Pomale otevirani adresaru - perfdisk.dll

matthew72 · Příspěvekod **matthew72** » 18 led 2010 12:34

Tak scan v podstate nic nenasel. Hlasil jako pravdepodobny vir jen Combofix a pak AdsGone - utilitka na potlaceni vyskakovani popUp oknen.
Pripojovani na sdileny disk je porad neskutecne pomale... :-(

Reklama

Damned · Příspěvekod **Damned** » 19 led 2010 15:34

Stáhni si knihovnu comres z http://www.dll-files.com/dllindex/dll-files.shtml?comres a vlož jí na disk "C:".

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\program files\qeiejdus.txt

FCopy::
C:\comres.dll | C:\winnt\system32\comres.dll

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu a popiš chování PC.

matthew72 · Příspěvekod **matthew72** » 20 led 2010 08:23

Chovani PC zustava stejne. V prohlizeci udalosti je stale se opakujici hlaska:
Chyba Perflib: Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení volání velice zaneprázdněn.

Log:
ComboFix 10-01-19.03 - Martin 20.01.2010 7:52.3.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.2047.1316 [GMT 1:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\program files\qeiejdus.txt"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\qeiejdus.txt

.
--------------- FCopy ---------------

c:\comres.dll --> c:\winnt\system32\comres.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 06:52 . 2009-04-07 16:58 792064 ----a-w- c:\winnt\system32\comres.dll
2010-01-20 06:51 . 2010-01-20 06:51 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_3b0.dat
2010-01-20 06:48 . 2009-04-07 16:58 792064 ------w- C:\comres.dll
2010-01-18 12:38 . 2010-01-18 12:38 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_278.dat
2010-01-15 12:26 . 2010-01-15 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 10:52 . 2010-01-15 11:23 -------- d-----w- c:\documents and settings\Martin\DoctorWeb
2010-01-15 08:40 . 2010-01-15 14:29 -------- d-----w- c:\program files\trend micro
2010-01-15 07:35 . 2008-07-17 06:40 107264 ----a-r- c:\winnt\system32\drivers\Rtnic.sys
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\winnt\OPTIONS
2010-01-15 07:20 . 2010-01-15 07:20 -------- d-----w- c:\program files\Realtek
2010-01-15 07:18 . 2008-07-16 14:35 9728 ----a-r- c:\winnt\system32\RtNicProp32.dll
2009-12-29 12:37 . 2009-12-29 12:37 -------- d-----w- c:\winnt\system32\TVUAx
2009-12-23 10:06 . 2009-12-23 11:05 -------- d-----w- c:\program files\HQ ONLINE TV
2009-12-22 08:07 . 2009-12-22 08:10 -------- d-----w- C:\$AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:30 . 2009-06-05 08:32 -------- d-----w- c:\program files\Lavasoft
2010-01-15 07:20 . 2004-06-17 15:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 09:40 . 2008-10-24 06:11 -------- d-----w- c:\program files\Google
2010-01-14 09:19 . 2004-09-06 14:48 -------- d-----w- c:\program files\Seznam DVD
2010-01-14 09:19 . 2008-03-17 07:26 -------- d-----w- c:\program files\QIP
2010-01-14 09:16 . 2004-07-03 18:47 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-14 09:14 . 2006-03-20 12:14 -------- d-----w- c:\program files\Axis Communications
2010-01-14 09:14 . 2007-09-26 08:06 -------- d-----w- c:\program files\BitTorrent
2010-01-13 16:01 . 2009-11-19 13:56 -------- d---a-w- c:\program files\JDownloader
2010-01-13 12:44 . 2006-06-07 12:07 -------- d-----w- c:\program files\QuickTime
2009-12-23 11:05 . 2008-08-19 12:22 -------- d-----w- c:\program files\Kapesní slovník
2009-12-22 08:41 . 2009-05-29 09:20 360584 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2009-12-22 08:41 . 2009-05-29 09:20 12464 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-12-22 08:41 . 2006-10-12 14:11 28424 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 333192 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-12-22 08:41 . 2009-05-29 09:20 161800 ----a-w- c:\winnt\system32\drivers\avgrkx86.sys
2009-12-22 08:06 . 2009-05-29 09:20 -------- d-----w- c:\program files\AVG
2009-12-16 13:46 . 2009-12-16 13:46 -------- d-----w- c:\program files\ZAV1
2009-12-15 10:10 . 2009-12-15 10:10 -------- d-----w- c:\program files\PowerISO
2009-12-11 09:20 . 2009-12-11 09:20 -------- d-----w- c:\program files\TeamViewer
2009-11-25 07:22 . 2009-11-25 07:22 -------- d-----w- c:\program files\Common Files\Skype
2009-11-25 07:22 . 2006-09-08 10:31 -------- d-----r- c:\program files\Skype
2009-11-20 07:04 . 2009-11-20 07:04 288528 ----a-w- c:\winnt\AppPatch\aclayers.dll
2009-11-19 13:56 . 2009-11-19 13:56 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-10-27 14:00 . 2009-10-27 14:00 579072 ------w- c:\winnt\system32\WININET.DLL
2004-06-17 14:54 . 2004-06-17 14:54 22034 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2002-08-26 20752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"PtiuPbmd"="Ptipbm.dll" [2003-01-21 98304]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-05-26 81920]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 188688]
"ICQ Lite"="c:\progra~1\ICQLite\ICQLite.exe" [2006-05-07 3139164]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
2006-11-13 14:49 16168 ----a-w- c:\winnt\system32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:41 12464 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BTTray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BTTray.lnk
backup=c:\winnt\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
backup=c:\winnt\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^Svátky a narozeniny.lnk]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\Svátky a narozeniny.lnk
backup=c:\winnt\pss\Svátky a narozeniny.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-02-06 23:03 114741 ----a-w- c:\winnt\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-05-07 16:49 3139164 ----a-w- c:\program files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-07 12:10 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-12-13 00:50 33792 ----a-w- c:\program files\Winamp\winampa.exe

