ComboFix 07-11-19.4 - Radinhio 2007-11-27 23:37:17.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.625 [GMT 1:00] Running from: C:\Documents and Settings\Radinhio\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Radinhio\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Radinhio\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Radinhio\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\egjlm.ini C:\WINDOWS\system32\egjlm.ini2 C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\rqbvaxnt.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 13:27 2007-11-27 13:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-27 13:26 2007-11-25 23:12 2007-11-25 23:00 775,892 —hs---- C:\WINDOWS\system32\adkewkkc.ini 2007-11-25 23:00 85,056 --a------ C:\WINDOWS\system32\ckkwekda.dll 2007-11-25 22:41 2007-11-25 22:38 2007-11-25 22:34 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-11-25 10:44 2007-11-25 10:27 85,056 --a------ C:\WINDOWS\system32\eadqeffs.dll 2007-11-25 10:02 79,936 --a------ C:\WINDOWS\system32\cnecvxyq.dll 2007-11-24 10:05 775,952 —hs---- C:\WINDOWS\system32\kiqipdla.ini 2007-11-23 14:44 2007-11-23 11:25 2007-11-23 11:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-23 11:04 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-11-23 11:04 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-11-23 11:04 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-11-23 11:04 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys 2007-11-23 11:04 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-11-23 11:03 2007-11-23 11:03 2007-11-23 11:03 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2007-11-23 11:03 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll 2007-11-23 11:03 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys 2007-11-23 11:03 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll 2007-11-23 11:01 2007-11-23 10:56 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-23 10:49 2007-11-23 09:47 37,376 --a------ C:\WINDOWS\system32\iifecde.dll 2007-11-23 09:05 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-11-23 09:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-11-23 09:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-11-23 09:04 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-23 09:04 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-11-23 09:04 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-11-23 09:01 2007-11-23 09:01 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-11-22 16:28 2007-11-22 12:49 2007-11-20 18:31 2007-11-15 18:34 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-15 18:34 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-15 18:34 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-15 18:34 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-11-15 18:34 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-11-15 18:34 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-11-15 18:34 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-11-15 18:34 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-11-14 21:58 2007-11-13 19:08 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-13 19:08 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-13 19:08 22,328 --a------ C:\Documents and Settings\Radinhio\Dane aplikacji\PnkBstrK.sys 2007-11-13 19:07 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-13 19:07 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-13 19:07 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-13 19:07 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-13 19:07 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-13 19:07 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-13 19:07 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-13 19:07 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-13 19:07 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-13 18:48 2007-11-11 21:09 2007-11-08 18:46 2007-11-08 18:46 2007-11-07 09:52 2007-11-05 20:24 2007-10-29 11:09 2007-10-29 11:08 2007-10-27 14:00 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 15:56 --------- d-----w C:\Documents and Settings\Radinhio\Dane aplikacji\teamspeak2 2007-11-27 11:07 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-11-27 08:34 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-26 22:11 80,960 ----a-w C:\WINDOWS\system32\bgpjcsqw.dll 2007-11-26 22:05 85,056 ----a-w C:\WINDOWS\system32\nrewknfy.dll 2007-11-26 22:02 145,984 ----a-w C:\WINDOWS\system32\rqbvaxnt.dll 2007-11-26 01:05 --------- d-----w C:\Program Files\The All-Seeing Eye 2007-11-26 00:54 --------- d-----w C:\Program Files\SkanerOnline 2007-11-25 22:00 79,936 ----a-w C:\WINDOWS\system32\fvbqbkst.dll 2007-11-25 21:57 71,232 ----a-w C:\WINDOWS\system32\fxijgncu.exe 2007-11-25 21:35 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-11-25 09:18 --------- d-----w C:\Documents and Settings\Radinhio\Dane aplikacji\uTorrent 2007-11-24 09:27 --------- d—a-w C:\Program Files\BearShare Applications 2007-11-24 09:08 81,472 ----a-w C:\WINDOWS\system32\thtcqesk.dll 2007-11-23 08:01 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-11-22 11:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-21 08:09 --------- d-----w C:\Program Files\MoorHunt 2007-11-20 20:14 --------- d-----w C:\Program Files\HakerzyNET AntiVirus 2007-11-15 14:34 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-05 19:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-27 13:00 --------- d-----w C:\Program Files\ICQToolbar 2007-10-23 23:32 --------- d-----w C:\Program Files\eMule 2007-10-18 06:56 --------- d-----w C:\Program Files\DIFX 2007-10-18 06:55 --------- d-----w C:\Program Files\AGEIA Technologies 2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll 2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{3A2224A0-B114-4491-9305-FD0E4B55FA1E}] 2007-11-23 09:47 37376 --a------ C:\WINDOWS\System32\iifecde.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-26 23:02 145984 --a------ C:\WINDOWS\system32\rqbvaxnt.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{de7abd61-77b2-4028-85a9-f746e5d69e2e}] 2007-11-26 23:11 80960 --a------ C:\WINDOWS\system32\bgpjcsqw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\rqbvaxnt.dll [2007-11-26 23:02 145984] [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Zone Labs Client”=“C:\Programy\Zone Labs\ZoneAlarm\zlclient.exe” [2006-03-16 10:34] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] “Spyware Doctor”=“C:\Programy\Spyware Doctor\swdoctor.exe” [2007-11-25 10:41] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”= 0 (0x0) [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{3A2224A0-B114-4491-9305-FD0E4B55FA1E}”= C:\WINDOWS\System32\iifecde.dll [2007-11-23 09:47 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecde] iifecde.dll 2007-11-23 09:47 37376 C:\WINDOWS\system32\iifecde.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kextessr] kextessr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqbvaxnt] rqbvaxnt.dll 2007-11-26 23:02 145984 C:\WINDOWS\system32\rqbvaxnt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xckohtiy] xckohtiy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\mljge.dll S1 oreans32;oreans32;??\C:\WINDOWS\system32\drivers\oreans32.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys . Contents of the ‘Scheduled Tasks’ folder “2007-11-23 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Programy\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 23:44:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 23:47:09 - machine was rebooted . — E O F —