
ok. daje loga z ComboFix
“user” - 2007-07-25 0:29:31 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\user\Pulpit\log ComboFix-Do.txt
((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))
2007-07-25 00:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 21:55
2007-07-24 21:23
2007-07-22 15:22
2007-07-22 15:06 5,767,168 --a------ C:\DOCUME~1\user\ntuser.dat
2007-07-22 14:21
2007-07-21 22:36
2007-07-19 07:31
2007-07-17 21:35
2007-07-17 20:41
2007-07-17 09:58
2007-07-16 18:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-15 22:43 202 --a------ C:\WINDOWS\crtl32.dll
2007-07-15 22:29
2007-07-15 14:03
2007-07-15 13:53
2007-07-15 13:53
2007-07-14 21:51 2,368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-07-14 14:27
2007-07-14 14:22 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-07-14 14:22 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-07-14 14:22 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-07-14 14:22 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-07-14 14:22 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-07-14 14:22 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-07-14 14:22 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-07-14 14:22 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-14 14:22 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-07-14 14:22 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-07-14 14:22 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-07-14 14:22 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-07-14 14:22 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-14 14:22 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-07-14 14:22 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-07-14 14:22 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-07-14 14:22 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-07-14 14:22 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-07-14 14:22 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-07-14 14:22 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-07-14 14:22 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-07-14 14:22 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-07-14 14:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-07-14 14:22 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-07-14 14:22 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-07-14 14:22 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-07-14 14:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-07-14 14:22 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-07-14 14:22 32,866 --------- C:\WINDOWS\slrundll.exe
2007-07-14 14:22 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-07-14 14:22 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-07-14 14:22 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-07-14 14:22 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-07-14 14:22 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-07-14 14:22 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-07-14 14:22 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-07-14 14:22 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-07-14 14:22 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-07-14 14:22 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-07-14 14:22 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-07-14 14:22 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-07-14 14:22 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-07-14 14:22 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-07-14 14:22 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-07-14 14:22 275,200 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-07-14 14:22 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-07-14 14:22 25,728 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-07-14 14:22 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-07-14 14:22 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-07-14 14:22 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-07-14 14:22 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-07-14 14:22 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-07-14 14:22 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-07-14 14:22 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-07-14 14:22 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-07-14 14:22 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-07-14 14:22 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-07-14 14:22 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-07-14 14:22 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-07-14 14:22 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-07-14 14:22 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-07-14 14:22 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-07-14 14:22 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-07-14 14:22 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-07-14 14:22 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-07-14 14:22 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-07-14 14:22 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-07-14 14:22 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-07-14 14:22 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-07-14 14:22 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-07-14 14:22 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-07-14 14:22 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-07-14 14:22 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-07-14 14:22 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-07-14 14:22 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-07-14 14:22 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-07-14 14:22 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-07-14 14:22 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 19:53:26 41,678 ----a-w C:\WINDOWS\unins000.dat
2007-07-24 18:03:26 230 —h–w C:\Program Files\desktop.ini
2007-07-24 16:34:18 230 —ha-w C:\Program Files\desktop-alt.ini
2007-07-15 22:19:08 80,866 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-15 22:19:08 482,088 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-07-11 10:34:14 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-07-11 09:32:20 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-07-07 18:10:52 234 ----a-w C:\WINDOWS\system32\ogg.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-07-07 18:10:48 234 ----a-w C:\WINDOWS\system32\DivX.dll
2007-06-17 09:58:48 -------- d-----w C:\DOCUME~1\user\DANEAP~1\Reallusion
2007-06-17 09:58:24 -------- d-----w C:\DOCUME~1\user\DANEAP~1\MusicIP
2007-06-14 11:54:22 -------- d-----w C:\DOCUME~1\user\DANEAP~1\SopCast
2007-06-14 11:19:52 -------- d-----w C:\Program Files\Winamp
2007-05-31 17:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 17:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
2007-05-03 20:25:04 28 ----a-w C:\WINDOWS\mscpt.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-03-11 20:00:06 73,728 —ha-w C:\DOCUME~1\user\DANEAP~1\RBRegEx550.dll
2007-03-11 20:00:06 38,912 —ha-w C:\DOCUME~1\user\DANEAP~1\RBShell550.dll
2007-03-11 20:00:06 29,184 —ha-w C:\DOCUME~1\user\DANEAP~1\RBInternetEncodings550.dll
2007-03-11 20:00:06 1,166,772 —ha-w C:\DOCUME~1\user\DANEAP~1\RBXML550.dll
2007-01-25 01:52:26 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2006-08-22 09:04:44 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-22 09:04:42 88 --sh–r C:\WINDOWS\system32\FE66C6EF12.sys
2006-10-28 19:10:12 5 --sha-w C:\WINDOWS\system32\afccbdd1_s.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]
“Resume copy”=“copyfstq.exe” [2006-08-16 21:13 C:\WINDOWS\copyfstq.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-01-12 03:01]
“nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
“VisualTooltip”=“C:\Program Files\VisualTooltip\VisualToolTip.exe” [2007-04-25 09:45]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 09:34 C:\WINDOWS\RTHDCPL.EXE]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LClock”=“C:\Program Files\LClock\lclock.exe” [2004-09-19 19:27]
“UberIcon”=“C:\Program Files\UberIcon\UberIcon Manager.exe” [2006-07-17 23:16]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-08-09 14:28]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
C:\Documents and Settings\user\Menu Start\Programy\Autostart\
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2005-01-03 03:10:00]
Thoosje Sidebar .lnk - C:\Program Files\Thoosje Sidebar V2.0\Thoosje Sidebar .exe [2007-06-19 15:24:52]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-11 12:34:03]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSaveSettings”=00000000
“ClearRecentDocsOnExit”=00000000
R1 AmdK8;Sterownik procesora AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe
R2 SVKP;SVKP;??\C:\WINDOWS\system32\SVKP.sys
R3 adiusbaw;USB ADSL WAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
S2 ADILOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys
S3 firewall;firewall;??\C:\Program Files\Foxie Suite\firewall.sys
S3 GMSIPCI;GMSIPCI;??\D:\INSTALL\GMSIPCI.SYS
S3 idsvc;Windows CardSpace;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”
S3 irsir;Sterownik portu szeregowego podczerwieni Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;“C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe”
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{10d69b26-6cb8-11db-9d72-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{388d38a4-52b0-11db-9d03-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4c2bc236-52f1-11db-9d05-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{50d4fd5e-6195-11db-9d40-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff8-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ff9-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffa-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffb-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d144ffc-61d8-11db-9d43-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b647c267-61a3-11db-9d41-4d6564696130}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
*Newly Created Service* - CATCHME
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 00:30:22
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 0:30:46
C:\ComboFix-quarantined-files.txt … 2007-07-25 00:30
C:\ComboFix2.txt … 2007-07-25 00:24
— E O F —