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [29.5.2009 10:20 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [29.5.2009 10:20 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [29.5.2009 10:20 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.12.2009 9:41 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.12.2009 9:41 285392]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\winnt\system32\drivers\NtApm.sys [17.6.2004 16:47 9136]
R3 usbhub20;Podpora rozbočovače sběrnice USB;c:\winnt\system32\drivers\usbhub20.sys [17.6.2004 16:46 49776]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys --> c:\winnt\system32\DRIVERS\Lbd.sys [?]
S2 I-DEAS 9 Open I-DEAS Server;I-DEAS 9 Open I-DEAS Server;i:\ideas\ms9\Iona\bin\orbixd.exe -b --> i:\ideas\ms9\Iona\bin\orbixd.exe -b [?]
S2 I-DEAS License Manager 9.0;I-DEAS License Manager 9.0;i:\ideas\ms9\sec\lmgrd.exe --> i:\ideas\ms9\sec\lmgrd.exe [?]
S3 usb_rndisy;USB RNDIS Adapter;c:\winnt\system32\drivers\usb8023y.sys [8.3.2006 8:57 14336]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller;c:\winnt\system32\drivers\yk50x86.sys [9.11.2007 10:31 243712]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.amtek.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
LSP: %SystemRoot%\system32\msafd.dll
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.cz/s/v/58.10/uploader2.cab
DPF: {4ADC518E-B607-11D4-B395-0001020F4519} - hxxps://ib24.csob.cz/Comp/signer.cab
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.242.34.63:8083/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\3w1nst7t.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 07:57
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(240)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Celkový čas: 2010-01-20 07:59:24
ComboFix-quarantined-files.txt 2010-01-20 06:59
ComboFix2.txt 2010-01-15 14:28
ComboFix3.txt 2010-01-15 13:05

Před spuštěním: 8 485 883 904
Po spuštění: 8 572 215 296

- - End Of File - - C5EE4F4017286D5AC8BDDDAAF785AEDA

Damned · Příspěvekod **Damned** » 20 led 2010 09:17

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINNT\system32\perfdisk.dll

matthew72 · Příspěvekod **matthew72** » 20 led 2010 10:13

http://www.virustotal.com/cs/analisis/7 ... 1263978649

matthew72 · Příspěvekod **matthew72** » 25 led 2010 08:57

Takze dal uz neni cesta? :-(

Damned · Příspěvekod **Damned** » 25 led 2010 09:37

Si mi nějak vypadl, sorry.

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

matthew72 · Příspěvekod **matthew72** » 25 led 2010 10:18

OTL:
OTL logfile created on: 25.1.2010 10:15:20 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Martin\Plocha
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 8,10 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 62,51 Gb Total Space | 55,58 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 9,28 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,95 Gb Total Space | 0,87 Gb Free Space | 44,41% Space Free | Partition Type: NTFS
Drive J: | 48,83 Gb Total Space | 42,68 Gb Free Space | 87,40% Space Free | Partition Type: NTFS
Drive K: | 274,92 Gb Total Space | 45,36 Gb Free Space | 16,50% Space Free | Partition Type: NTFS
Drive Z: | 41,47 Gb Total Space | 1,63 Gb Free Space | 3,92% Space Free | Partition Type: NTFS

Computer Name: KOPLET01
Current User Name: Martin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Martin\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\mstask.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\internat.exe (Microsoft Corporation)
PRC - i:\ideas\ms9\Iona\bin\orbixd.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Martin\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINNT\system32\lz32.dll (Microsoft Corporation)
MOD - C:\WINNT\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINNT\system32\indicdll.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (I-DEAS License Manager 9.0) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (NVSvc) -- C:\WINNT\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Schedule) -- C:\WINNT\system32\mstask.exe (Microsoft Corporation)
SRV - (WinMgmt) -- C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (Fax) -- C:\WINNT\system32\faxsvc.exe (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (HidServ) -- C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINNT\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (I-DEAS 9 Open I-DEAS Server) -- i:\ideas\ms9\Iona\bin\orbixd.exe ()

