Zaplnuje se neustále systémový disk.
Výpis RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by vl0427 at 2010-01-27 09:50:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 MB (0%) free of 12 GB
Total RAM: 1023 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:15, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WebPrint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\NOTEPAD.EXE
N:\RSIT.exe
d:\Program Files\Trend Micro\HijackThis\vl0427.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.136.119:3128
O1 - Hosts: 172.25.200.135 erp.ecs.com.tw
O1 - Hosts: 172.25.200.236 es45.ecs.com.tw
O1 - Hosts: 172.25.200.120 home.ecs.com.tw
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: WebPrint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4571374454
O16 - DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} (NPRemvuPluginControl) - http://192.168.137.200/common/NPRemvu.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {e79bc654-8fc6-4bb9-bfb8-8860779ae213} (Oracle JInitiator 1.1.8.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\Software\..\Telephony: DomainName = tcz.tatung
O17 - HKLM\System\CCS\Services\Tcpip\..\{B471A7A6-7E05-4CC6-B180-D816337E561A}: NameServer = 192.168.136.42,192.168.136.41
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcz.tatung
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mididpnh.dll brwstat.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Seagull License Server - Unknown owner - C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 8274 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2009-07-24 240680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll [2005-01-19 446464]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []
"CTHelper"=CTHELPER.EXE []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2003-07-28 49152]
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"TrojanScanner"=d:\Program Files\Trojan Remover\Trjscan.exe [2009-02-15 1214856]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-22 68856]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe silent []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
WebPrint.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mididpnh.dll brwstat.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1
"dontdisplaylockeduserid"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Synology Assistant\DSAssistant.exe"="C:\Program Files\Synology Assistant\DSAssistant.exe:*:Enabled:Synology Assistant"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Windows\DSAssistant\Application\DSAssistant.exe"="E:\Windows\DSAssistant\Application\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Dude\dudes.exe"="D:\Program Files\Dude\dudes.exe:*:Enabled:dudes"
"D:\Program Files\WinPcap\rpcapd.exe"="D:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"D:\Program Files\Look@LAN\LookAtHost.exe"="D:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST"
"D:\Program Files\Look@LAN\LookAtLan.exe"="D:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21264188-9689-11dc-b6a6-000ea68d7b73}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21264189-9689-11dc-b6a6-000ea68d7b73}]
shell\AutoRun\command - ntdelect.com
shell\explore\command - ntdelect.com
shell\open\command - ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6db51211-75b4-11de-b8cf-000ea68d7b73}]
shell\AutoRun\command - I:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec0bd914-a941-11dc-b6ba-000ea68d7b73}]
shell\AutoRun\command - I:\p.exe
shell\open\command - I:\p.exe
======List of files/folders created in the last 1 months======
2010-01-27 09:50:13 ----D---- C:\rsit
2010-01-27 08:40:09 ----A---- C:\WINNT\system32\ztvcabinet.dll
2010-01-27 08:40:09 ----A---- C:\WINNT\system32\UNRAR3.dll
2010-01-27 08:40:09 ----A---- C:\WINNT\system32\unacev2.dll
2010-01-27 08:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-01-27 07:12:44 ----HDC---- C:\WINNT\$NtUninstallKB968816_WM9$
2010-01-27 07:12:38 ----HDC---- C:\WINNT\$NtUninstallKB971961$
2010-01-27 07:12:31 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2010-01-27 07:12:07 ----HDC---- C:\WINNT\$NtUninstallKB971657$
2010-01-27 07:11:55 ----HDC---- C:\WINNT\$NtUninstallKB973815$
2010-01-27 07:11:41 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2010-01-27 07:11:25 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2010-01-27 07:11:17 ----HDC---- C:\WINNT\$NtUninstallKB973354$
2010-01-27 07:11:00 ----HDC---- C:\WINNT\$NtUninstallKB956744$
2010-01-27 07:10:49 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2010-01-27 07:10:26 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9$
2010-01-27 07:10:14 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2010-01-27 07:09:52 ----HDC---- C:\WINNT\$NtUninstallKB971633$
2010-01-27 07:09:45 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2010-01-27 07:09:33 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2010-01-27 06:50:02 ----A---- C:\WINNT\system32\wuapi.dll.mui
