DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Brat at 19:20:52 on 2013-09-05
Systm Microsoft Windows XP Home Edition  5.1.2600.3.1250.421.1033.18.2046.1265 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375804162551
TCP: NameServer = 195.34.133.21 212.186.211.21
TCP: Interfaces\{3E6BFFAD-D04F-41F0-B3B4-7347E9EFB281} : DHCPNameServer = 195.34.133.21 212.186.211.21
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brat\application data\mozilla\firefox\profiles\0va9y2x9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-06 21:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\brat\application data\mozilla\firefox\profiles\0va9y2x9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-07 13:33; onair_FM@marek.chrenko.net; c:\documents and settings\brat\application data\mozilla\firefox\profiles\0va9y2x9.default\extensions\onair_FM@marek.chrenko.net.xpi
FF - ExtSQL: 2013-08-08 01:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-6 37352]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-8-6 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-8-6 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-8-6 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2013-8-6 31920]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/08/06 21:43:15];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-6 108088]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-6 84024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-6 88840]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2013-8-6 216072]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2013-8-6 4463864]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-6-13 248248]
R2 WDRulesService;WD Rules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2012-6-14 1177536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-8-6 103040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-8-6 1691480]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-9-5 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-8-6 815160]
.
=============== Created Last 30 ================
.
2013-09-05 17:17:36	--------	d-----w-	C:\FRST
2013-09-05 16:48:38	--------	d-----w-	c:\program files\WhoCrashed
2013-09-05 16:36:07	--------	d-----w-	c:\program files\Western Digital
2013-09-05 16:36:07	--------	d-----w-	c:\program files\common files\Western Digital
2013-09-05 16:12:39	--------	d-----w-	c:\program files\Cobian Backup 11
2013-09-05 10:36:50	--------	d-----w-	c:\documents and settings\brat\local settings\application data\Western_Digital
2013-09-05 10:35:47	11520	----a-w-	c:\windows\system32\drivers\wdcsam.sys
2013-09-05 10:31:52	--------	d-----w-	c:\documents and settings\all users\application data\Western Digital
2013-09-02 14:42:59	--------	d-----w-	c:\program files\Defraggler
2013-08-31 14:13:23	262552	----a-w-	c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-08-26 14:26:09	--------	d-----w-	c:\documents and settings\brat\application data\Malwarebytes
2013-08-26 14:25:57	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2013-08-26 11:24:59	--------	d--h--w-	c:\documents and settings\all users\application data\CanonIJEPPEX
2013-08-26 11:24:58	--------	d-----w-	c:\documents and settings\brat\local settings\application data\Canon Easy-PhotoPrint EX
2013-08-21 17:31:35	--------	d-----w-	c:\program files\trend micro
2013-08-20 17:34:52	--------	d-----w-	c:\documents and settings\brat\application data\PlaneShift
2013-08-20 17:34:52	--------	d-----w-	c:\documents and settings\brat\application data\CrystalSpace
2013-08-20 17:34:52	--------	d-----w-	c:\documents and settings\brat\application data\CrystalApp
2013-08-20 17:34:11	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2013-08-20 17:34:11	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2013-08-20 17:34:11	--------	d-----w-	c:\program files\OpenAL
2013-08-20 17:32:19	--------	d-----w-	c:\program files\PlaneShift
2013-08-20 12:26:35	--------	d-----w-	c:\documents and settings\all users\application data\CanonIJ
2013-08-20 12:25:30	--------	d--h--w-	c:\documents and settings\all users\application data\CanonIJScan
2013-08-19 17:28:30	--------	d-----w-	c:\program files\common files\Sony Shared
2013-08-19 17:26:10	--------	d-----w-	c:\windows\SxsCaPendDel
2013-08-19 17:24:22	--------	d-----w-	c:\windows\system32\LogFiles
2013-08-15 16:13:03	--------	d-----w-	c:\program files\NVIDIA Corporation
2013-08-15 15:56:34	--------	d-----w-	c:\documents and settings\brat\local settings\application data\2K Games
2013-08-15 15:53:01	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-08-15 15:53:01	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-08-15 15:53:01	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2013-08-15 15:53:00	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-08-15 15:53:00	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2013-08-15 15:52:59	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2013-08-15 15:52:59	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-08-15 15:52:59	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2013-08-15 15:45:28	--------	d-----w-	c:\program files\2K Games
2013-08-15 14:32:15	--------	d-----w-	c:\program files\common files\3DO Shared
2013-08-15 14:32:15	--------	d-----w-	c:\program files\3DO
2013-08-15 14:32:01	306688	----a-w-	c:\windows\IsUninst.exe
2013-08-15 14:25:23	--------	d-----w-	c:\documents and settings\brat\local settings\application data\Skyrim
2013-08-15 14:22:59	444776	----a-w-	c:\windows\system32\d3dx10_36.dll
2013-08-15 14:12:25	--------	d-----w-	c:\program files\The Elder Scrolls V Skyrim
2013-08-15 11:29:42	--------	d-----w-	c:\windows\system32\MRT
2013-08-13 19:06:43	--------	d-----w-	c:\windows\system32\NtmsData
2013-08-13 14:48:49	--------	d-----w-	c:\documents and settings\brat\local settings\application data\ACD Systems
2013-08-13 14:48:48	--------	d-----w-	c:\documents and settings\brat\application data\ACD Systems
2013-08-11 13:37:00	--------	d-----w-	c:\documents and settings\brat\local settings\application data\CyberLink
2013-08-07 23:02:51	--------	d-----w-	c:\windows\system32\XPSViewer
2013-08-07 23:02:34	89088	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-08-07 23:02:19	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-08-07 23:02:19	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-08-07 23:02:19	597504	------w-	c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-08-07 23:02:19	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2013-08-07 23:02:19	575488	------w-	c:\windows\system32\xpsshhdr.dll
2013-08-07 23:02:19	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2013-08-07 23:02:19	1676288	------w-	c:\windows\system32\xpssvcs.dll
2013-08-07 23:02:19	117760	------w-	c:\windows\system32\prntvpt.dll
2013-08-07 11:43:12	--------	d-----w-	c:\documents and settings\brat\local settings\application data\GHISLER
.
==================== Find3M  ====================
.
2013-09-04 13:29:12	88840	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-06 19:42:18	505128	----a-w-	c:\windows\system32\msvcp71.dll
2013-08-06 19:42:18	353576	----a-w-	c:\windows\system32\msvcr71.dll
2013-08-06 19:42:18	29480	----a-w-	c:\windows\system32\msxml3a.dll
2013-08-06 19:29:54	685816	----a-w-	c:\windows\system32\drivers\sptd.sys
2013-08-06 18:34:13	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-06 18:34:13	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-08-06 17:30:19	0	----a-w-	c:\windows\ativpsrm.bin
2013-08-03 12:18:38	1543680	------w-	c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17	920064	----a-w-	c:\windows\system32\wininet.dll
2013-07-26 02:47:13	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59	385024	----a-w-	c:\windows\system32\html.iec
2013-07-10 10:37:53	406016	----a-w-	c:\windows\system32\usp10.dll
2013-07-04 03:03:25	2149888	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:21:26,20 ===============