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINNT\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINNT\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RTL8023) -- C:\WINNT\system32\drivers\Rtnic.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCDEmu) -- C:\WINNT\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (yukonw2k) -- C:\WINNT\system32\drivers\yk50x86.sys (Marvell)
DRV - (usb_rndisy) -- C:\WINNT\system32\drivers\usb8023y.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINNT\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (AFS2K) -- C:\WINNT\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (Cdr4_2K) -- C:\WINNT\system32\drivers\cdr4_2K.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINNT\system32\drivers\cdralw2k.sys (Roxio)
DRV - (PxHelp20) -- C:\WINNT\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (dmboot) -- C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (dmio) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (Parallel) -- C:\WINNT\system32\drivers\parallel.sys (Microsoft Corporation)
DRV - (EFS) -- C:\WINNT\system32\drivers\efs.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINNT\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Diskperf) -- C:\WINNT\system32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (uhcd) -- C:\WINNT\system32\drivers\uhcd.sys (Microsoft Corporation)
DRV - (symc8xx) -- C:\WINNT\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (UlSata) -- C:\WINNT\system32\DRIVERS\ulsata.sys (Promise Technology, Inc.)
DRV - (pfc) -- C:\WINNT\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (MSDV) -- C:\WINNT\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINNT\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (tfsnudfa) -- C:\WINNT\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINNT\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINNT\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINNT\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINNT\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINNT\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINNT\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINNT\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINNT\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINNT\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINNT\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINNT\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINNT\system32\DRIVERS\drvmcdb.sys (Sonic Solutions)
DRV - (BTWUSB) -- C:\WINNT\system32\drivers\btwusb.sys ()
DRV - (BTWDNDIS) -- C:\WINNT\system32\drivers\btwdndis.sys ()
DRV - (BTSLBCSP) -- C:\WINNT\system32\drivers\btslbcsp.sys ()
DRV - (BTSERIAL) -- C:\WINNT\system32\drivers\btserial.sys ()
DRV - (BTDriver) -- C:\WINNT\system32\drivers\btport.sys ()
DRV - (BTKRNL) -- C:\WINNT\system32\drivers\btkrnl.sys ()
DRV - (BtAudio) -- C:\WINNT\system32\drivers\btaudio.sys ()
DRV - (RCA) -- C:\WINNT\system32\drivers\rca.sys (Microsoft Corporation)
DRV - (NetDetect) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
DRV - (ROOTMODEM) -- C:\WINNT\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (NtApm) -- C:\WINNT\system32\drivers\NtApm.sys (Microsoft Corporation)
DRV - (ENTECH) -- C:\WINNT\system32\drivers\Entech.sys (EnTech Taiwan)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\SHDOCVW.DLL (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.amtek.cz:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..network.proxy.ftp: "proxy.amtek.cz"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy.amtek.cz"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy.amtek.cz"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.amtek.cz"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.amtek.cz"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009.12.22 13:11:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.11.19 14:56:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.20 08:43:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.22 10:02:32 | 00,000,000 | ---D | M]

[2009.09.16 10:47:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\Mozilla\Extensions
[2009.09.16 10:47:05 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.01.21 08:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\3w1nst7t.default\extensions
[2010.01.22 09:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.20 08:43:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.19 14:56:31 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.12.22 18:43:31 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.12.22 18:43:31 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008.03.19 18:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009.11.19 14:56:18 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008.10.30 15:55:52 | 00,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2009.12.22 18:43:31 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.12.21 18:34:06 | 00,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2006.06.07 13:10:01 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.12.22 04:24:43 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.12.22 04:24:43 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.12.22 04:24:43 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.12.22 04:24:43 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.12.22 04:24:43 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.12.22 04:24:43 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.01.18 13:45:57 | 00,000,055 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.16.203.6 fileserver
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Společnost Microsoft)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [PtiuPbmd] C:\WINNT\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [internat.exe] C:\WINNT\System32\internat.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx (InstaFred)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.cz/s/v/58.10/uploader2.cab (UploadListView Class)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.cz/Comp/signer.cab (SigVer Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://host13.nwt.cz/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx (Ovládací prvek AcDcToday)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} http://playroom.icq.com/odyssey_web11.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://212.111.0.70/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://80.242.34.63:8083/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx (Prvek AcPreview)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.231.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\INETCOMM.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ActiveSync: DllName - WcesWlgn.dll - C:\WINNT\System32\WcesWlgn.dll (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\CRYPT32.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\CRYPTNET.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\netshell.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\BROWSEUI.DLL (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINNT\system32\BROWSEUI.DLL (Společnost Microsoft)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\Windows 2000.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Martin\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\SHELL32.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\SCHANNEL.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.01.25 10:10:34 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martin\Plocha\OTL.exe
[2010.01.20 10:04:58 | 12,109,496 | ---- | C] (ICQ) -- C:\Documents and Settings\Martin\Plocha\install_icq7.exe
[2010.01.20 09:37:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010.01.20 07:48:24 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\comres.dll
[2010.01.15 14:05:36 | 00,000,000 | ---D | C] -- C:\WINNT\temp
[2010.01.15 13:26:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.01.15 11:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Martin\DoctorWeb
[2010.01.15 11:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Data aplikací\Malwarebytes
[2010.01.15 11:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.01.15 11:30:28 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010.01.15 09:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.01.15 08:35:35 | 00,107,264 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINNT\System32\drivers\Rtnic.sys
[2010.01.15 08:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.01.15 08:20:30 | 00,000,000 | ---D | C] -- C:\WINNT\OPTIONS
[2010.01.15 08:20:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Data aplikací\InstallShield
[2010.01.15 08:18:43 | 00,009,728 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINNT\System32\RtNicProp32.dll
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.01.25 10:12:08 | 02,748,416 | -H-- | M] () -- C:\Documents and Settings\Martin\NTUSER.DAT
[2010.01.25 10:10:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\Plocha\OTL.exe
[2010.01.25 08:43:04 | 00,002,252 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.01.25 07:28:17 | 54,629,020 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010.01.25 07:24:12 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010.01.25 07:24:01 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2010.01.22 13:51:43 | 00,020,480 | ---- | M] () -- C:\KAROLÍNKA22.doc
[2010.01.22 13:21:52 | 00,004,226 | ---- | M] () -- C:\WINNT\wincmd.ini
[2010.01.22 10:02:33 | 00,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.01.22 09:28:41 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.01.22 08:26:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Martin\ntuser.ini
[2010.01.20 10:50:47 | 00,000,446 | ---- | M] () -- C:\Documents and Settings\Martin\Plocha\Zástupce - Archív čísel skupin + změn.lnk
[2010.01.20 10:04:58 | 12,109,496 | ---- | M] (ICQ) -- C:\Documents and Settings\Martin\Plocha\install_icq7.exe
[2010.01.20 08:43:29 | 00,001,521 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.01.20 08:41:13 | 00,013,261 | ---- | M] () -- C:\Documents and Settings\Martin\Plocha\Bookmarks.html
[2010.01.20 07:57:44 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010.01.19 23:50:03 | 00,142,495 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2010.01.18 13:45:57 | 00,000,055 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010.01.18 09:51:42 | 00,000,192 | ---- | M] () -- C:\WINNT\winamp.ini
[2010.01.14 16:28:48 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Martin\Plocha\testík.xls
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.25 07:24:01 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2010.01.22 13:51:42 | 00,020,480 | ---- | C] () -- C:\KAROLÍNKA22.doc
[2010.01.22 10:02:33 | 00,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.01.20 08:41:13 | 00,013,261 | ---- | C] () -- C:\Documents and Settings\Martin\Plocha\Bookmarks.html
[2010.01.14 16:28:48 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Martin\Plocha\testík.xls
[2009.01.14 08:15:24 | 00,000,000 | ---- | C] () -- C:\WINNT\eDrawingOfficeAutomator.INI
[2008.08.11 12:16:56 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Data aplikací\$_hpcst$.hpc
[2008.05.26 15:06:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2008.05.26 15:06:00 | 01,486,848 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2008.05.26 15:06:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2008.05.26 15:06:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2008.05.26 15:06:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2008.04.09 07:33:30 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2007.07.01 18:50:16 | 00,064,976 | ---- | C] () -- C:\WINNT\System32\PDFreDirectMonNT.dll
[2007.01.06 12:10:39 | 00,004,153 | ---- | C] () -- C:\WINNT\Ascd_tmp.ini
[2006.10.18 12:41:51 | 00,060,416 | ---- | C] () -- C:\WINNT\System32\drivers\bqdcqimy.sys
[2006.04.20 10:17:03 | 00,001,632 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini
[2006.03.17 14:53:28 | 00,135,168 | ---- | C] () -- C:\WINNT\System32\RtlCPAPI.dll
[2005.12.14 15:54:20 | 00,007,912 | ---- | C] () -- C:\WINNT\System32\ractrlkeyhook.dll
[2005.09.27 08:57:38 | 00,000,000 | ---- | C] () -- C:\WINNT\mpegableX4live.INI
[2005.07.14 15:03:39 | 00,065,076 | R--- | C] () -- C:\WINNT\System32\drivers\btwusb.sys
[2005.07.14 15:03:39 | 00,017,388 | R--- | C] () -- C:\WINNT\System32\drivers\frmupgr.sys
[2005.06.03 12:40:14 | 00,007,712 | ---- | C] () -- C:\WINNT\DESIGNJT.INI
[2005.04.27 06:36:14 | 00,002,903 | ---- | C] () -- C:\WINNT\System32\gah95on6.ini
[2005.04.27 06:36:14 | 00,000,035 | ---- | C] () -- C:\WINNT\System32\70tovmto.ini
[2005.04.27 06:36:13 | 00,000,035 | ---- | C] () -- C:\WINNT\System32\bln02nqv.ini
[2005.03.10 14:21:55 | 00,000,026 | ---- | C] () -- C:\WINNT\calcpslab.ini
[2005.02.28 08:53:14 | 00,000,112 | ---- | C] () -- C:\WINNT\ActiveSkin.INI
[2005.02.18 14:23:42 | 00,000,074 | ---- | C] () -- C:\WINNT\pslabeler.ini
[2005.01.05 20:11:12 | 00,679,936 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2005.01.05 20:11:11 | 00,344,064 | ---- | C] () -- C:\WINNT\System32\xvid.dll
[2005.01.05 20:11:10 | 00,921,600 | ---- | C] () -- C:\WINNT\System32\VorbisEnc.dll
[2005.01.05 20:11:10 | 00,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
[2005.01.05 20:11:10 | 00,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2005.01.05 20:11:10 | 00,155,136 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2005.01.05 20:11:09 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2004.11.08 16:42:15 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004.09.14 14:52:58 | 00,021,701 | R--- | C] () -- C:\WINNT\System32\drivers\btaudio.sys
[2004.08.18 08:35:11 | 00,000,093 | ---- | C] () -- C:\WINNT\ccolwiz.ini
[2004.07.30 07:47:52 | 00,000,192 | ---- | C] () -- C:\WINNT\winamp.ini
[2004.07.03 19:47:11 | 00,004,589 | ---- | C] () -- C:\WINNT\hpdj3600.ini
[2004.06.28 13:41:05 | 00,000,022 | ---- | C] () -- C:\WINNT\exchng.ini
[2004.06.28 13:41:04 | 00,000,611 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004.06.28 13:35:11 | 00,000,169 | ---- | C] () -- C:\WINNT\RtlRack.ini
[2004.06.17 18:44:44 | 00,000,138 | ---- | C] () -- C:\WINNT\wininit.ini
[2004.06.17 16:13:02 | 00,005,824 | ---- | C] () -- C:\WINNT\System32\drivers\ASUSHWIO.SYS
[2004.06.17 16:01:26 | 00,004,226 | ---- | C] () -- C:\WINNT\wincmd.ini
[2004.06.17 15:54:10 | 00,022,034 | -H-- | C] () -- C:\Program Files\folder.htt
[2004.06.17 08:43:08 | 00,003,972 | ---- | C] () -- C:\WINNT\System32\drivers\PciBus.sys
[2003.01.16 06:12:38 | 00,462,848 | R--- | C] () -- C:\WINNT\System32\WidcommSdk.dll
[2003.01.16 06:12:38 | 00,368,701 | R--- | C] () -- C:\WINNT\System32\wbtapi.dll
[2003.01.16 06:12:32 | 01,802,240 | R--- | C] () -- C:\WINNT\System32\lcppn21.dll
[2003.01.16 06:12:30 | 00,102,400 | R--- | C] () -- C:\WINNT\System32\BTXPPanel.dll
[2003.01.16 06:12:30 | 00,024,576 | R--- | C] () -- C:\WINNT\System32\BtXpShell.dll
[2003.01.16 06:12:28 | 00,720,896 | R--- | C] () -- C:\WINNT\System32\BtWizard.dll
[2003.01.16 06:12:28 | 00,144,608 | R--- | C] () -- C:\WINNT\System32\drivers\btwdndis.sys
[2003.01.16 06:12:28 | 00,040,960 | R--- | C] () -- C:\WINNT\System32\btwpimif.dll
[2003.01.16 06:12:26 | 00,222,164 | R--- | C] () -- C:\WINNT\System32\drivers\btslbcsp.sys
[2003.01.16 06:12:24 | 00,143,360 | R--- | C] () -- C:\WINNT\System32\btsendto_office.dll
[2003.01.16 06:12:24 | 00,094,208 | R--- | C] () -- C:\WINNT\System32\btsendto.dll
[2003.01.16 06:12:24 | 00,061,440 | R--- | C] () -- C:\WINNT\System32\btsendto_wab.dll
[2003.01.16 06:12:24 | 00,049,152 | R--- | C] () -- C:\WINNT\System32\btsendto_notes.dll
[2003.01.16 06:12:24 | 00,040,960 | R--- | C] () -- C:\WINNT\System32\btsec.dll
[2003.01.16 06:12:24 | 00,022,119 | R--- | C] () -- C:\WINNT\System32\drivers\btserial.sys
[2003.01.16 06:12:22 | 02,166,784 | R--- | C] () -- C:\WINNT\System32\btrez.dll
[2003.01.16 06:12:20 | 00,114,688 | R--- | C] () -- C:\WINNT\System32\btosif_olx.dll
[2003.01.16 06:12:20 | 00,065,536 | R--- | C] () -- C:\WINNT\System32\btprn2k.dll
[2003.01.16 06:12:20 | 00,030,043 | R--- | C] () -- C:\WINNT\System32\drivers\btport.sys
[2003.01.16 06:12:18 | 00,757,837 | R--- | C] () -- C:\WINNT\System32\BTNeighborhood.dll
[2003.01.16 06:12:18 | 00,143,360 | R--- | C] () -- C:\WINNT\System32\btosif_ol.dll
[2003.01.16 06:12:18 | 00,135,168 | R--- | C] () -- C:\WINNT\System32\btosif_notes.dll
[2003.01.16 06:12:18 | 00,098,304 | R--- | C] () -- C:\WINNT\System32\btosif.dll
[2003.01.16 06:12:18 | 00,065,536 | R--- | C] () -- C:\WINNT\System32\BTNCopy.dll
[2003.01.16 06:12:16 | 01,149,978 | R--- | C] () -- C:\WINNT\System32\drivers\btkrnl.sys
[2003.01.16 06:12:14 | 00,212,992 | R--- | C] () -- C:\WINNT\System32\btins.dll
[2003.01.16 06:12:12 | 00,184,320 | R--- | C] () -- C:\WINNT\System32\btcss.dll
[2003.01.16 06:12:12 | 00,135,168 | R--- | C] () -- C:\WINNT\System32\btbigbmp.dll
[2003.01.16 06:12:12 | 00,094,208 | R--- | C] () -- C:\WINNT\System32\bthcrpui.dll
[2003.01.16 06:12:12 | 00,086,016 | R--- | C] () -- C:\WINNT\System32\bthcrp.dll
[2003.01.16 06:12:12 | 00,032,768 | R--- | C] () -- C:\WINNT\System32\btdev.dll
[2003.01.16 06:12:10 | 00,090,112 | R--- | C] () -- C:\WINNT\System32\bt2k_ins.dll
[2003.01.16 06:12:10 | 00,061,440 | R--- | C] () -- C:\WINNT\System32\BtAudioHelper.dll
[2002.08.26 01:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002.08.26 01:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2002.08.26 01:00:00 | 00,013,155 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2002.08.26 01:00:00 | 00,003,028 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002.08.26 01:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2002.05.24 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINNT\System32\lockout.dll
[2001.08.14 10:47:08 | 00,020,480 | ---- | C] () -- C:\WINNT\System32\vxpsapi.dll
[1999.09.25 19:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999.09.25 19:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1997.09.30 23:00:00 | 00,093,456 | ---- | C] () -- C:\WINNT\System32\GAPI32.DLL
[1997.09.30 23:00:00 | 00,031,232 | ---- | C] () -- C:\WINNT\System32\XLREC.DLL
[1997.09.30 23:00:00 | 00,025,600 | ---- | C] () -- C:\WINNT\System32\RECNCL.DLL
[1997.09.30 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997.09.30 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[1997.09.30 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL
[1997.09.30 23:00:00 | 00,011,776 | ---- | C] () -- C:\WINNT\System32\VACS232.DLL
[1997.09.30 23:00:00 | 00,006,976 | ---- | C] () -- C:\WINNT\System32\CMC.DLL

========== LOP Check ==========

[2009.12.22 09:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2008.11.07 12:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SMSFree
[2009.12.22 09:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2004.10.14 14:12:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\Autodesk
[2006.07.11 14:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\Avant Browser
[2008.09.29 13:15:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\cadenas
[2009.01.14 08:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\EDrawings
[2004.10.06 13:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\ICQLite
[2004.11.30 08:18:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\IrfanView
[2004.06.28 15:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\Leadertech
[2008.09.10 08:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\PDF reDirect
[2006.04.20 10:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\PTC
[2009.12.16 13:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Data aplikací\TeamViewer

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2007.10.17 09:07:16 | 00,000,045 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\䕎
[2007.10.17 09:07:16 | 00,000,045 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\䕎
[2004.10.04 07:22:04 | 00,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\＀
[2004.10.04 07:22:04 | 00,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\＀

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\WINNT\System32\Oemlogo.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINNT\System32\Oeminfo.ini:KAVICHS
< End of report >

matthew72 · Příspěvekod **matthew72** » 25 led 2010 10:19

Extras:

OTL Extras logfile created on: 25.1.2010 10:15:20 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Martin\Plocha
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 8,10 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 62,51 Gb Total Space | 55,58 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 9,28 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,95 Gb Total Space | 0,87 Gb Free Space | 44,41% Space Free | Partition Type: NTFS
Drive J: | 48,83 Gb Total Space | 42,68 Gb Free Space | 87,40% Space Free | Partition Type: NTFS
Drive K: | 274,92 Gb Total Space | 45,36 Gb Free Space | 16,50% Space Free | Partition Type: NTFS
Drive Z: | 41,47 Gb Total Space | 1,63 Gb Free Space | 3,92% Space Free | Partition Type: NTFS

Computer Name: KOPLET01
Current User Name: Martin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
htmlfile [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
htmlfile [opennew] -- "C:\Program Files\Mozilla Firefox\firefox.exe" (Mozilla Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 File not found
InternetShortcut [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{080AA7F5-AC04-4FC1-9D66-B0CDC38A7D51}" = PTC ProductView Express - Wildfire 2.0 (M180)
"{0F51A262-1ADF-4914-B448-78AC58C4178A}" = MSI Bluetooth Software
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27605537-BB93-11D6-ACC9-00C04F791ACB}" = Pro/ENGINEER 2001 [2002310]
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2F6DA398-707F-4D52-AE6A-7E812D1662D6}" = MioTransfer
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Sonic Simple Backup
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A85397C-D086-4C7A-AF97-8CC33F41C872}" = ROUTE 66 Route 2003
"{6F716DAC-398F-11D3-85E1-005004838609}" = WebFldrs
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{80296B20-BDEA-4BE7-8C4D-8605F09AF427}_is1" = IS IMPULS 32 ver 4.9.24
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A5BB72E8-1DFC-452E-A65F-2EB3D92D7772}" = SolidWorks eDrawings 2009
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3 - Czech
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anglicko-český slovník pro PocketPC" = Anglicko-český slovník pro PocketPC
"AVG9Uninstall" = AVG 9.0
"BDE5" = BDE5
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"ClickBall Freeware Edition" = ClickBall Freeware Edition
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.3
"HijackThis" = HijackThis 2.0.2
"ICQLite" = ICQ 5.1
"I-DEAS 9.00.000" = I-DEAS 9.00.000
"I-DEAS Help Library for I-DEAS 9" = I-DEAS Help Library for I-DEAS 9
"IE40" = Microsoft Internet Explorer 6 SP1
"IMPULS" = IMPULS
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Language Pack for Ad-aware 6" = Language Pack for Ad-aware 6
"Lexicon 3.0" = Lingea Lexicon 2000
"LockCrypt" = LockCrypt
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF reDirect" = PDF reDirect (remove only)
"Popisovač CD/DVD_is1" = Popisovač CD/DVD 2.20
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 2.0 Datecode M180" = Pro/ENGINEER Release Wildfire 2.0 Datecode M180
"QuickTime" = QuickTime
"SensorLock" = SensorLock
"Svátky a narozeniny_is1" = Svátky a narozeniny 1.7
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"Total Uninstall_is1" = Total Uninstall 2.34
"Totalcmd" = Total Commander (Remove or Repair)
"UnderCoverXP_is1" = UnderCoverXP 1.08
"VicSoft's ClearTemp" = VicSoft's ClearTemp
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR
"WMP7" = Aktualizace systému Windows Media Player (9 Series)
"ZAV1_is1" = ZAV 4.48 (32bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.1.2010 3:18:37 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 20.1.2010 3:35:18 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 21.1.2010 4:22:20 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 21.1.2010 4:22:29 | Computer Name = KOPLET01 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINNT\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 22.1.2010 3:23:54 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 22.1.2010 3:24:08 | Computer Name = KOPLET01 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINNT\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 22.1.2010 3:28:17 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 22.1.2010 3:29:44 | Computer Name = KOPLET01 | Source = Perflib | ID = 1015
Description = Časový limit čekání na shromáždění dat výkonu funkcí PerfProc v C:\WINNT\system32\perfproc.dll
knihovně vypršel. Potíže jsou pravděpodobně s rozšiřitelným čítačem nebo službou,
od které shromažďuje data, nebo byl systém při obdržení volání velice zaneprázdněn.

Error - 22.1.2010 3:34:50 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

Error - 25.1.2010 2:24:12 | Computer Name = KOPLET01 | Source = Perflib | ID = 2002
Description = Procedura Open služby PerfDisk v knihovně DLL C:\WINNT\system32\perfdisk.dll
trvala déle, než čas určený pro čekání. Pravděpodobně došlo k potížím s tímto rozšířeným
čítačem nebo se službou, od níž získává čítač data, nebo byl systém při obdržení
volání velice zaneprázdněn.

[ System Events ]
Error - 16.10.2009 3:02:41 | Computer Name = KOPLET01 | Source = Server | ID = 2511
Description = Serverová služba nemohla obnovit sdílenou položku PRO-E-data-martin-sestava,
protože adresář již E:\Martin-PRACOVNÍ\PRO-E-data-martin-sestava neexistuje.

Error - 16.10.2009 3:02:52 | Computer Name = KOPLET01 | Source = Service Control Manager | ID = 7000
Description = Spuštění služby I-DEAS License Manager 9.0 se nezdařilo z důvodu chyby:
%%2

Error - 19.10.2009 0:11:38 | Computer Name = KOPLET01 | Source = Server | ID = 2511
Description = Serverová služba nemohla obnovit sdílenou položku PRO-E-data-martin-sestava,
protože adresář již E:\Martin-PRACOVNÍ\PRO-E-data-martin-sestava neexistuje.

Error - 19.10.2009 0:11:49 | Computer Name = KOPLET01 | Source = Service Control Manager | ID = 7000
Description = Spuštění služby I-DEAS License Manager 9.0 se nezdařilo z důvodu chyby:
%%2

Error - 26.10.2009 1:11:45 | Computer Name = KOPLET01 | Source = Server | ID = 2511
Description = Serverová služba nemohla obnovit sdílenou položku PRO-E-data-martin-sestava,
protože adresář již E:\Martin-PRACOVNÍ\PRO-E-data-martin-sestava neexistuje.

Error - 26.10.2009 1:11:56 | Computer Name = KOPLET01 | Source = Service Control Manager | ID = 7000
Description = Spuštění služby I-DEAS License Manager 9.0 se nezdařilo z důvodu chyby:
%%2

Error - 29.10.2009 1:56:54 | Computer Name = KOPLET01 | Source = Server | ID = 2511
Description = Serverová služba nemohla obnovit sdílenou položku PRO-E-data-martin-sestava,
protože adresář již E:\Martin-PRACOVNÍ\PRO-E-data-martin-sestava neexistuje.

Error - 29.10.2009 1:57:05 | Computer Name = KOPLET01 | Source = Service Control Manager | ID = 7000
Description = Spuštění služby I-DEAS License Manager 9.0 se nezdařilo z důvodu chyby:
%%2

Error - 2.11.2009 1:04:50 | Computer Name = KOPLET01 | Source = Server | ID = 2511
Description = Serverová služba nemohla obnovit sdílenou položku PRO-E-data-martin-sestava,
protože adresář již E:\Martin-PRACOVNÍ\PRO-E-data-martin-sestava neexistuje.

Error - 2.11.2009 1:05:01 | Computer Name = KOPLET01 | Source = Service Control Manager | ID = 7000
Description = Spuštění služby I-DEAS License Manager 9.0 se nezdařilo z důvodu chyby:
%%2

< End of report >

Damned · Příspěvekod **Damned** » 25 led 2010 11:22

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://host13.nwt.cz/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} http://playroom.icq.com/odyssey_web11.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://80.242.34.63:8083/activex/AMC.cab (Reg Error: Key error.)
@Alternate Data Stream - 36 bytes -> C:\WINNT\System32\Oemlogo.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINNT\System32\Oeminfo.ini:KAVICHS

:Files
C:\WINNT\*.tmp
C:\WINNT\System32\*.tmp
C:\WINNT\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINNT\System32\drivers\bqdcqimy.sys

matthew72 · Příspěvekod **matthew72** » 25 led 2010 13:26

All processes killed
========== OTL ==========
Unable to kill active process explorer.exe!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Starting removal of ActiveX control {745395C8-D0E1-4227-8586-624CA9A10A8D}
C:\WINNT\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Starting removal of ActiveX control {8FA9D107-547B-4DBC-9D88-FABD891EDB0A}
C:\WINNT\Downloaded Program Files\odyssey_webmoo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FA9D107-547B-4DBC-9D88-FABD891EDB0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FA9D107-547B-4DBC-9D88-FABD891EDB0A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FA9D107-547B-4DBC-9D88-FABD891EDB0A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FA9D107-547B-4DBC-9D88-FABD891EDB0A}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINNT\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
C:\WINNT\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
ADS C:\WINNT\System32\Oemlogo.bmp:KAVICHS deleted successfully.
ADS C:\WINNT\System32\Oeminfo.ini:KAVICHS deleted successfully.
========== FILES ==========
C:\WINNT\msdownld.tmp folder moved successfully.
C:\WINNT\msiinst.tmp folder moved successfully.
C:\WINNT\NV224432.TMP folder moved successfully.
C:\WINNT\SET29.tmp moved successfully.
C:\WINNT\SET51.tmp moved successfully.
C:\WINNT\System32\CONFIG.TMP moved successfully.
C:\WINNT\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Martin
->Temp folder emptied: 665403 bytes
->Temporary Internet Files folder emptied: 1586036 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45406646 bytes
->Opera cache emptied: 227892 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1731 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 46,00 mb

OTL by OldTimer - Version 3.1.26.0 log created on 01252010_131905

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

http://www.virustotal.com/cs/analisis/3 ... 1264091667

Damned · Příspěvekod **Damned** » 25 led 2010 13:38

Kde se ti to vzalo v PC? Nějakej divnej odkaz, zkopíroval si ho správně, nebo toto: wfytgwpp.sys máš skutečně v PC?

Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Re: Pomale otevirani adresaru - perfdisk.dll

Kdo je online