Prosim o kontrolu logu mam v pc vir a nemuzu ho najit.Nemuzu se pripojit na internet.Pripojeni je v poradku ale pres Internet ex. nebo operu se nemuzu pripojit, vzdy nabehne stranku nelze zobrazit.Pres spy sweper sem nasel trojskeho kone tak sem ho dal do karanteny a dal sem ho smazat a pri dalsi kontrole tam zas byl. Prosim poradte.
Logfile of HijackThis v1.99.1
Scan saved at 13:03:29, on 25. 12. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\TECHDESK\System32\smss.exe
C:\TECHDESK\system32\winlogon.exe
C:\TECHDESK\system32\services.exe
C:\TECHDESK\system32\lsass.exe
C:\TECHDESK\system32\svchost.exe
C:\TECHDESK\System32\svchost.exe
C:\TECHDESK\system32\svchost.exe
C:\TECHDESK\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\TECHDESK\system32\nvsvc32.exe
C:\TECHDESK\system32\PnkBstrA.exe
C:\TECHDESK\system32\PnkBstrB.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\TECHDESK\Explorer.EXE
C:\TECHDESK\SOUNDMAN.EXE
C:\TECHDESK\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\TECHDESK\system32\wscntfy.exe
C:\TECHDESK\system32\rundll32.exe
C:\TECHDESK\system32\svchost.exe
C:\TECHDESK\system32\regsvr32.exe
C:\TECHDESK\system32\rundll32.exe
C:\TECHDESK\system32\rundll32.exe
C:\TECHDESK\system32\rundll32.exe
C:\Documents and Settings\Jurčík\Plocha\HijackThis.exe
C:\Documents and Settings\Roman.ROMAN-65D37A994\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\TECHDESK\system32\userinit.exe,C:\TECHDESK\system32\ldr.exe,C:\TECHDESK\system32\i386kd.exe,
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\TECHDESK\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\TECHDESK\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\ROMAN~2.ROM\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: WRNotifier - C:\TECHDESK\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: FCI - Unknown owner - C:\TECHDESK\system32\svchost.exe:ext.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\TECHDESK\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\TECHDESK\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\TECHDESK\system32\PnkBstrB.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
kontrola logu
- Roman Jurčík
- Nováček
-
- Registrován: 03. úno 2007
- rary
- Začátečník
-
- Registrován: 20. čer 2006
1. Stáhni si SDFix a spusť ho.
Zeptá se tě kam se vybalit tak nechej již tu přednastavenou volbu aby se vybalil na disk C:
Pak restartuj PC do nouzového režimu jdi do složky C:\SDFix a tam najdi soubor RunThis.bat spusť ho, stiskni Y pro zahájení procesu.
Pro dokončení tě vyzve SDFix aby jsi stiskl libovolnou klávesu, tak stiskni a počítač se restartuje.
Pro naběhnutí OS budeš muset po vyzvání stisknout libovolnou klávesu, tak stiskni.
Po naběhnutí OS by se ti měl zobrazit výpis SDFixu tak jsem zkopíruj celý jeho obsah.
Jinak bude uložený v složce SDFix jako Report.txt
2. Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Poznámka: Pro spuštění ComboFixe je nutné mít práva administrátora.
+ sem vlož nový log z HJT.
Zeptá se tě kam se vybalit tak nechej již tu přednastavenou volbu aby se vybalil na disk C:
Pak restartuj PC do nouzového režimu jdi do složky C:\SDFix a tam najdi soubor RunThis.bat spusť ho, stiskni Y pro zahájení procesu.
Pro dokončení tě vyzve SDFix aby jsi stiskl libovolnou klávesu, tak stiskni a počítač se restartuje.
Pro naběhnutí OS budeš muset po vyzvání stisknout libovolnou klávesu, tak stiskni.
Po naběhnutí OS by se ti měl zobrazit výpis SDFixu tak jsem zkopíruj celý jeho obsah.
Jinak bude uložený v složce SDFix jako Report.txt
2. Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Poznámka: Pro spuštění ComboFixe je nutné mít práva administrátora.
+ sem vlož nový log z HJT.
- Roman Jurčík
- Nováček
-
- Registrován: 03. úno 2007
tady je vypis z combofixu
ComboFix 07-12-21.4 - Roman 2007-12-25 18:06:33.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.801 [GMT 1:00]
Running from: C:\Documents and Settings\Roman.ROMAN-65D37A994\Plocha\ComboFix.exe
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER\ow.dll
C:\RECYCLER\ow.exe
C:\TECHDESK\rising832.exe
C:\TECHDESK\system32\msvc32.dll
C:\TECHDESK\system32\winservcs32.dll
C:\TECHDESK\Temp\1699998952.exe
C:\TECHDESK\Temp\703529228.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FCI
-------\LEGACY_PROTECT
-------\FCI
-------\protect
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.