2010-01-25 17:32:04 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 months======
2010-01-27 09:50:15 ----D---- C:\TEMP
2010-01-27 09:48:10 ----D---- C:\WINNT\Prefetch
2010-01-27 09:46:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-27 09:41:16 ----A---- C:\WINNT\SchedLgU.Txt
2010-01-27 09:41:01 ----D---- C:\Documents and Settings\vl0427\Application Data\Skype
2010-01-27 09:00:48 ----D---- C:\Documents and Settings\vl0427\Application Data\skypePM
2010-01-27 08:40:35 ----D---- C:\WINNT\system32
2010-01-27 08:23:48 ----D---- C:\WINNT\Registration
2010-01-27 08:22:52 ----SHD---- C:\WINNT\Installer
2010-01-27 08:17:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-27 08:16:56 ----D---- C:\WINNT\WinSxS
2010-01-27 08:16:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-27 08:09:53 ----D---- C:\Perl
2010-01-27 08:08:08 ----RSD---- C:\WINNT\Fonts
2010-01-27 08:02:51 ----D---- C:\WINNT
2010-01-27 07:39:22 ----D---- C:\WINNT\Microsoft.NET
2010-01-27 07:33:18 ----RSHDC---- C:\WINNT\system32\dllcache
2010-01-27 07:33:08 ----D---- C:\WINNT\system32\CatRoot2
2010-01-27 07:16:51 ----D---- C:\WINNT\SoftwareDistribution
2010-01-27 07:12:43 ----HD---- C:\WINNT\inf
2010-01-27 07:12:42 ----A---- C:\WINNT\imsins.BAK
2010-01-27 07:12:37 ----HD---- C:\WINNT\$hf_mig$
2010-01-27 07:11:19 ----D---- C:\Program Files\Outlook Express
2010-01-27 07:10:29 ----D---- C:\WINNT\Temp
2010-01-27 07:02:14 ----D---- C:\Documents and Settings\vl0427\Application Data\ICQ
2010-01-27 06:50:03 ----D---- C:\WINNT\Help
2010-01-27 06:49:39 ----SD---- C:\WINNT\Downloaded Program Files
2010-01-25 17:59:20 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 17:32:05 ----RD---- C:\Program Files\Skype
2010-01-25 17:32:04 ----D---- C:\Program Files\Common Files
2010-01-25 17:32:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-19 14:15:45 ----D---- C:\Program Files\Vario11
2010-01-18 14:34:44 ----A---- C:\WINNT\NeroDigital.ini
2010-01-18 13:30:43 ----RD---- C:\Program Files
2010-01-18 13:30:43 ----D---- C:\WINNT\system
2010-01-15 12:03:16 ----D---- C:\Documents and Settings\vl0427\Application Data\Help
2010-01-05 07:20:40 ----D---- C:\Program Files\ICQ6.5
2010-01-04 07:17:04 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINNT\system32\DRIVERS\savonaccesscontrol.sys [2009-03-09 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINNT\system32\DRIVERS\savonaccessfilter.sys [2009-03-09 38528]
R2 Fallback;Fallback; C:\WINNT\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINNT\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINNT\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINNT\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINNT\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINNT\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINNT\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2004-06-23 371376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-10-08 6096]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-10-13 145488]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2004-02-24 904784]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16); C:\WINNT\system32\DRIVERS\hcwPVRP2.sys [2004-10-27 819712]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINNT\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINNT\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-10-08 178672]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 basic2;basic2; C:\WINNT\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2004-02-23 645360]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-10-08 130288]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-10-21 148432]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 hsf_msft;hsf_msft; C:\WINNT\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINNT\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINNT\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINNT\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 npf;NetGroup Packet Filter Driver; C:\WINNT\system32\drivers\npf.sys [2009-02-08 34064]
S3 PortTalk;PortTalk; C:\WINNT\System32\Drivers\PortTalk.sys [2008-06-05 3567]
S3 Rksample;Rksample; C:\WINNT\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINNT\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter; C:\WINNT\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINNT\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINNT\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINNT\system32\DRIVERS\SophosBootDriver.sys [2009-03-09 14976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\system32\nvsvc32.exe [2003-07-28 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-10-07 69632]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-11-02 80936]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2009-03-09 98304]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2009-04-03 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-07-02 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2009-04-03 794624]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 Seagull License Server;Seagull License Server; C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe [2007-08-30 2585992]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 182768]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [1998-06-10 95744]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zaplnění systémového disku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zaplnění systémového disku
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21264189-9689-11dc-b6a6-000ea68d7b73}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec0bd914-a941-11dc-b6ba-000ea68d7b73}]
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplnění systémového disku
Aplikace scriptu, následný log:
ComboFix 10-01-26.02 - vl0427 27.01.2010 10:46:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.657 [GMT 1:00]
Spuštěný z: c:\documents and settings\vl0427\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vl0427\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ha0417\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\program files\ICQ6.5\ICQLRun.exe
c:\winnt\system\_sv_CMD_
c:\winnt\system32\drivers\npf.sys
c:\winnt\system32\Packet.dll
c:\winnt\system32\pthreadVC.dll
c:\winnt\system32\Thumbs.db
c:\winnt\system32\WanPacket.dll
c:\winnt\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 09:54 . 2010-01-27 09:54 53248 ----a-w- c:\temp\catchme.dll
2010-01-27 08:51 . 2010-01-27 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-27 08:50 . 2010-01-27 08:50 -------- d-----w- C:\rsit
2010-01-27 07:32 . 2010-01-27 09:50 -------- d-----w- c:\temp\Google Toolbar
2010-01-27 06:03 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll
2010-01-27 06:01 . 2009-07-10 13:27 1315328 -c----w- c:\winnt\system32\dllcache\msoe.dll
2010-01-25 16:32 . 2010-01-25 16:32 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 09:53 . 2009-03-09 12:07 -------- d-----w- c:\program files\Sophos
2010-01-27 09:52 . 2005-06-07 08:20 384 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10091102}.dat
2010-01-27 09:52 . 2005-06-07 08:20 384 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10091102}.dat
2010-01-27 09:50 . 2009-07-15 04:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-27 09:36 . 2009-03-09 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-27 08:46 . 2006-11-24 05:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 08:41 . 2006-12-18 14:04 -------- d-----w- c:\documents and settings\vl0427\Application Data\Skype
2010-01-27 08:14 . 2006-10-20 06:30 48160 ----a-w- c:\documents and settings\vl0427\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 08:00 . 2009-01-28 13:40 -------- d-----w- c:\documents and settings\vl0427\Application Data\skypePM
2010-01-27 07:17 . 2005-06-08 14:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 06:02 . 2008-07-02 05:19 -------- d-----w- c:\documents and settings\vl0427\Application Data\ICQ
2010-01-25 16:32 . 2009-01-28 13:39 -------- d-----r- c:\program files\Skype
2010-01-25 16:32 . 2005-12-08 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-19 13:15 . 2005-10-06 10:23 -------- d-----w- c:\program files\Vario11
2008-12-17 22:25 . 2009-01-10 00:54 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-01-10 00:54 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-01-10 00:54 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-01-10 00:54 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-01-10 00:54 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\winnt\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\winnt\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2003-07-28 49152]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WebPrint.exe [2004-4-20 86016]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-6-8 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"dontdisplaylockeduserid"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
S2 Seagull License Server;Seagull License Server;c:\program files\Seagull\License Server\8.0\SLSSrv.exe [30.8.2007 19:10 2585992]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [8.6.2005 13:04 95744]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [5.6.2008 12:12 3567]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter;c:\winnt\system32\drivers\vnetusbr.sys [6.8.2002 15:38 87168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=192.168.136.119:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: csob.cz\ib24
TCP: {B471A7A6-7E05-4CC6-B180-D816337E561A} = 192.168.136.42,192.168.136.41
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} - hxxp://192.168.137.200/common/NPRemvu.cab
DPF: {e79bc654-8fc6-4bb9-bfb8-8860779ae213}
FF - ProfilePath - c:\documents and settings\vl0427\Application Data\Mozilla\Firefox\Profiles\ijce564f.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-CTHelper - CTHELPER.EXE
AddRemove-WOLAPI - d:\westwood\Internet\UNINSTAP.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 10:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4084)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\winnt\system32\RUNDLL32.EXE
c:\documents and settings\All Users\Start Menu\Programs\Startup\WebPrint.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 10:59:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 09:59
Před spuštěním: 204 500 992 bytes free
Po spuštění: 386 469 888 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 9CF39B591E4532E79F4300D62EC64A86
ComboFix 10-01-26.02 - vl0427 27.01.2010 10:46:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.657 [GMT 1:00]
Spuštěný z: c:\documents and settings\vl0427\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vl0427\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ha0417\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\program files\ICQ6.5\ICQLRun.exe
c:\winnt\system\_sv_CMD_
c:\winnt\system32\drivers\npf.sys
c:\winnt\system32\Packet.dll
c:\winnt\system32\pthreadVC.dll
c:\winnt\system32\Thumbs.db
c:\winnt\system32\WanPacket.dll
c:\winnt\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 09:54 . 2010-01-27 09:54 53248 ----a-w- c:\temp\catchme.dll
2010-01-27 08:51 . 2010-01-27 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-27 08:50 . 2010-01-27 08:50 -------- d-----w- C:\rsit
2010-01-27 07:32 . 2010-01-27 09:50 -------- d-----w- c:\temp\Google Toolbar
2010-01-27 06:03 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll
2010-01-27 06:01 . 2009-07-10 13:27 1315328 -c----w- c:\winnt\system32\dllcache\msoe.dll
2010-01-25 16:32 . 2010-01-25 16:32 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 09:53 . 2009-03-09 12:07 -------- d-----w- c:\program files\Sophos
2010-01-27 09:52 . 2005-06-07 08:20 384 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-10091102}.dat
2010-01-27 09:52 . 2005-06-07 08:20 384 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-10091102}.dat
2010-01-27 09:50 . 2009-07-15 04:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-27 09:36 . 2009-03-09 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-27 08:46 . 2006-11-24 05:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-27 08:41 . 2006-12-18 14:04 -------- d-----w- c:\documents and settings\vl0427\Application Data\Skype
2010-01-27 08:14 . 2006-10-20 06:30 48160 ----a-w- c:\documents and settings\vl0427\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 08:00 . 2009-01-28 13:40 -------- d-----w- c:\documents and settings\vl0427\Application Data\skypePM
2010-01-27 07:17 . 2005-06-08 14:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 06:02 . 2008-07-02 05:19 -------- d-----w- c:\documents and settings\vl0427\Application Data\ICQ
2010-01-25 16:32 . 2009-01-28 13:39 -------- d-----r- c:\program files\Skype
2010-01-25 16:32 . 2005-12-08 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-19 13:15 . 2005-10-06 10:23 -------- d-----w- c:\program files\Vario11
2008-12-17 22:25 . 2009-01-10 00:54 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-01-10 00:54 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-01-10 00:54 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-01-10 00:54 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-01-10 00:54 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\winnt\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\winnt\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2003-07-28 49152]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WebPrint.exe [2004-4-20 86016]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-6-8 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"dontdisplaylockeduserid"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC
S2 Seagull License Server;Seagull License Server;c:\program files\Seagull\License Server\8.0\SLSSrv.exe [30.8.2007 19:10 2585992]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [8.6.2005 13:04 95744]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [5.6.2008 12:12 3567]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter;c:\winnt\system32\drivers\vnetusbr.sys [6.8.2002 15:38 87168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=192.168.136.119:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: csob.cz\ib24
TCP: {B471A7A6-7E05-4CC6-B180-D816337E561A} = 192.168.136.42,192.168.136.41
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} - hxxp://192.168.137.200/common/NPRemvu.cab
DPF: {e79bc654-8fc6-4bb9-bfb8-8860779ae213}
FF - ProfilePath - c:\documents and settings\vl0427\Application Data\Mozilla\Firefox\Profiles\ijce564f.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-CTHelper - CTHELPER.EXE
AddRemove-WOLAPI - d:\westwood\Internet\UNINSTAP.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 10:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4084)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\winnt\system32\RUNDLL32.EXE
c:\documents and settings\All Users\Start Menu\Programs\Startup\WebPrint.exe
.
**************************************************************************
.
Celkový čas: 2010-01-27 10:59:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 09:59
Před spuštěním: 204 500 992 bytes free
Po spuštění: 386 469 888 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 9CF39B591E4532E79F4300D62EC64A86
Re: Zaplnění systémového disku
OKi
odinstaluj d:\Program Files\Trojan Remover, potom vycisti PC s CCleanerom a nazaver vloz aktualny log RSIT
odinstaluj d:\Program Files\Trojan Remover, potom vycisti PC s CCleanerom a nazaver vloz aktualny log RSIT
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplnění systémového disku
Logfile of random's system information tool 1.06 (written by random/random)
Run by vl0427 at 2010-01-27 11:36:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 721 MB (6%) free of 12 GB
Total RAM: 1023 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:34, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WebPrint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\CCleaner\ccleaner.exe
N:\RSIT.exe
d:\Program Files\Trend Micro\HijackThis\vl0427.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.136.119:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: WebPrint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4571374454
O16 - DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} (NPRemvuPluginControl) - http://192.168.137.200/common/NPRemvu.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {e79bc654-8fc6-4bb9-bfb8-8860779ae213} (Oracle JInitiator 1.1.8.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\Software\..\Telephony: DomainName = tcz.tatung
O17 - HKLM\System\CCS\Services\Tcpip\..\{B471A7A6-7E05-4CC6-B180-D816337E561A}: NameServer = 192.168.136.42,192.168.136.41
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcz.tatung
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Seagull License Server - Unknown owner - C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7072 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll [2005-01-19 446464]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2003-07-28 49152]
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-22 68856]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WebPrint.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1
"dontdisplaylockeduserid"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Synology Assistant\DSAssistant.exe"="C:\Program Files\Synology Assistant\DSAssistant.exe:*:Enabled:Synology Assistant"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Windows\DSAssistant\Application\DSAssistant.exe"="E:\Windows\DSAssistant\Application\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Dude\dudes.exe"="D:\Program Files\Dude\dudes.exe:*:Enabled:dudes"
"D:\Program Files\WinPcap\rpcapd.exe"="D:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"D:\Program Files\Look@LAN\LookAtHost.exe"="D:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST"
"D:\Program Files\Look@LAN\LookAtLan.exe"="D:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
======List of files/folders created in the last 1 months======
2010-01-27 11:32:37 ----D---- C:\Program Files\CCleaner
2010-01-27 11:13:12 ----SHD---- C:\RECYCLER
2010-01-27 10:59:11 ----D---- C:\WINNT\temp
2010-01-27 10:59:07 ----A---- C:\ComboFix.txt
2010-01-27 10:37:47 ----A---- C:\Boot.bak
2010-01-27 10:37:42 ----RASHD---- C:\cmdcons
2010-01-27 10:36:51 ----A---- C:\WINNT\zip.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWXCACLS.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWSC.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWREG.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\sed.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\PEV.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\NIRCMD.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\MBR.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\grep.exe
2010-01-27 10:36:38 ----D---- C:\WINNT\ERDNT
2010-01-27 10:33:50 ----D---- C:\Config.Msi
2010-01-27 10:29:12 ----D---- C:\Qoobox
2010-01-27 09:51:39 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-01-27 09:50:13 ----D---- C:\rsit
2010-01-27 07:12:44 ----HDC---- C:\WINNT\$NtUninstallKB968816_WM9$
2010-01-27 07:12:38 ----HDC---- C:\WINNT\$NtUninstallKB971961$
2010-01-27 07:12:31 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2010-01-27 07:12:07 ----HDC---- C:\WINNT\$NtUninstallKB971657$
2010-01-27 07:11:55 ----HDC---- C:\WINNT\$NtUninstallKB973815$
2010-01-27 07:11:41 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2010-01-27 07:11:25 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2010-01-27 07:11:17 ----HDC---- C:\WINNT\$NtUninstallKB973354$
2010-01-27 07:11:00 ----HDC---- C:\WINNT\$NtUninstallKB956744$
2010-01-27 07:10:49 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2010-01-27 07:10:26 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9$
2010-01-27 07:10:14 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2010-01-27 07:09:52 ----HDC---- C:\WINNT\$NtUninstallKB971633$
2010-01-27 07:09:45 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2010-01-27 07:09:33 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2010-01-27 06:50:02 ----A---- C:\WINNT\system32\wuapi.dll.mui
2010-01-25 17:32:04 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 months======
2010-01-27 11:36:32 ----D---- C:\TEMP
2010-01-27 11:33:51 ----D---- C:\WINNT\Debug
2010-01-27 11:33:51 ----D---- C:\WINNT
2010-01-27 11:32:37 ----RD---- C:\Program Files
2010-01-27 11:28:06 ----D---- C:\Documents and Settings\vl0427\Application Data\Skype
2010-01-27 11:20:12 ----SHD---- C:\WINNT\Installer
2010-01-27 11:20:12 ----D---- C:\WINNT\WinSxS
2010-01-27 11:19:59 ----RSD---- C:\WINNT\assembly
2010-01-27 11:19:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-27 11:19:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-27 11:14:33 ----D---- C:\Documents and Settings\vl0427\Application Data\skypePM
2010-01-27 10:59:12 ----D---- C:\WINNT\system32\drivers
2010-01-27 10:57:50 ----D---- C:\WINNT\system32\CatRoot2
2010-01-27 10:55:19 ----D---- C:\WINNT\Prefetch
2010-01-27 10:54:35 ----A---- C:\WINNT\system.ini
2010-01-27 10:53:34 ----D---- C:\WINNT\system32
2010-01-27 10:53:34 ----D---- C:\Program Files\Sophos
2010-01-27 10:52:18 ----D---- C:\WINNT\system32\config
2010-01-27 10:50:22 ----D---- C:\WINNT\system
2010-01-27 10:50:21 ----D---- C:\Program Files\ICQ6.5
2010-01-27 10:49:21 ----D---- C:\WINNT\AppPatch
2010-01-27 10:49:18 ----D---- C:\Program Files\Common Files
2010-01-27 10:37:47 ----RASH---- C:\boot.ini
2010-01-27 10:36:57 ----N---- C:\WINNT\SchedLgU.Txt
2010-01-27 10:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2010-01-27 09:46:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-27 08:23:48 ----D---- C:\WINNT\Registration
2010-01-27 08:17:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-27 08:09:53 ----D---- C:\Perl
2010-01-27 08:08:08 ----RSD---- C:\WINNT\Fonts
2010-01-27 07:39:22 ----D---- C:\WINNT\Microsoft.NET
2010-01-27 07:33:18 ----RSHDC---- C:\WINNT\system32\dllcache
2010-01-27 07:16:51 ----D---- C:\WINNT\SoftwareDistribution
2010-01-27 07:12:43 ----HD---- C:\WINNT\inf
2010-01-27 07:12:37 ----HD---- C:\WINNT\$hf_mig$
2010-01-27 07:11:19 ----D---- C:\Program Files\Outlook Express
2010-01-27 07:02:14 ----D---- C:\Documents and Settings\vl0427\Application Data\ICQ
2010-01-27 06:50:03 ----D---- C:\WINNT\Help
2010-01-27 06:49:39 ----SD---- C:\WINNT\Downloaded Program Files
2010-01-25 17:59:20 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 17:32:05 ----RD---- C:\Program Files\Skype
2010-01-25 17:32:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-19 14:15:45 ----D---- C:\Program Files\Vario11
2010-01-18 14:34:44 ----A---- C:\WINNT\NeroDigital.ini
2010-01-15 12:03:16 ----D---- C:\Documents and Settings\vl0427\Application Data\Help
2010-01-04 07:17:04 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 Fallback;Fallback; C:\WINNT\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINNT\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINNT\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINNT\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINNT\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINNT\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINNT\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2004-06-23 371376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-10-08 6096]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-10-13 145488]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2004-02-24 904784]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16); C:\WINNT\system32\DRIVERS\hcwPVRP2.sys [2004-10-27 819712]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINNT\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINNT\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-10-08 178672]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 basic2;basic2; C:\WINNT\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2004-02-23 645360]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-10-08 130288]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-10-21 148432]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 hsf_msft;hsf_msft; C:\WINNT\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mbr;mbr; \??\C:\TEMP\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINNT\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINNT\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINNT\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 PortTalk;PortTalk; C:\WINNT\System32\Drivers\PortTalk.sys [2008-06-05 3567]
S3 Rksample;Rksample; C:\WINNT\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINNT\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter; C:\WINNT\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINNT\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINNT\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\system32\nvsvc32.exe [2003-07-28 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-10-07 69632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 Seagull License Server;Seagull License Server; C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe [2007-08-30 2585992]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 182768]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [1998-06-10 95744]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
-----------------EOF-----------------
Run by vl0427 at 2010-01-27 11:36:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 721 MB (6%) free of 12 GB
Total RAM: 1023 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:34, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WebPrint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\CCleaner\ccleaner.exe
N:\RSIT.exe
d:\Program Files\Trend Micro\HijackThis\vl0427.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.136.119:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: WebPrint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4571374454
O16 - DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} (NPRemvuPluginControl) - http://192.168.137.200/common/NPRemvu.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {e79bc654-8fc6-4bb9-bfb8-8860779ae213} (Oracle JInitiator 1.1.8.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\Software\..\Telephony: DomainName = tcz.tatung
O17 - HKLM\System\CCS\Services\Tcpip\..\{B471A7A6-7E05-4CC6-B180-D816337E561A}: NameServer = 192.168.136.42,192.168.136.41
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tcz.tatung
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tcz.tatung
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Seagull License Server - Unknown owner - C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7072 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll [2005-01-19 446464]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-26 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2003-07-28 49152]
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-22 68856]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WebPrint.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1
"dontdisplaylockeduserid"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINNT\system32\sessmgr.exe"="C:\WINNT\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Synology Assistant\DSAssistant.exe"="C:\Program Files\Synology Assistant\DSAssistant.exe:*:Enabled:Synology Assistant"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Windows\DSAssistant\Application\DSAssistant.exe"="E:\Windows\DSAssistant\Application\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Dude\dudes.exe"="D:\Program Files\Dude\dudes.exe:*:Enabled:dudes"
"D:\Program Files\WinPcap\rpcapd.exe"="D:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon"
"D:\Program Files\Look@LAN\LookAtHost.exe"="D:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST"
"D:\Program Files\Look@LAN\LookAtLan.exe"="D:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
======List of files/folders created in the last 1 months======
2010-01-27 11:32:37 ----D---- C:\Program Files\CCleaner
2010-01-27 11:13:12 ----SHD---- C:\RECYCLER
2010-01-27 10:59:11 ----D---- C:\WINNT\temp
2010-01-27 10:59:07 ----A---- C:\ComboFix.txt
2010-01-27 10:37:47 ----A---- C:\Boot.bak
2010-01-27 10:37:42 ----RASHD---- C:\cmdcons
2010-01-27 10:36:51 ----A---- C:\WINNT\zip.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWXCACLS.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWSC.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\SWREG.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\sed.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\PEV.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\NIRCMD.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\MBR.exe
2010-01-27 10:36:51 ----A---- C:\WINNT\grep.exe
2010-01-27 10:36:38 ----D---- C:\WINNT\ERDNT
2010-01-27 10:33:50 ----D---- C:\Config.Msi
2010-01-27 10:29:12 ----D---- C:\Qoobox
2010-01-27 09:51:39 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-01-27 09:50:13 ----D---- C:\rsit
2010-01-27 07:12:44 ----HDC---- C:\WINNT\$NtUninstallKB968816_WM9$
2010-01-27 07:12:38 ----HDC---- C:\WINNT\$NtUninstallKB971961$
2010-01-27 07:12:31 ----HDC---- C:\WINNT\$NtUninstallKB956844$
2010-01-27 07:12:07 ----HDC---- C:\WINNT\$NtUninstallKB971657$
2010-01-27 07:11:55 ----HDC---- C:\WINNT\$NtUninstallKB973815$
2010-01-27 07:11:41 ----HDC---- C:\WINNT\$NtUninstallKB960859$
2010-01-27 07:11:25 ----HDC---- C:\WINNT\$NtUninstallKB973507$
2010-01-27 07:11:17 ----HDC---- C:\WINNT\$NtUninstallKB973354$
2010-01-27 07:11:00 ----HDC---- C:\WINNT\$NtUninstallKB956744$
2010-01-27 07:10:49 ----HDC---- C:\WINNT\$NtUninstallKB973869$
2010-01-27 07:10:26 ----HDC---- C:\WINNT\$NtUninstallKB973540_WM9$
2010-01-27 07:10:14 ----HDC---- C:\WINNT\$NtUninstallKB971557$
2010-01-27 07:09:52 ----HDC---- C:\WINNT\$NtUninstallKB971633$
2010-01-27 07:09:45 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2010-01-27 07:09:33 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2010-01-27 06:50:02 ----A---- C:\WINNT\system32\wuapi.dll.mui
2010-01-25 17:32:04 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 months======
2010-01-27 11:36:32 ----D---- C:\TEMP
2010-01-27 11:33:51 ----D---- C:\WINNT\Debug
2010-01-27 11:33:51 ----D---- C:\WINNT
2010-01-27 11:32:37 ----RD---- C:\Program Files
2010-01-27 11:28:06 ----D---- C:\Documents and Settings\vl0427\Application Data\Skype
2010-01-27 11:20:12 ----SHD---- C:\WINNT\Installer
2010-01-27 11:20:12 ----D---- C:\WINNT\WinSxS
2010-01-27 11:19:59 ----RSD---- C:\WINNT\assembly
2010-01-27 11:19:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-27 11:19:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-27 11:14:33 ----D---- C:\Documents and Settings\vl0427\Application Data\skypePM
2010-01-27 10:59:12 ----D---- C:\WINNT\system32\drivers
2010-01-27 10:57:50 ----D---- C:\WINNT\system32\CatRoot2
2010-01-27 10:55:19 ----D---- C:\WINNT\Prefetch
2010-01-27 10:54:35 ----A---- C:\WINNT\system.ini
2010-01-27 10:53:34 ----D---- C:\WINNT\system32
2010-01-27 10:53:34 ----D---- C:\Program Files\Sophos
2010-01-27 10:52:18 ----D---- C:\WINNT\system32\config
2010-01-27 10:50:22 ----D---- C:\WINNT\system
2010-01-27 10:50:21 ----D---- C:\Program Files\ICQ6.5
2010-01-27 10:49:21 ----D---- C:\WINNT\AppPatch
2010-01-27 10:49:18 ----D---- C:\Program Files\Common Files
2010-01-27 10:37:47 ----RASH---- C:\boot.ini
2010-01-27 10:36:57 ----N---- C:\WINNT\SchedLgU.Txt
2010-01-27 10:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2010-01-27 09:46:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-27 08:23:48 ----D---- C:\WINNT\Registration
2010-01-27 08:17:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-27 08:09:53 ----D---- C:\Perl
2010-01-27 08:08:08 ----RSD---- C:\WINNT\Fonts
2010-01-27 07:39:22 ----D---- C:\WINNT\Microsoft.NET
2010-01-27 07:33:18 ----RSHDC---- C:\WINNT\system32\dllcache
2010-01-27 07:16:51 ----D---- C:\WINNT\SoftwareDistribution
2010-01-27 07:12:43 ----HD---- C:\WINNT\inf
2010-01-27 07:12:37 ----HD---- C:\WINNT\$hf_mig$
2010-01-27 07:11:19 ----D---- C:\Program Files\Outlook Express
2010-01-27 07:02:14 ----D---- C:\Documents and Settings\vl0427\Application Data\ICQ
2010-01-27 06:50:03 ----D---- C:\WINNT\Help
2010-01-27 06:49:39 ----SD---- C:\WINNT\Downloaded Program Files
2010-01-25 17:59:20 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 17:32:05 ----RD---- C:\Program Files\Skype
2010-01-25 17:32:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-19 14:15:45 ----D---- C:\Program Files\Vario11
2010-01-18 14:34:44 ----A---- C:\WINNT\NeroDigital.ini
2010-01-15 12:03:16 ----D---- C:\Documents and Settings\vl0427\Application Data\Help
2010-01-04 07:17:04 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 Fallback;Fallback; C:\WINNT\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINNT\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINNT\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINNT\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 PfModNT;PfModNT; \??\C:\WINNT\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINNT\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINNT\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINNT\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2004-06-23 371376]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-10-08 6096]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-10-13 145488]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2004-02-24 904784]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16); C:\WINNT\system32\DRIVERS\hcwPVRP2.sys [2004-10-27 819712]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINNT\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINNT\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-10-08 178672]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 basic2;basic2; C:\WINNT\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2004-02-23 645360]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-10-08 130288]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-10-21 148432]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2005-10-22 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2005-10-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 hsf_msft;hsf_msft; C:\WINNT\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mbr;mbr; \??\C:\TEMP\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINNT\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINNT\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINNT\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 PortTalk;PortTalk; C:\WINNT\System32\Drivers\PortTalk.sys [2008-06-05 3567]
S3 Rksample;Rksample; C:\WINNT\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINNT\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter; C:\WINNT\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINNT\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINNT\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 Wdf01000;Wdf01000; C:\WINNT\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\SQL\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINNT\system32\nvsvc32.exe [2003-07-28 77824]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2004-10-07 69632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 Seagull License Server;Seagull License Server; C:\Program Files\Seagull\License Server\8.0\SLSSrv.exe [2007-08-30 2585992]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 182768]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OracleClientCache80;OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [1998-06-10 95744]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
-----------------EOF-----------------
Re: Zaplnění systémového disku
no fajn, prescanuj PC s CureIT - uplna kontrola
potom doinstaluj antivir
potom doinstaluj antivir
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Zaplnění systémového disku
Ok, díky.
Jen mám ted problem že nemohu spustit updaty windows, s chybou Error number: 0x8007041D
A Službu automaticke updaty nemohu spustit. 'Could not start Automatic Updates on Local computer, Error 126: The specified module could not be found'
Máš prosím tušení?
Jen mám ted problem že nemohu spustit updaty windows, s chybou Error number: 0x8007041D
A Službu automaticke updaty nemohu spustit. 'Could not start Automatic Updates on Local computer, Error 126: The specified module could not be found'
Máš prosím tušení?
Re: Zaplnění systémového disku
MSIE: Internet Explorer v6.00 SP3 skus up-datnut na verziu 7 alebo 8
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?