"OEM" - 2007-07-26 23:36:03 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS [SAFE MODE] ((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 ))))))))))))))))))))))))))))))) 2007-07-26 00:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-25 18:57 d-------- C:\WINDOWS\LastGood.Tmp 2007-07-23 07:10 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-23 07:10 dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji 2007-07-23 07:10 dr------- C:\DOCUME~1\ADMINI~1\Menu Start 2007-07-23 07:10 d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne 2007-07-23 07:10 d--h----- C:\DOCUME~1\ADMINI~1\Szablony 2007-07-23 07:10 d-------- C:\DOCUME~1\ADMINI~1\Ulubione 2007-07-23 07:10 d-------- C:\DOCUME~1\ADMINI~1\Pulpit 2007-07-23 07:10 d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty 2007-07-23 05:17 d--hs---- C:\WINDOWS\CSC 2007-06-29 22:50 d-------- C:\Program Files\PocketDivx 2007-06-27 23:43 8,126,464 --a------ C:\DOCUME~1\OEM\ntuser.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-26 20:50:37 -------- d-----w C:\DOCUME~1\OEM\DANEAP~1\Skype 2007-07-22 17:51:31 -------- d-----w C:\Program Files\Yahoo! 2007-07-09 20:46:23 -------- d-----w C:\DOCUME~1\OEM\DANEAP~1\uTorrent 2007-06-29 20:34:57 -------- d-----w C:\Program Files\DivX 2007-06-29 20:30:37 -------- d-----w C:\Program Files\Google 2007-06-29 19:50:38 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-06-23 08:07:47 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2004-03-11 12:27:22 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-02-17 21:29:59 5 --sha-w C:\WINDOWS\system32\eedfdcfbc7_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00] "CTHelper"="CTHELPER.EXE" [2004-03-19 10:33 C:\WINDOWS\system32\CTHELPER.EXE] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 11:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 22:10] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12] "CreativeMouse "="C:\Program Files\Creative\Mouse Optical\mouse_2k.exe" [2003-05-23 00:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2004-12-22 12:31] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:57] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "MKSCLEAN"=C:\Documents and Settings\OEM\Pulpit\MksClean[www.instalki.pl].exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 15:44:06] BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-18 00:39:14] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= C:\Documents and Settings\OEM\Pulpit\waszslub.html FriendlyName= R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys R1 NetBT;NetBios przez TCP/IP;C:\WINDOWS\system32\DRIVERS\netbt.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys S2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys S2 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 hap17v2k;Creative P17V HAL Driver;C:\WINDOWS\system32\drivers\hap17v2k.sys S3 NABTSFEC;NABTS/FEC VBI Codec;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\autorun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-26 23:38:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\[\1l] "Order"=hex:08,00,00,00,02,00,00,00,7a,11,00,00,01,00,00,00,19,00,00,00,98,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-26 23:39:30 C:\ComboFix-quarantined-files.txt ... 2007-07-26 23:39 C:\ComboFix2.txt ... 2007-07-26 19:38 C:\ComboFix3.txt ... 2007-07-26 19:30 --- E O F ---