2007-12-24 19:39 . 2007-12-24 19:39 499,712 --a------ C:\TECHDESK\system32\msvcp71.dll
2007-12-24 19:39 . 2007-12-24 19:39 348,160 --a------ C:\TECHDESK\system32\msvcr71.dll
2007-12-24 19:39 . 2007-12-24 19:39 110,639 --a------ C:\TECHDESK\system32\avgfwafu.dll
2007-12-24 19:39 . 2007-12-24 19:39 23,296 --a------ C:\TECHDESK\system32\drivers\avgmfrs.sys
2007-12-24 16:31 . 2007-12-24 16:31 248 --a------ C:\TECHDESK\RomeTW.ini
2007-12-24 10:22 . 2007-12-24 10:22 1,094 -rahs---- C:\TECHDESK\system32\stanby.reg
2007-12-24 10:21 . 2007-12-24 10:21 507,000 --a------ C:\TECHDESK\system32\w32sys15.exe
2007-12-24 10:21 . 2007-12-24 10:21 65,536 --a------ C:\47.tmp
2007-12-24 10:21 . 2007-12-24 10:21 45,056 --a------ C:\TECHDESK\system32\w32sys0.exe
2007-12-24 10:21 . 2007-12-24 10:21 12,288 --a------ C:\TECHDESK\system32\w32sys3.exe
2007-12-24 10:21 . 2007-12-24 10:21 0 --a------ C:\4B.tmp
2007-12-23 19:33 . 2002-12-18 11:23 140,488 -ra------ C:\TECHDESK\system32\comdlg32.ocx
2007-12-23 19:33 . 2002-12-18 11:23 115,016 -ra------ C:\TECHDESK\system32\MSINET.OCX
2007-12-23 19:33 . 2002-12-18 11:23 89,360 -ra------ C:\TECHDESK\system32\VB5DB.DLL
2007-12-23 19:33 . 2002-12-18 11:23 69,632 -ra------ C:\TECHDESK\system32\xmltok.dll
2007-12-23 19:33 . 2002-12-18 11:23 36,864 -ra------ C:\TECHDESK\system32\xmlparse.dll
2007-12-23 19:33 . 2002-12-18 11:23 35,840 -ra------ C:\TECHDESK\system32\comdlg32.oca
2007-12-23 19:33 . 2002-12-18 11:23 29,184 -ra------ C:\TECHDESK\system32\MSINET.oca
2007-12-23 19:33 . 2002-12-19 00:20 26,096 -ra------ C:\TECHDESK\system32\xmlinst.exe
2007-12-23 19:33 . 2002-12-18 11:23 24,576 -ra------ C:\TECHDESK\system32\msxml3a.dll
2007-12-23 19:26 . 2007-12-23 19:33 <DIR> d-------- C:\Program Files\Ubi Soft
2007-12-22 17:23 . 2007-12-22 17:23 <DIR> d-------- C:\Program Files\HT Fireman CDDVD Burner 1.3
2007-12-22 15:17 . 2007-12-22 15:17 0 --a------ C:\TECHDESK\PowerReg.dat
2007-12-15 11:02 . 2007-12-15 11:02 52,736 --a------ C:\TECHDESK\ipuninst.exe
2007-12-15 00:49 . 2007-12-15 00:49 165 --a------ C:\TECHDESK\spidla.INI
2007-12-09 11:40 . 2007-12-09 11:40 <DIR> d-------- C:\Program Files\NovaLogic
2007-12-03 09:35 . 2007-12-03 09:35 98,304 --a------ C:\TECHDESK\system32\CmdLineExt.dll
2007-12-03 00:49 . 2007-12-03 00:49 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-03 00:49 . 2005-04-25 10:43 159,616 --a------ C:\TECHDESK\system32\drivers\Vax347b.sys
2007-12-03 00:49 . 2004-04-30 09:33 5,248 --a------ C:\TECHDESK\system32\drivers\Vax347s.sys
2007-11-30 23:40 . 2007-11-30 23:40 <DIR> d-------- C:\TECHDESK\Downloaded Installations
2007-11-30 23:40 . 2007-11-30 23:40 <DIR> d-------- C:\Program Files\Veoh Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 15:22 --------- d-----w C:\Program Files\Activision
2007-12-24 13:54 --------- d-----w C:\Program Files\LogMeIn
2007-12-23 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 18:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-23 18:07 --------- d-----w C:\Program Files\Marble Arena
2007-12-23 18:05 --------- d-----w C:\Program Files\EA GAMES
2007-12-21 19:20 --------- d-----w C:\Program Files\Valve
2007-12-16 13:03 --------- d-----w C:\Program Files\HLSW
2007-12-08 19:11 --------- d-----w C:\Program Files\DivX
2007-12-08 16:37 22,328 ----a-w C:\TECHDESK\system32\drivers\PnkBstrK.sys
2007-12-08 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-24 11:31 --------- d-----w C:\Program Files\World of Warcraft
2007-11-24 09:38 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-14 14:06 30,728 ----a-w C:\TECHDESK\system32\drivers\epfwtdir.sys
2007-11-14 14:04 27,656 ----a-w C:\TECHDESK\system32\drivers\easdrv.sys
2007-11-14 14:03 33,800 ----a-w C:\TECHDESK\system32\drivers\eamon.sys
2007-11-09 15:12 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-04 17:43 --------- d-----w C:\Program Files\Electronic Arts
2007-11-04 17:37 --------- d-----w C:\Program Files\NFS
2007-11-03 09:23 --------- d-----w C:\Program Files\Counter-Strike 1.6 Patch Version 26
2007-07-30 20:17 156 ----a-w C:\Program Files\ucsqhrbh.txt
2007-02-09 19:17 168 ----a-w C:\Program Files\cgcxvjpk.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:58]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 04:01 C:\TECHDESK\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\TECHDESK\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-10-29 15:50 C:\TECHDESK\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-18 13:00 C:\TECHDESK\system32\rundll32.exe]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-07-07 16:01]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 19:39]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 19:39]
R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;C:\TECHDESK\system32\Drivers\SSFS041A.SYS [2006-07-07 15:41]
R0 viamraid;viamraid;C:\TECHDESK\system32\DRIVERS\viamraid.sys [2004-05-18 09:55]
R1 epfwtdir;epfwtdir;C:\TECHDESK\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R3 PSched;Plánovač paketů technologie QoS;C:\TECHDESK\system32\DRIVERS\psched.sys [2004-08-18 13:00]
S1 easdrv;easdrv;C:\TECHDESK\system32\DRIVERS\easdrv.sys [2007-11-14 15:04]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\TECHDESK\System32\svchost.exe -k netsvcs []
S2 eamon;EAMON;C:\TECHDESK\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
S2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-14 15:05]
S2 sb77730532;Wi658060Shell Control Servic;C:\TECHDESK\System32\svchost.exe -k netsvcs []
S3 axvbusx;axvbusx;C:\TECHDESK\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14]
S3 axvscsi;axvscsi;C:\TECHDESK\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-11-14 15:07]
S3 GVCplDrv;GVCplDrv;C:\TECHDESK\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 lmimirr;lmimirr;C:\TECHDESK\system32\DRIVERS\lmimirr.sys []
S3 ntosnh.sys;ntosnh.sys;C:\TECHDESK\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys;C:\TECHDESK\system32\drivers\ntoss.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\startdvd.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a1330-a12e-11dc-a95b-00148522becb}]
\Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b74a7b-7433-11dc-ab24-806d6172696f}]
\Shell\AutoRun\command - D:\startdvd.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52128640-7431-11dc-a927-00148522becb}]
\Shell\AutoRun\command - E:\autoplay.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 18:14:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-25 18:15:38 - machine was rebooted
ComboFix 07-12-21.4 - Roman 2007-12-25 18:06:33.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.801 [GMT 1:00]
Running from: C:\Documents and Settings\Roman.ROMAN-65D37A994\Plocha\ComboFix.exe
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER\ow.dll
C:\RECYCLER\ow.exe
C:\TECHDESK\rising832.exe
C:\TECHDESK\system32\msvc32.dll
C:\TECHDESK\system32\winservcs32.dll
C:\TECHDESK\Temp\1699998952.exe
C:\TECHDESK\Temp\703529228.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FCI
-------\LEGACY_PROTECT
-------\FCI
-------\protect
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.
2007-12-24 19:39 . 2007-12-24 19:39 499,712 --a------ C:\TECHDESK\system32\msvcp71.dll
2007-12-24 19:39 . 2007-12-24 19:39 348,160 --a------ C:\TECHDESK\system32\msvcr71.dll
2007-12-24 19:39 . 2007-12-24 19:39 110,639 --a------ C:\TECHDESK\system32\avgfwafu.dll
2007-12-24 19:39 . 2007-12-24 19:39 23,296 --a------ C:\TECHDESK\system32\drivers\avgmfrs.sys
2007-12-24 16:31 . 2007-12-24 16:31 248 --a------ C:\TECHDESK\RomeTW.ini
2007-12-24 10:22 . 2007-12-24 10:22 1,094 -rahs---- C:\TECHDESK\system32\stanby.reg
2007-12-24 10:21 . 2007-12-24 10:21 507,000 --a------ C:\TECHDESK\system32\w32sys15.exe
2007-12-24 10:21 . 2007-12-24 10:21 65,536 --a------ C:\47.tmp
2007-12-24 10:21 . 2007-12-24 10:21 45,056 --a------ C:\TECHDESK\system32\w32sys0.exe
2007-12-24 10:21 . 2007-12-24 10:21 12,288 --a------ C:\TECHDESK\system32\w32sys3.exe
2007-12-24 10:21 . 2007-12-24 10:21 0 --a------ C:\4B.tmp
2007-12-23 19:33 . 2002-12-18 11:23 140,488 -ra------ C:\TECHDESK\system32\comdlg32.ocx
2007-12-23 19:33 . 2002-12-18 11:23 115,016 -ra------ C:\TECHDESK\system32\MSINET.OCX
2007-12-23 19:33 . 2002-12-18 11:23 89,360 -ra------ C:\TECHDESK\system32\VB5DB.DLL
2007-12-23 19:33 . 2002-12-18 11:23 69,632 -ra------ C:\TECHDESK\system32\xmltok.dll
2007-12-23 19:33 . 2002-12-18 11:23 36,864 -ra------ C:\TECHDESK\system32\xmlparse.dll
2007-12-23 19:33 . 2002-12-18 11:23 35,840 -ra------ C:\TECHDESK\system32\comdlg32.oca
2007-12-23 19:33 . 2002-12-18 11:23 29,184 -ra------ C:\TECHDESK\system32\MSINET.oca
2007-12-23 19:33 . 2002-12-19 00:20 26,096 -ra------ C:\TECHDESK\system32\xmlinst.exe
2007-12-23 19:33 . 2002-12-18 11:23 24,576 -ra------ C:\TECHDESK\system32\msxml3a.dll
2007-12-23 19:26 . 2007-12-23 19:33 <DIR> d-------- C:\Program Files\Ubi Soft
2007-12-22 17:23 . 2007-12-22 17:23 <DIR> d-------- C:\Program Files\HT Fireman CDDVD Burner 1.3
2007-12-22 15:17 . 2007-12-22 15:17 0 --a------ C:\TECHDESK\PowerReg.dat
2007-12-15 11:02 . 2007-12-15 11:02 52,736 --a------ C:\TECHDESK\ipuninst.exe
2007-12-15 00:49 . 2007-12-15 00:49 165 --a------ C:\TECHDESK\spidla.INI
2007-12-09 11:40 . 2007-12-09 11:40 <DIR> d-------- C:\Program Files\NovaLogic
2007-12-03 09:35 . 2007-12-03 09:35 98,304 --a------ C:\TECHDESK\system32\CmdLineExt.dll
2007-12-03 00:49 . 2007-12-03 00:49 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-03 00:49 . 2005-04-25 10:43 159,616 --a------ C:\TECHDESK\system32\drivers\Vax347b.sys
2007-12-03 00:49 . 2004-04-30 09:33 5,248 --a------ C:\TECHDESK\system32\drivers\Vax347s.sys
2007-11-30 23:40 . 2007-11-30 23:40 <DIR> d-------- C:\TECHDESK\Downloaded Installations
2007-11-30 23:40 . 2007-11-30 23:40 <DIR> d-------- C:\Program Files\Veoh Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 15:22 --------- d-----w C:\Program Files\Activision
2007-12-24 13:54 --------- d-----w C:\Program Files\LogMeIn
2007-12-23 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 18:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-23 18:07 --------- d-----w C:\Program Files\Marble Arena
2007-12-23 18:05 --------- d-----w C:\Program Files\EA GAMES
2007-12-21 19:20 --------- d-----w C:\Program Files\Valve
2007-12-16 13:03 --------- d-----w C:\Program Files\HLSW
2007-12-08 19:11 --------- d-----w C:\Program Files\DivX
2007-12-08 16:37 22,328 ----a-w C:\TECHDESK\system32\drivers\PnkBstrK.sys
2007-12-08 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-24 11:31 --------- d-----w C:\Program Files\World of Warcraft
2007-11-24 09:38 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-14 14:06 30,728 ----a-w C:\TECHDESK\system32\drivers\epfwtdir.sys
2007-11-14 14:04 27,656 ----a-w C:\TECHDESK\system32\drivers\easdrv.sys
2007-11-14 14:03 33,800 ----a-w C:\TECHDESK\system32\drivers\eamon.sys
2007-11-09 15:12 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-04 17:43 --------- d-----w C:\Program Files\Electronic Arts
2007-11-04 17:37 --------- d-----w C:\Program Files\NFS
2007-11-03 09:23 --------- d-----w C:\Program Files\Counter-Strike 1.6 Patch Version 26
2007-07-30 20:17 156 ----a-w C:\Program Files\ucsqhrbh.txt
2007-02-09 19:17 168 ----a-w C:\Program Files\cgcxvjpk.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:58]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 04:01 C:\TECHDESK\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\TECHDESK\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-10-29 15:50 C:\TECHDESK\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-18 13:00 C:\TECHDESK\system32\rundll32.exe]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-07-07 16:01]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 19:39]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 19:39]
R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;C:\TECHDESK\system32\Drivers\SSFS041A.SYS [2006-07-07 15:41]
R0 viamraid;viamraid;C:\TECHDESK\system32\DRIVERS\viamraid.sys [2004-05-18 09:55]
R1 epfwtdir;epfwtdir;C:\TECHDESK\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R3 PSched;Plánovač paketů technologie QoS;C:\TECHDESK\system32\DRIVERS\psched.sys [2004-08-18 13:00]
S1 easdrv;easdrv;C:\TECHDESK\system32\DRIVERS\easdrv.sys [2007-11-14 15:04]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\TECHDESK\System32\svchost.exe -k netsvcs []
S2 eamon;EAMON;C:\TECHDESK\system32\DRIVERS\eamon.sys [2007-11-14 15:03]
S2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-14 15:05]
S2 sb77730532;Wi658060Shell Control Servic;C:\TECHDESK\System32\svchost.exe -k netsvcs []
S3 axvbusx;axvbusx;C:\TECHDESK\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14]
S3 axvscsi;axvscsi;C:\TECHDESK\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-11-14 15:07]
S3 GVCplDrv;GVCplDrv;C:\TECHDESK\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 lmimirr;lmimirr;C:\TECHDESK\system32\DRIVERS\lmimirr.sys []
S3 ntosnh.sys;ntosnh.sys;C:\TECHDESK\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys;C:\TECHDESK\system32\drivers\ntoss.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\startdvd.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a1330-a12e-11dc-a95b-00148522becb}]
\Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b74a7b-7433-11dc-ab24-806d6172696f}]
\Shell\AutoRun\command - D:\startdvd.exe
\Shell\readme\command - notepad cti_mne.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52128640-7431-11dc-a927-00148522becb}]
\Shell\AutoRun\command - E:\autoplay.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 18:14:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-25 18:15:38 - machine was rebooted
- Roman Jurčík
- Nováček
-
- Registrován: 03. úno 2007
a taty je vypis z hjk delany po combofixu
Logfile of HijackThis v1.99.1
Scan saved at 19:11, on 2007-12-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\TECHDESK\System32\smss.exe
C:\TECHDESK\system32\winlogon.exe
C:\TECHDESK\system32\services.exe
C:\TECHDESK\system32\lsass.exe
C:\TECHDESK\system32\svchost.exe
C:\TECHDESK\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\TECHDESK\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Roman.ROMAN-65D37A994\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\TECHDESK\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\TECHDESK\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: WRNotifier - C:\TECHDESK\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\TECHDESK\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\TECHDESK\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\TECHDESK\system32\PnkBstrB.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:11, on 2007-12-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\TECHDESK\System32\smss.exe
C:\TECHDESK\system32\winlogon.exe
C:\TECHDESK\system32\services.exe
C:\TECHDESK\system32\lsass.exe
C:\TECHDESK\system32\svchost.exe
C:\TECHDESK\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\TECHDESK\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Roman.ROMAN-65D37A994\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\TECHDESK\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\TECHDESK\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\techdesk\system32\avgfwafu.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: WRNotifier - C:\TECHDESK\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\TECHDESK\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\TECHDESK\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\TECHDESK\system32\PnkBstrB.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe