Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Help Fcb...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13493
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Help Fcb...
Ahoj,
vdaka, ze si sa ozval....pocitaj ale s tym, ze komunikujes v podstate s pocitacovym "skoro analfabetom"...
Nemam s PC vela praktickych skusenosti, takze ak by si chcel poradit, tak, pls, tak trochu jednoduchsie...
(to vies, nam starsim to trochu pomalsie pali...)
vdaka, ze si sa ozval....pocitaj ale s tym, ze komunikujes v podstate s pocitacovym "skoro analfabetom"...
Nemam s PC vela praktickych skusenosti, takze ak by si chcel poradit, tak, pls, tak trochu jednoduchsie...
(to vies, nam starsim to trochu pomalsie pali...)
-
Caroprd111
- VIP
- Příspěvky: 13493
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Help Fcb...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavol Liska at 2011-07-28 20:14:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 3071 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:41, on 28.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ufa\ufa.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavol Liska\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Pavol Liska.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [8863732.exe] "C:\WINDOWS\TEMP\8863732.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [5184566.exe] "C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [2445708.exe] "C:\WINDOWS\TEMP\2445708.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [5825908-loader2.exe] "C:\WINDOWS\TEMP\5825908-loader2.exe"
O4 - HKLM\..\Run: [3511349.exe] "C:\WINDOWS\TEMP\3511349.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [PCSpeedUp] "C:\Program Files\Zrychlenie PC\PCSpeedUp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D31DB2-43C4-4B4D-8928-177E4EA93056}: NameServer = 192.168.0.1,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 10897 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-884357618-2147288249-1003Core1cc22acf0e7d3f7.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-884357618-2147288249-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, bkmrksync@nokia.com:1.0.0.723, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.9&q="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSibelius.dll
npwachk.dll
PDFNetC.dll
QuickTimePlugin.class
ScorchPDFWrapper.dll
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A555E0E-6240-DD93-198D-45F571D4FD9B}]
qs Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
-----------------EOF-----------------
Run by Pavol Liska at 2011-07-28 20:14:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 3071 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:41, on 28.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ufa\ufa.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavol Liska\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Pavol Liska.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [8863732.exe] "C:\WINDOWS\TEMP\8863732.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [5184566.exe] "C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [2445708.exe] "C:\WINDOWS\TEMP\2445708.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [5825908-loader2.exe] "C:\WINDOWS\TEMP\5825908-loader2.exe"
O4 - HKLM\..\Run: [3511349.exe] "C:\WINDOWS\TEMP\3511349.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [PCSpeedUp] "C:\Program Files\Zrychlenie PC\PCSpeedUp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D31DB2-43C4-4B4D-8928-177E4EA93056}: NameServer = 192.168.0.1,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 10897 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-884357618-2147288249-1003Core1cc22acf0e7d3f7.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-884357618-2147288249-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, bkmrksync@nokia.com:1.0.0.723, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.9&q="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSibelius.dll
npwachk.dll
PDFNetC.dll
QuickTimePlugin.class
ScorchPDFWrapper.dll
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A555E0E-6240-DD93-198D-45F571D4FD9B}]
qs Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
-----------------EOF-----------------
Re: Help Fcb...
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-05-15 29831168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-08-26 75048]
"LaunchList"=C:\Program Files\Pinnacle\Studio 9\LaunchList.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-17 39424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8863732.exe"=C:\WINDOWS\TEMP\8863732.exe [2011-07-25 256000]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"5184566.exe"=C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe [2011-07-25 256000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"2445708.exe"=C:\WINDOWS\TEMP\2445708.exe [2011-07-25 256000]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-26 232960]
"5825908-loader2.exe"=C:\WINDOWS\TEMP\5825908-loader2.exe [2011-07-26 256000]
"3511349.exe"=C:\WINDOWS\TEMP\3511349.exe [2011-07-27 502272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-14 319792]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2008-09-24 1561896]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe silent []
"PCSpeedUp"=C:\Program Files\Zrychlenie PC\PCSpeedUp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-03-14 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\wowfx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-05-25 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe"="C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom_Clancy's_H.A.W.X_1"
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe"="C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom_Clancy's_H.A.W.X_2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"I:\setup.exe"="I:\setup.exe:*:Enabled:setup.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:@xpsp2res.dll,-22019"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.I420"=msh263.drv
"MSVideo8"=VfWWDM32.dll
"msacm.lameacm"=lameACM.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-28 20:14:29 ----DC---- C:\rsit
2011-07-28 20:14:29 ----D---- C:\Program Files\trend micro
2011-07-28 17:18:49 ----D---- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
2011-07-28 17:18:49 ----A---- C:\WINDOWS\system32\ssbtsr.exe
2011-07-28 17:18:48 ----D---- C:\Program Files\ScanSpyware
2011-07-26 15:52:18 ----SHDC---- C:\Config.Msi
2011-07-26 15:51:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atimpc32.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticalrt.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticaldd.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticalcl.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atibtmon.exe
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-07-26 15:51:41 ----D---- C:\Program Files\ATI
2011-07-26 15:40:53 ----DC---- C:\ATI
2011-07-26 15:36:10 ----D---- C:\WINDOWS\ufa
2011-07-26 15:36:10 ----D---- C:\WINDOWS\rpcminer
2011-07-26 15:36:10 ----D---- C:\WINDOWS\phoenix
2011-07-26 15:29:51 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-26 15:28:13 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-26 15:28:12 ----A---- C:\WINDOWS\unrar.exe
2011-07-26 15:28:03 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-26 15:27:57 ----HD---- C:\WINDOWS\update.2
2011-07-26 15:27:51 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 21:10:09 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 21:08:51 ----D---- C:\Program Files\Common Files\Adobe
2011-07-25 21:08:51 ----D---- C:\Program Files\Adobe
2011-07-25 21:07:42 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 21:07:28 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 21:07:12 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 21:07:04 ----D---- C:\WINDOWS\av_ico
2011-07-25 21:05:21 ----HD---- C:\WINDOWS\update.1
2011-07-25 21:05:18 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 21:05:18 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 20:58:41 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 20:58:41 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 20:58:35 ----A---- C:\WINDOWS\services32.exe
2011-07-14 18:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 18:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 16:18:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-29 14:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-28 20:14:29 ----RD---- C:\Program Files
2011-07-28 20:08:14 ----D---- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
2011-07-28 19:08:03 ----D---- C:\WINDOWS\Temp
2011-07-28 17:28:30 ----SD---- C:\WINDOWS\Tasks
2011-07-28 17:18:49 ----D---- C:\WINDOWS\system32
2011-07-27 12:49:14 ----D---- C:\WINDOWS
2011-07-27 12:49:14 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-27 10:18:17 ----D---- C:\Program Files\Mozilla Firefox
2011-07-27 09:57:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 09:56:59 ----HD---- C:\WINDOWS\inf
2011-07-26 15:52:27 ----SHD---- C:\WINDOWS\Installer
2011-07-26 15:51:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-26 15:51:52 ----AD---- C:\WINDOWS\system32\drivers
2011-07-26 15:51:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-26 15:51:43 ----D---- C:\Program Files\ATI Technologies
2011-07-26 15:28:16 ----SHD---- C:\System Volume Information
2011-07-26 15:28:16 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 21:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-07-25 21:08:43 ----RD---- C:\Program Files\Common Files
2011-07-25 21:05:33 ----A---- C:\boot.ini
2011-07-23 15:04:11 ----D---- C:\WINDOWS\system32\config
2011-07-14 18:09:33 ----A---- C:\WINDOWS\imsins.BAK
2011-07-14 17:41:40 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-01 08:06:42 ----RSD---- C:\WINDOWS\assembly
2011-07-01 08:04:12 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 13:51:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-30 13:51:30 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-26 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/21 17:57:07]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-05-25 6554624]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-15 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-26 54400]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-05-03 38176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-26 22016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-09 238080]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2011-02-14 864384]
S3 av9rubqs;av9rubqs; C:\WINDOWS\system32\drivers\av9rubqs.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-05-25 643072]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-04-24 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-28 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-04-24 176128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-23 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-12-31 247152]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-05-15 29831168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-08-26 75048]
"LaunchList"=C:\Program Files\Pinnacle\Studio 9\LaunchList.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-17 39424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8863732.exe"=C:\WINDOWS\TEMP\8863732.exe [2011-07-25 256000]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"5184566.exe"=C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe [2011-07-25 256000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"2445708.exe"=C:\WINDOWS\TEMP\2445708.exe [2011-07-25 256000]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-26 232960]
"5825908-loader2.exe"=C:\WINDOWS\TEMP\5825908-loader2.exe [2011-07-26 256000]
"3511349.exe"=C:\WINDOWS\TEMP\3511349.exe [2011-07-27 502272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-14 319792]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2008-09-24 1561896]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe silent []
"PCSpeedUp"=C:\Program Files\Zrychlenie PC\PCSpeedUp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-03-14 319792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\wowfx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-05-25 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe"="C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom_Clancy's_H.A.W.X_1"
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe"="C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom_Clancy's_H.A.W.X_2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"I:\setup.exe"="I:\setup.exe:*:Enabled:setup.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:@xpsp2res.dll,-22019"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.I420"=msh263.drv
"MSVideo8"=VfWWDM32.dll
"msacm.lameacm"=lameACM.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-28 20:14:29 ----DC---- C:\rsit
2011-07-28 20:14:29 ----D---- C:\Program Files\trend micro
2011-07-28 17:18:49 ----D---- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
2011-07-28 17:18:49 ----A---- C:\WINDOWS\system32\ssbtsr.exe
2011-07-28 17:18:48 ----D---- C:\Program Files\ScanSpyware
2011-07-26 15:52:18 ----SHDC---- C:\Config.Msi
2011-07-26 15:51:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atimpc32.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticalrt.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticaldd.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\aticalcl.dll
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atibtmon.exe
2011-07-26 15:51:46 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-07-26 15:51:41 ----D---- C:\Program Files\ATI
2011-07-26 15:40:53 ----DC---- C:\ATI
2011-07-26 15:36:10 ----D---- C:\WINDOWS\ufa
2011-07-26 15:36:10 ----D---- C:\WINDOWS\rpcminer
2011-07-26 15:36:10 ----D---- C:\WINDOWS\phoenix
2011-07-26 15:29:51 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-26 15:28:13 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-26 15:28:12 ----A---- C:\WINDOWS\unrar.exe
2011-07-26 15:28:03 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-26 15:27:57 ----HD---- C:\WINDOWS\update.2
2011-07-26 15:27:51 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 21:10:09 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 21:08:51 ----D---- C:\Program Files\Common Files\Adobe
2011-07-25 21:08:51 ----D---- C:\Program Files\Adobe
2011-07-25 21:07:42 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 21:07:28 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 21:07:12 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 21:07:04 ----D---- C:\WINDOWS\av_ico
2011-07-25 21:05:21 ----HD---- C:\WINDOWS\update.1
2011-07-25 21:05:18 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 21:05:18 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 20:58:41 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 20:58:41 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 20:58:35 ----A---- C:\WINDOWS\services32.exe
2011-07-14 18:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 18:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 16:18:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-29 14:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-28 20:14:29 ----RD---- C:\Program Files
2011-07-28 20:08:14 ----D---- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
2011-07-28 19:08:03 ----D---- C:\WINDOWS\Temp
2011-07-28 17:28:30 ----SD---- C:\WINDOWS\Tasks
2011-07-28 17:18:49 ----D---- C:\WINDOWS\system32
2011-07-27 12:49:14 ----D---- C:\WINDOWS
2011-07-27 12:49:14 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-27 10:18:17 ----D---- C:\Program Files\Mozilla Firefox
2011-07-27 09:57:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 09:56:59 ----HD---- C:\WINDOWS\inf
2011-07-26 15:52:27 ----SHD---- C:\WINDOWS\Installer
2011-07-26 15:51:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-26 15:51:52 ----AD---- C:\WINDOWS\system32\drivers
2011-07-26 15:51:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-26 15:51:43 ----D---- C:\Program Files\ATI Technologies
2011-07-26 15:28:16 ----SHD---- C:\System Volume Information
2011-07-26 15:28:16 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 21:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-07-25 21:08:43 ----RD---- C:\Program Files\Common Files
2011-07-25 21:05:33 ----A---- C:\boot.ini
2011-07-23 15:04:11 ----D---- C:\WINDOWS\system32\config
2011-07-14 18:09:33 ----A---- C:\WINDOWS\imsins.BAK
2011-07-14 17:41:40 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-01 08:06:42 ----RSD---- C:\WINDOWS\assembly
2011-07-01 08:04:12 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 13:51:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-30 13:51:30 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-26 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/21 17:57:07]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-05-25 6554624]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-15 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-26 54400]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-05-03 38176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-26 22016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-09 238080]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2011-02-14 864384]
S3 av9rubqs;av9rubqs; C:\WINDOWS\system32\drivers\av9rubqs.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-05-25 643072]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-04-24 598016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-28 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-04-24 176128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-23 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-12-31 247152]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-
Caroprd111
- VIP
- Příspěvky: 13493
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Help Fcb...
Stáhněte http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe a spusťte. Poté stiskněte 2 a poté Enter. Log RKreport.txt mi sem vložte. Stáhněte OTL http://oldtimer.geekstogo.com/OTL.scr na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Help Fcb...
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Pavol Liska [Admin rights]
Mode: Remove -- Date : 07/28/2011 20:42:11
Bad processes: 5
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
Registry Entries: 16
[SUSP PATH] HKCU\[...]\Run : NVIDIA driver monitor (c:\windows\nvsvc32.exe) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : USB2Check (RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8863732.exe ("C:\WINDOWS\TEMP\8863732.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5184566.exe ("C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2445708.exe ("C:\WINDOWS\TEMP\2445708.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5825908-loader2.exe ("C:\WINDOWS\TEMP\5825908-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3511349.exe ("C:\WINDOWS\TEMP\3511349.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Pavol Liska [Admin rights]
Mode: Remove -- Date : 07/28/2011 20:42:11
Bad processes: 5
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
Registry Entries: 16
[SUSP PATH] HKCU\[...]\Run : NVIDIA driver monitor (c:\windows\nvsvc32.exe) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Run : USB2Check (RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8863732.exe ("C:\WINDOWS\TEMP\8863732.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5184566.exe ("C:\DOCUME~1\PAVOLL~1\LOCALS~1\Temp\5184566.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2445708.exe ("C:\WINDOWS\TEMP\2445708.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5825908-loader2.exe ("C:\WINDOWS\TEMP\5825908-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3511349.exe ("C:\WINDOWS\TEMP\3511349.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Help Fcb...
OTL logfile created on: 28.7.2011 20:45:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Pavol Liska\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,66% Memory free
8,84 Gb Paging File | 8,37 Gb Available in Paging File | 94,60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,78 Gb Free Space | 19,71% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 6,56 Gb Free Space | 67,19% Space Free | Partition Type: NTFS
Drive E: | 268,79 Gb Total Space | 51,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 64,78 Gb Total Space | 7,12 Gb Free Space | 10,99% Space Free | Partition Type: NTFS
Drive I: | 3,76 Gb Total Space | 2,66 Gb Free Space | 70,92% Space Free | Partition Type: FAT32
Computer Name: FOXFAMILY | User Name: Pavol Liska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.07.28 20:43:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\OTL.scr
PRC - [2011.07.28 20:41:51 | 000,526,848 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\RogueKiller.exe
PRC - [2011.07.27 16:33:45 | 000,502,272 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.07.26 15:27:50 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011.07.09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\WINDOWS\ufa\ufa.exe
PRC - [2011.06.04 13:45:44 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010.08.26 12:18:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2010.03.14 10:16:29 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010.02.03 01:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.28 20:42:55 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009.12.17 01:02:30 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008.09.24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.09.24 15:32:42 | 001,561,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
PRC - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 14:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
========== Modules (SafeList) ==========
MOD - [2011.07.28 20:43:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\OTL.scr
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.07.27 16:33:45 | 000,502,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.07.26 15:27:50 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.07.25 21:07:17 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
========== Driver Services (SafeList) ==========
DRV - [2011.05.25 06:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.02.14 21:25:34 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2010.08.26 13:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/02/21 17:57:07] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009.12.26 15:50:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 21:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.05.09 15:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.05.03 16:46:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.03.26 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.26 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.15 08:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006.12.12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005.12.21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005.12.21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005.12.21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005.09.24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.9&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.18 16:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 18:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.25 21:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009.12.27 19:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Extensions
[2011.07.27 10:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions
[2010.01.29 19:57:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.27 10:20:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.27 10:14:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin-1.xml
[2011.05.24 17:24:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin-2.xml
[2011.06.19 17:24:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.gif
[2011.06.19 17:24:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.src
[2011.05.08 14:10:49 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.xml
[2011.05.09 18:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009.12.28 20:42:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.14 19:01:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.12.17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010.01.01 10:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.01.01 10:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.01.01 10:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2010.01.01 10:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.01.01 10:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 10:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2011.07.28 19:04:45 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (qs Class) - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [LaunchList] File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [NBCore] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe (Nero AG)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [PCSpeedUp] File not found
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wowfx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (snapapi32.dll) - File not found
O29 - HKLM SecurityProviders - (digest32.dll) - File not found
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.26 12:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.10.17 20:34:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a511b72-0793-11e0-9138-002215e146ae}\Shell\AutoRun\command - "" = I:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011.07.28 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Desktop\RK_Quarantine
[2011.07.28 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.28 20:14:29 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.28 17:18:49 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\WINDOWS\System32\ssbtsr.exe
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2011.07.28 17:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.07.26 15:52:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.26 15:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011.07.26 15:51:46 | 005,922,816 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011.07.26 15:51:46 | 000,956,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011.07.26 15:51:46 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011.07.26 15:51:46 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2011.07.26 15:51:46 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2011.07.26 15:51:46 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011.07.26 15:51:46 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011.07.26 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.07.26 15:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\My Documents\Zaujimavosti
[2011.07.26 15:40:53 | 000,000,000 | ---D | C] -- C:\ATI
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.26 15:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011.07.26 15:27:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.26 15:27:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.25 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.25 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.07.25 21:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.25 21:05:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.07.13 13:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Desktop\Zuzana vyber
[2011.06.30 16:18:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010.12.26 13:38:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.07.28 20:46:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.28 19:08:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011.07.28 19:07:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.28 19:04:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.28 17:28:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011.07.28 17:18:49 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\Diagnose & Fix.lnk
[2011.07.28 17:18:49 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk
[2011.07.28 13:24:18 | 003,133,494 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\chyba Fcb.bmp
[2011.07.27 16:55:27 | 000,000,156 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.27 12:49:32 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2011.07.27 12:49:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.26 15:43:09 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 15:36:09 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:36:09 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:31:32 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:27:59 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.25 21:09:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.07.25 21:07:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 21:05:33 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011.07.25 20:58:31 | 001,185,280 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.07.24 20:36:45 | 000,007,168 | -H-- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\photothumb.db
[2011.07.23 18:48:56 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.15 10:52:51 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\Google Chrome.lnk
[2011.07.15 10:52:51 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.07.14 23:34:58 | 000,380,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.14 18:09:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.06.30 16:18:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.06.30 13:51:37 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.30 13:51:37 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.07.28 20:46:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.28 17:18:49 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\Diagnose & Fix.lnk
[2011.07.28 17:18:49 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk
[2011.07.28 13:24:18 | 003,133,494 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\chyba Fcb.bmp
[2011.07.26 15:51:46 | 000,166,672 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.07.26 15:36:09 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:28:13 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.26 15:28:12 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:28:12 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:28:03 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.25 21:10:37 | 000,000,156 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.25 21:08:56 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011.07.25 21:08:56 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.07.25 21:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 20:58:35 | 001,185,280 | ---- | C] () -- C:\WINDOWS\services32.exe
[2011.07.23 12:42:32 | 013,439,314 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\08_Habovka.mp3
[2011.03.27 00:34:12 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.12.28 17:03:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.28 17:03:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.28 17:03:18 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.28 17:03:18 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.28 17:03:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.26 13:38:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.12.26 13:38:51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.cat
[2010.12.26 13:38:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.inf
[2010.12.26 13:34:51 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\vso_ts_preview.xml
[2010.12.26 12:05:31 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010.09.11 17:26:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2010.05.16 18:54:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.04.30 16:46:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Solid Colors
[2010.04.27 22:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010.04.27 22:23:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2010.04.27 22:23:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\Standard
[2010.04.27 22:23:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010.04.27 22:23:35 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010.04.27 22:22:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010.04.27 22:22:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\Speech Enhancer
[2010.01.23 23:17:42 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\fusioncache.dat
[2010.01.23 15:51:45 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.23 15:51:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\PnkBstrK.sys
[2010.01.23 15:51:34 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.01.23 15:51:32 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.01.23 15:51:32 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.01.16 14:10:34 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2010.01.16 14:10:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.14 13:07:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.13 21:18:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.01.10 16:17:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2010.01.10 16:16:46 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2010.01.07 12:16:53 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.27 19:23:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.26 18:51:03 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.26 13:36:00 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.12.26 13:10:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.26 13:09:06 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.26 12:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.12.26 12:41:27 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009.12.26 12:41:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.12.26 12:41:16 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.12.26 12:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.12.26 12:41:15 | 000,233,765 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.12.26 12:32:51 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009.12.26 12:32:51 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009.12.26 12:32:51 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009.12.26 12:32:51 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2009.12.26 12:32:51 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009.12.26 12:31:04 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009.12.26 12:30:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.12.26 12:30:05 | 000,031,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.12.26 12:30:05 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.12.26 12:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.26 12:17:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.30 19:00:50 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,444,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.01.26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007.01.26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2003.12.22 15:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002.11.29 11:38:52 | 013,366,265 | --S- | C] () -- C:\Program Files\Encore Manual.pdf
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009.12.26 15:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.12.26 17:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010.04.27 22:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010.01.07 11:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.05.18 16:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.05.18 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.05.18 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009.12.26 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2011.05.18 18:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2011.02.21 18:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010.04.27 22:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011.05.13 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Audacity
[2009.12.26 16:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DAEMON Tools Lite
[2010.05.22 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DataCast
[2011.05.08 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\gtk-2.0
[2011.02.12 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ICQ
[2010.04.30 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nikon
[2010.05.18 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nokia
[2010.05.18 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PC Suite
[2011.05.18 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Publish Providers
[2011.07.28 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2011.05.18 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sony
[2010.05.02 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Space Photo Screensaver
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Ubisoft
[2010.12.26 13:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Uniblue
[2011.07.28 20:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
[2010.12.26 13:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\VSO
[2011.07.28 17:28:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2009.12.26 12:39:06 | 000,135,664 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2010.03.14 10:16:29 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
"NBCore" = "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" -- [2008.09.24 15:32:42 | 001,561,896 | ---- | M] (Nero AG)
"ICQ" = "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
"PCSpeedUp" = "C:\Program Files\Zrychlenie PC\PCSpeedUp.exe"
< >
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2010.06.11 02:40:58 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: FASTFAT.SYS >
[2008.04.14 14:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2008.04.14 14:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NTFS.SYS >
[2008.04.14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
< MD5 for: SMSS.EXE >
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011.07.27 16:33:45 | 000,502,272 | ---- | M] () MD5=38D7AB4B1D19053B410F17D55F03CC18 -- C:\WINDOWS\update.2\svchost.exe
[2011.07.26 15:27:50 | 000,348,672 | ---- | M] () MD5=6EECAB7626BABA17DB082754B5E8C5CE -- C:\WINDOWS\update.5.0\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.1\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.tray-7-0\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009.04.16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
< %systemroot%\system32\drivers\*.sys /5 >
< %systemroot%\system32\drivers\*.sys /X >
[2011.05.25 04:58:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008.04.14 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2008.04.14 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2010.05.18 15:14:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010.05.18 15:14:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2008.03.13 06:14:28 | 000,003,948 | R--- | M] () -- C:\WINDOWS\system32\drivers\nvphy.bin
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.26 15:50:41 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\system32\*.* /5 >
[2011.07.28 19:07:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2009.12.26 13:08:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.26 13:08:25 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.26 13:08:25 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\_avast_\*.tmp files -> C:\WINDOWS\Temp\_avast_\*.tmp -> ]
[2 C:\WINDOWS\Temp\_avast5_\*.tmp files -> C:\WINDOWS\Temp\_avast5_\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2010.01.31 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Adobe
[2010.08.31 10:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Apple Computer
[2009.12.26 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ATI
[2011.05.13 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Audacity
[2011.02.21 19:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\CyberLink
[2009.12.26 16:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DAEMON Tools Lite
[2010.05.22 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DataCast
[2011.05.08 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\gtk-2.0
[2009.12.26 14:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Help
[2011.02.12 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ICQ
[2009.12.26 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Identities
[2009.12.26 12:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Macromedia
[2010.12.26 12:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Media Player Classic
[2011.03.22 10:45:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft
[2009.12.27 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla
[2010.10.01 13:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nero
[2010.04.30 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nikon
[2010.05.18 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nokia
[2010.05.18 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PC Suite
[2009.12.26 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PSpad
[2011.05.18 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Publish Providers
[2011.07.28 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2010.01.23 15:52:39 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\SecuROM
[2010.10.02 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sibelius Software
[2010.09.01 20:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Skype
[2010.09.01 20:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\skypePM
[2011.05.18 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sony
[2010.05.02 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Space Photo Screensaver
[2009.12.28 20:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sun
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Ubisoft
[2010.12.26 13:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Uniblue
[2011.07.28 20:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
[2010.12.26 13:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\VSO
[2010.02.05 13:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Winamp
[2009.12.26 12:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\WinRAR
< %APPDATA%\*.* >
[2011.07.27 12:49:32 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2009.12.26 13:09:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\desktop.ini
[2010.12.26 13:42:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.12.26 13:42:34 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.cat
[2010.12.26 13:42:34 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.inf
[2010.12.26 13:42:35 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.log
[2010.12.26 13:42:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.sys
[2010.01.23 15:51:45 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\PnkBstrK.sys
[2010.04.30 16:46:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Speech Enhancer
[2010.04.27 22:23:35 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Standard
[2010.12.26 13:42:25 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\vso_ts_preview.xml
< %APPDATA%\*.exe /s >
[2010.12.26 13:42:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.04.27 22:25:04 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
[2009.12.26 14:34:58 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2010.04.27 22:24:33 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2010.04.27 22:25:32 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
[2010.01.07 11:18:35 | 000,002,298 | ---- | M] () -- C:\bwdthu.exe
[2010.01.07 11:18:11 | 000,002,301 | ---- | M] () -- C:\hcbabhx.exe
[2010.01.07 11:18:42 | 000,002,310 | ---- | M] () -- C:\hqwu.exe
[2010.01.07 11:19:54 | 000,002,301 | ---- | M] () -- C:\mmhcaf.exe
[2010.01.07 11:19:15 | 000,002,298 | ---- | M] () -- C:\mudyfh.exe
[2010.01.07 11:19:49 | 000,002,307 | ---- | M] () -- C:\ocoxphhi.exe
[2010.01.07 11:19:58 | 000,002,295 | ---- | M] () -- C:\ouvjj.exe
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-28 15:28:31
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.28 20:46:04 | 000,000,512 | ---- | M] () MD5=6E20C42EE4A24CCC8CC37CE8FFF83BD7 -- C:\PhysicalMBR.bin
========== Files - Unicode (All) ==========
[2011.06.20 17:07:51 | 003,426,856 | ---- | M] ()(C:\Documents and Settings\Pavol Liska\Desktop\?????.pptx) -- C:\Documents and Settings\Pavol Liska\Desktop\出发去中国.pptx
[2011.06.13 21:19:30 | 003,426,856 | ---- | C] ()(C:\Documents and Settings\Pavol Liska\Desktop\?????.pptx) -- C:\Documents and Settings\Pavol Liska\Desktop\出发去中国.pptx
< End of report >
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Pavol Liska\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,66% Memory free
8,84 Gb Paging File | 8,37 Gb Available in Paging File | 94,60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,78 Gb Free Space | 19,71% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 6,56 Gb Free Space | 67,19% Space Free | Partition Type: NTFS
Drive E: | 268,79 Gb Total Space | 51,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 64,78 Gb Total Space | 7,12 Gb Free Space | 10,99% Space Free | Partition Type: NTFS
Drive I: | 3,76 Gb Total Space | 2,66 Gb Free Space | 70,92% Space Free | Partition Type: FAT32
Computer Name: FOXFAMILY | User Name: Pavol Liska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.07.28 20:43:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\OTL.scr
PRC - [2011.07.28 20:41:51 | 000,526,848 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\RogueKiller.exe
PRC - [2011.07.27 16:33:45 | 000,502,272 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011.07.26 15:27:50 | 000,348,672 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011.07.09 06:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\WINDOWS\ufa\ufa.exe
PRC - [2011.06.04 13:45:44 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010.08.26 12:18:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2010.03.14 10:16:29 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010.02.03 01:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.28 20:42:55 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009.12.17 01:02:30 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008.09.24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.09.24 15:32:42 | 001,561,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
PRC - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 14:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
========== Modules (SafeList) ==========
MOD - [2011.07.28 20:43:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavol Liska\My Documents\Downloads\OTL.scr
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.07.27 16:33:45 | 000,502,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.07.26 15:27:50 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.07.25 21:07:17 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
========== Driver Services (SafeList) ==========
DRV - [2011.05.25 06:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.02.14 21:25:34 | 000,864,384 | ---- | M] (ITE Technologies ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2010.08.26 13:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/02/21 17:57:07] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009.12.26 15:50:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 21:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.05.09 15:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.05.03 16:46:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.03.26 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.26 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.15 08:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006.12.12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005.12.21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005.12.21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005.12.21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005.09.24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.09 05:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.9&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.18 16:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 18:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.25 21:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009.12.27 19:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Extensions
[2011.07.27 10:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions
[2010.01.29 19:57:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.27 10:20:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.27 10:14:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin-1.xml
[2011.05.24 17:24:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin-2.xml
[2011.06.19 17:24:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.gif
[2011.06.19 17:24:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.src
[2011.05.08 14:10:49 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla\Firefox\Profiles\cmngxw9j.default\searchplugins\icqplugin.xml
[2011.05.09 18:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009.12.28 20:42:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.14 19:01:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.12.17 01:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010.01.01 10:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.01.01 10:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.01.01 10:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2010.01.01 10:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.01.01 10:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 10:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2011.07.28 19:04:45 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (qs Class) - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [LaunchList] File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [NBCore] C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe (Nero AG)
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [PCSpeedUp] File not found
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wowfx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (snapapi32.dll) - File not found
O29 - HKLM SecurityProviders - (digest32.dll) - File not found
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.26 12:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.10.17 20:34:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a511b72-0793-11e0-9138-002215e146ae}\Shell\AutoRun\command - "" = I:\SamsungSoftware\APPInst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011.07.28 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Desktop\RK_Quarantine
[2011.07.28 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.28 20:14:29 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.28 17:18:49 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\WINDOWS\System32\ssbtsr.exe
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2011.07.28 17:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.07.26 15:52:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.26 15:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011.07.26 15:51:46 | 005,922,816 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011.07.26 15:51:46 | 000,956,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011.07.26 15:51:46 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011.07.26 15:51:46 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2011.07.26 15:51:46 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2011.07.26 15:51:46 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011.07.26 15:51:46 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011.07.26 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.07.26 15:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\My Documents\Zaujimavosti
[2011.07.26 15:40:53 | 000,000,000 | ---D | C] -- C:\ATI
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.26 15:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011.07.26 15:27:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.26 15:27:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.25 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.25 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.07.25 21:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.25 21:05:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.07.13 13:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Desktop\Zuzana vyber
[2011.06.30 16:18:52 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010.12.26 13:38:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.07.28 20:46:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.28 19:08:22 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011.07.28 19:07:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.28 19:04:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.28 17:28:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011.07.28 17:18:49 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\Diagnose & Fix.lnk
[2011.07.28 17:18:49 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk
[2011.07.28 13:24:18 | 003,133,494 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\chyba Fcb.bmp
[2011.07.27 16:55:27 | 000,000,156 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.27 12:49:32 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2011.07.27 12:49:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.26 15:43:09 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 15:36:09 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:36:09 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:31:32 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:27:59 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.25 21:09:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.07.25 21:07:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 21:05:33 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011.07.25 20:58:31 | 001,185,280 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.07.24 20:36:45 | 000,007,168 | -H-- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\photothumb.db
[2011.07.23 18:48:56 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.15 10:52:51 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\Google Chrome.lnk
[2011.07.15 10:52:51 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.07.14 23:34:58 | 000,380,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.14 18:09:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.06.30 16:18:52 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.06.30 13:51:37 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.30 13:51:37 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.07.28 20:46:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.28 17:18:49 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\Diagnose & Fix.lnk
[2011.07.28 17:18:49 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk
[2011.07.28 13:24:18 | 003,133,494 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\chyba Fcb.bmp
[2011.07.26 15:51:46 | 000,166,672 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.07.26 15:36:09 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:28:13 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.26 15:28:12 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:28:12 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:28:03 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.25 21:10:37 | 000,000,156 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.25 21:08:56 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011.07.25 21:08:56 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.07.25 21:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 20:58:35 | 001,185,280 | ---- | C] () -- C:\WINDOWS\services32.exe
[2011.07.23 12:42:32 | 013,439,314 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Desktop\08_Habovka.mp3
[2011.03.27 00:34:12 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.12.28 17:03:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.12.28 17:03:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.28 17:03:18 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.28 17:03:18 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.28 17:03:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.12.26 13:38:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.12.26 13:38:51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.cat
[2010.12.26 13:38:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.inf
[2010.12.26 13:34:51 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\vso_ts_preview.xml
[2010.12.26 12:05:31 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010.09.11 17:26:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2010.05.16 18:54:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.04.30 16:46:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Solid Colors
[2010.04.27 22:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010.04.27 22:23:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2010.04.27 22:23:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\Standard
[2010.04.27 22:23:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010.04.27 22:23:35 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2010.04.27 22:22:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010.04.27 22:22:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\Speech Enhancer
[2010.01.23 23:17:42 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\fusioncache.dat
[2010.01.23 15:51:45 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.23 15:51:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\PnkBstrK.sys
[2010.01.23 15:51:34 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.01.23 15:51:32 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.01.23 15:51:32 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.01.16 14:10:34 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2010.01.16 14:10:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.14 13:07:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.13 21:18:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.01.10 16:17:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2010.01.10 16:16:46 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2010.01.07 12:16:53 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.27 19:23:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.26 18:51:03 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.26 13:36:00 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.12.26 13:10:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.26 13:09:06 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.26 12:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.12.26 12:41:27 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009.12.26 12:41:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.12.26 12:41:16 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.12.26 12:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.12.26 12:41:15 | 000,233,765 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.12.26 12:32:51 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009.12.26 12:32:51 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009.12.26 12:32:51 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009.12.26 12:32:51 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2009.12.26 12:32:51 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009.12.26 12:31:04 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009.12.26 12:30:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.12.26 12:30:05 | 000,031,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.12.26 12:30:05 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.12.26 12:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.26 12:17:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.30 19:00:50 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,444,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.01.26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007.01.26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2003.12.22 15:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002.11.29 11:38:52 | 013,366,265 | --S- | C] () -- C:\Program Files\Encore Manual.pdf
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009.12.26 15:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.12.26 17:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010.04.27 22:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010.01.07 11:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.05.18 16:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.05.18 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.05.18 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009.12.26 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2011.05.18 18:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009.12.26 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2011.02.21 18:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010.04.27 22:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011.05.13 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Audacity
[2009.12.26 16:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DAEMON Tools Lite
[2010.05.22 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DataCast
[2011.05.08 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\gtk-2.0
[2011.02.12 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ICQ
[2010.04.30 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nikon
[2010.05.18 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nokia
[2010.05.18 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PC Suite
[2011.05.18 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Publish Providers
[2011.07.28 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2011.05.18 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sony
[2010.05.02 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Space Photo Screensaver
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Ubisoft
[2010.12.26 13:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Uniblue
[2011.07.28 20:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
[2010.12.26 13:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\VSO
[2011.07.28 17:28:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Pavol Liska\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2009.12.26 12:39:06 | 000,135,664 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" -- [2010.03.14 10:16:29 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
"NBCore" = "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" -- [2008.09.24 15:32:42 | 001,561,896 | ---- | M] (Nero AG)
"ICQ" = "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
"PCSpeedUp" = "C:\Program Files\Zrychlenie PC\PCSpeedUp.exe"
< >
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2010.06.11 02:40:58 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: CSRSS.EXE >
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: FASTFAT.SYS >
[2008.04.14 14:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2008.04.14 14:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NTFS.SYS >
[2008.04.14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.14 14:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
< MD5 for: SMSS.EXE >
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011.07.27 16:33:45 | 000,502,272 | ---- | M] () MD5=38D7AB4B1D19053B410F17D55F03CC18 -- C:\WINDOWS\update.2\svchost.exe
[2011.07.26 15:27:50 | 000,348,672 | ---- | M] () MD5=6EECAB7626BABA17DB082754B5E8C5CE -- C:\WINDOWS\update.5.0\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.1\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.tray-7-0\svchost.exe
[2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () MD5=7A3BC4D258CBE30DFB0649EE863FAE25 -- C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< >
< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009.04.16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
< %systemroot%\system32\drivers\*.sys /5 >
< %systemroot%\system32\drivers\*.sys /X >
[2011.05.25 04:58:28 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008.04.14 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2008.04.14 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2010.05.18 15:14:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010.05.18 15:14:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2008.03.13 06:14:28 | 000,003,948 | R--- | M] () -- C:\WINDOWS\system32\drivers\nvphy.bin
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.26 15:50:41 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\system32\*.* /5 >
[2011.07.28 19:07:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\config\*.sav >
[2009.12.26 13:08:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.12.26 13:08:25 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.12.26 13:08:25 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\_avast_\*.tmp files -> C:\WINDOWS\Temp\_avast_\*.tmp -> ]
[2 C:\WINDOWS\Temp\_avast5_\*.tmp files -> C:\WINDOWS\Temp\_avast5_\*.tmp -> ]
< %systemroot%\*. /mp /s >
< %ALLUSERSPROFILE%\Data Aplikací\*.* >
< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >
< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >
< %APPDATA%\*. >
[2010.01.31 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Adobe
[2010.08.31 10:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Apple Computer
[2009.12.26 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ATI
[2011.05.13 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Audacity
[2011.02.21 19:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\CyberLink
[2009.12.26 16:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DAEMON Tools Lite
[2010.05.22 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\DataCast
[2011.05.08 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\gtk-2.0
[2009.12.26 14:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Help
[2011.02.12 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ICQ
[2009.12.26 12:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Identities
[2009.12.26 12:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Macromedia
[2010.12.26 12:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Media Player Classic
[2011.03.22 10:45:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft
[2009.12.27 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Mozilla
[2010.10.01 13:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nero
[2010.04.30 16:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nikon
[2010.05.18 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Nokia
[2010.05.18 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PC Suite
[2009.12.26 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\PSpad
[2011.05.18 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Publish Providers
[2011.07.28 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2010.01.23 15:52:39 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\SecuROM
[2010.10.02 17:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sibelius Software
[2010.09.01 20:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Skype
[2010.09.01 20:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\skypePM
[2011.05.18 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sony
[2010.05.02 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Space Photo Screensaver
[2009.12.28 20:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Sun
[2010.03.26 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Ubisoft
[2010.12.26 13:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Uniblue
[2011.07.28 20:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\uTorrent
[2010.12.26 13:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\VSO
[2010.02.05 13:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\Winamp
[2009.12.26 12:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavol Liska\Application Data\WinRAR
< %APPDATA%\*.* >
[2011.07.27 12:49:32 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\default.rss
[2009.12.26 13:09:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\desktop.ini
[2010.12.26 13:42:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.12.26 13:42:34 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.cat
[2010.12.26 13:42:34 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.inf
[2010.12.26 13:42:35 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.log
[2010.12.26 13:42:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Pavol Liska\Application Data\pcouffin.sys
[2010.01.23 15:51:45 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\PnkBstrK.sys
[2010.04.30 16:46:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Speech Enhancer
[2010.04.27 22:23:35 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Standard
[2010.12.26 13:42:25 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\vso_ts_preview.xml
< %APPDATA%\*.exe /s >
[2010.12.26 13:42:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\inst.exe
[2010.04.27 22:25:04 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
[2009.12.26 14:34:58 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2010.04.27 22:24:33 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2010.04.27 22:25:32 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Pavol Liska\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
< %SYSTEMDRIVE%\*.exe >
[2010.01.07 11:18:35 | 000,002,298 | ---- | M] () -- C:\bwdthu.exe
[2010.01.07 11:18:11 | 000,002,301 | ---- | M] () -- C:\hcbabhx.exe
[2010.01.07 11:18:42 | 000,002,310 | ---- | M] () -- C:\hqwu.exe
[2010.01.07 11:19:54 | 000,002,301 | ---- | M] () -- C:\mmhcaf.exe
[2010.01.07 11:19:15 | 000,002,298 | ---- | M] () -- C:\mudyfh.exe
[2010.01.07 11:19:49 | 000,002,307 | ---- | M] () -- C:\ocoxphhi.exe
[2010.01.07 11:19:58 | 000,002,295 | ---- | M] () -- C:\ouvjj.exe
< >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-28 15:28:31
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.07.28 20:46:04 | 000,000,512 | ---- | M] () MD5=6E20C42EE4A24CCC8CC37CE8FFF83BD7 -- C:\PhysicalMBR.bin
========== Files - Unicode (All) ==========
[2011.06.20 17:07:51 | 003,426,856 | ---- | M] ()(C:\Documents and Settings\Pavol Liska\Desktop\?????.pptx) -- C:\Documents and Settings\Pavol Liska\Desktop\出发去中国.pptx
[2011.06.13 21:19:30 | 003,426,856 | ---- | C] ()(C:\Documents and Settings\Pavol Liska\Desktop\?????.pptx) -- C:\Documents and Settings\Pavol Liska\Desktop\出发去中国.pptx
< End of report >
Re: Help Fcb...
OTL Extras logfile created on: 28.7.2011 20:45:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Pavol Liska\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,66% Memory free
8,84 Gb Paging File | 8,37 Gb Available in Paging File | 94,60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,78 Gb Free Space | 19,71% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 6,56 Gb Free Space | 67,19% Space Free | Partition Type: NTFS
Drive E: | 268,79 Gb Total Space | 51,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 64,78 Gb Total Space | 7,12 Gb Free Space | 10,99% Space Free | Partition Type: NTFS
Drive I: | 3,76 Gb Total Space | 2,66 Gb Free Space | 70,92% Space Free | Partition Type: FAT32
Computer Name: FOXFAMILY | User Name: Pavol Liska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4719:TCP" = 4719:TCP:*:Enabled:4719
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom_Clancy's_H.A.W.X_1
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom_Clancy's_H.A.W.X_2
"E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"I:\setup.exe" = I:\setup.exe:*:Enabled:setup.exe
"C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe" = C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe" = C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe -- ()
"C:\WINDOWS\services32.exe" = C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe -- ()
"C:\WINDOWS\update.tray-7-0\svchost.exe" = C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe -- ()
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0C196427-49B6-426E-126C-2ED14FF8FC00}" = Catalyst Control Center Localization Thai
"{0E9E85F7-B46B-5B05-EA92-166041688360}" = CCC Help Finnish
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12001F32-80E8-67DC-17BF-B71FF08952D4}" = Catalyst Control Center Localization Spanish
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1337189C-ADD8-FA87-2037-1556FB8A4BC6}" = CCC Help Japanese
"{13647C4D-F5F4-C251-7A96-78B86AB007AC}" = Catalyst Control Center Graphics Previews Common
"{14D35B82-806E-FB4A-A80F-3FF7258832AA}" = ccc-core-preinstall
"{17BACA06-1CA8-D3F7-7F79-ACDCF96599DF}" = Catalyst Control Center Localization Japanese
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B7DCF2E-774A-11E0-9986-0013D3D69929}" = Vegas Pro 10.0
"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368D5CDC-628E-2836-9E71-043672084991}" = Catalyst Control Center Localization Finnish
"{3E783AF8-51F7-1C42-53D5-F082FB0A28C1}" = Catalyst Control Center Localization Chinese Standard
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.0.17b
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{401079AB-7327-7FFB-C742-1BE7EC8B7C06}" = CCC Help Danish
"{41148666-8506-4ABD-6935-AB1035A12A3E}" = Catalyst Control Center Localization Swedish
"{41F7FFF4-B5B3-D96D-58FD-AEE5EA280528}" = CCC Help Czech
"{43CF15E8-E3CF-4BCF-8AAC-19162268276A}_3.9.2.2_is1" = ScanSpyware 3.9.2.2
"{47F95FE7-B901-2DB9-C370-D198DD7E7911}" = Catalyst Control Center Localization Russian
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{567D3326-2E0E-BDF8-791B-E77186020343}" = Catalyst Control Center Localization French
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590F4980-1C17-EF89-E0C8-1D5866385DD5}" = CCC Help English
"{5A2F8E75-C291-F338-F48B-524C3EADE800}" = CCC Help Italian
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{5ECA5B22-4073-8A6D-2E7E-8F4C39FC4309}" = Catalyst Control Center InstallProxy
"{5F72D175-2F8E-21EE-8A8F-15AD607C0531}" = CCC Help Swedish
"{617A16E4-A178-0E1E-DD80-88A44ACAF688}" = CCC Help Korean
"{635509DE-5A40-D9CC-C40C-C96FB4E266E0}" = Skins
"{65BF54F3-CE3C-098D-4410-7F64468BDDA7}" = CCC Help Norwegian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7227FD56-0482-6DBC-7B04-E748FB638283}" = Catalyst Control Center Localization Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CEA075-4371-2E52-F83F-FFC53CEABE12}" = Catalyst Control Center Localization Portuguese
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74C45428-03A3-BAE9-F393-590FD36B69EE}" = CCC Help German
"{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7AEF3C07-82FE-50B4-9962-A38DD38733C5}" = ccc-core-static
"{7B8B54E7-0008-3DF8-266C-1A7105A0C7ED}" = Catalyst Control Center Localization Czech
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D5DE1C9-25FD-ECB3-74C9-50899F086A9F}" = CCC Help Hungarian
"{81EB9BC3-F6FA-CB2E-40BD-798FE703CCE4}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866367B2-136A-6DCE-7D07-3F56175087BF}" = CCC Help Greek
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8F027BD7-9175-CFF0-107E-E7AC0DE36E10}" = Catalyst Control Center Core Implementation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{90120000-0100-041B-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovak) 2007
"{90120000-0101-041B-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovak) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A55A33F-8AFA-5578-69F9-0772EA3D7D9E}" = Catalyst Control Center Localization Chinese Traditional
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D80AE12-18EC-7E24-DBB4-09E6B7E667D9}" = ccc-utility
"{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3469F2F-A2B8-6B89-D431-19376590240A}" = Catalyst Control Center Localization Hungarian
"{A45C237A-2D4F-71DA-0C25-540C645FA9CA}" = CCC Help Thai
"{A5CD6935-E688-9FA3-6002-CCD08EB9818B}" = CCC Help Polish
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1051-7B44-A94000000001}" = Adobe Reader 9.4.5 - Slovak
"{AFC57FD9-2705-9531-DA23-9A4E6F50D85C}" = Catalyst Control Center Localization Polish
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BA99DF96-55D0-922C-A8B1-943C1755D0BE}" = Catalyst Control Center Graphics Full Existing
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF438498-A8BE-44B4-6079-540A9C4073AB}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C7EC2121-A688-3126-B53A-18C815E4D043}" = Catalyst Control Center Localization Italian
"{C7FB85AE-EA6C-6BE8-790F-ECC99197D735}" = CCC Help Turkish
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA7CDD01-93B6-4C3D-0807-20EE83E40F65}" = CCC Help Russian
"{CA979620-BE17-D758-17D3-142123785A17}" = CCC Help Chinese Standard
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{d1964ae5-f0d1-4e24-8257-9c8bf3dedd65}" = Nero 9
"{D1AE169D-4681-8886-D67E-FD6DCE1586F8}" = Catalyst Control Center Localization Norwegian
"{D289EDFF-D798-6169-A7D3-91D6B5CEB20B}" = Catalyst Control Center Graphics Full New
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D86847C4-6B93-91A8-9B28-A49563A9ED95}" = Catalyst Control Center Localization German
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF547081-AAAF-5F9C-0B80-89F9E130E1DB}" = CCC Help English
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E0E9E379-528A-FABD-12BD-78C82C096F4A}" = Catalyst Control Center Graphics Light
"{E41AC810-F9A5-09AB-0D69-0694A3A980F0}" = Catalyst Control Center Localization Turkish
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E7211161-CCC8-0912-60EF-364CA205B84A}" = Catalyst Control Center Localization Greek
"{E75B773E-3309-B615-0B91-385A8BDD2B03}" = CCC Help French
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ECDB40C4-D343-6405-9D00-E42F07D84463}" = Catalyst Control Center Localization Dutch
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F4AF1F4C-12D4-F77A-8FF0-37C221302343}" = CCC Help Portuguese
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7540817-B9F2-D025-2A88-F15E906D1367}" = CCC Help Spanish
"{F8CDA789-8DF0-049A-3130-5C14B888B913}" = Catalyst Control Center Localization Danish
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AF9035HB DriverInstaller_10.4.26.1" = AF9035HB Driver v10.4.26.1
"Artopik_is1" = Artopik 1.51
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"avast" = avast! Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Encore 4.5.3" = Encore 4.5.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoldWave v5.55" = GoldWave v5.55
"GoldWave v5.58" = GoldWave v5.58
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.0
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"lameclidll_is1" = LAME MP3 Encoder 3.9.8 CLI/DLL
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 sk)" = Mozilla Firefox 4.0.1 (x86 sk)
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.sk-sk" = Microsoft Office Language Pack 2007 - Slovak/Slovenčina
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Space Photo Screensaver" = Space Photo Screensaver
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 17.5.2010 2:12:45 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:19:44 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:28:10 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:30:50 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:52:40 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:57:39 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:03:42 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:07:43 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:08:03 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:08:07 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 15.5.2011 7:18:36 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Studio.exe, verzia 12.0.0.6163, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 16.5.2011 14:01:41 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
nsutil.dll, verzia 0.0.0.0, adresa zlyhania 0x0000a6c2.
Error - 17.5.2011 12:13:40 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie explorer.exe, verzia 6.0.2900.5512, zlyhanie modulu
unknown, verzia 0.0.0.0, adresa zlyhania 0x05319cf4.
Error - 17.5.2011 12:15:13 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie , verzia 0.0.0.0, zlyhanie modulu unknown, verzia
0.0.0.0, adresa zlyhania 0x00000000.
Error - 18.5.2011 12:59:13 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia vegas100.exe, verzia 10.0.0.669, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 5.6.2011 10:23:22 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
nsutil.dll, verzia 0.0.0.0, adresa zlyhania 0x0000a6c2.
Error - 13.6.2011 13:17:59 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
clvsd.ax, verzia 8.4.0.1408, adresa zlyhania 0x0008ba58.
Error - 23.7.2011 13:53:30 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia explorer.exe, verzia 6.0.2900.5512, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 23.7.2011 13:53:30 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia explorer.exe, verzia 6.0.2900.5512, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 26.7.2011 9:52:27 | Computer Name = FOXFAMILY | Source = MsiInstaller | ID = 10005
Description = Product: Catalyst Control Center -- Internal Error 2753. installShell.exe
[ OSession Events ]
Error - 1.6.2010 15:21:30 | Computer Name = FOXFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2861
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.7.2011 7:19:24 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 7:19:27 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 7:19:27 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 11:08:43 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 11:08:51 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 11:08:51 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 13:04:36 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 13:04:41 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 13:04:41 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 14:41:56 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7034
Description = Služba srvsysdriver32 sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.
< End of report >
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Pavol Liska\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 79,66% Memory free
8,84 Gb Paging File | 8,37 Gb Available in Paging File | 94,60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,78 Gb Free Space | 19,71% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 6,56 Gb Free Space | 67,19% Space Free | Partition Type: NTFS
Drive E: | 268,79 Gb Total Space | 51,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive F: | 64,78 Gb Total Space | 7,12 Gb Free Space | 10,99% Space Free | Partition Type: NTFS
Drive I: | 3,76 Gb Total Space | 2,66 Gb Free Space | 70,92% Space Free | Partition Type: FAT32
Computer Name: FOXFAMILY | User Name: Pavol Liska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4719:TCP" = 4719:TCP:*:Enabled:4719
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom_Clancy's_H.A.W.X_1
"C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Documents and Settings\Pavol Liska\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom_Clancy's_H.A.W.X_2
"E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = E:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"I:\setup.exe" = I:\setup.exe:*:Enabled:setup.exe
"C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe" = C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe" = C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe -- ()
"C:\WINDOWS\services32.exe" = C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe -- ()
"C:\WINDOWS\update.tray-7-0\svchost.exe" = C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe -- ()
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0C196427-49B6-426E-126C-2ED14FF8FC00}" = Catalyst Control Center Localization Thai
"{0E9E85F7-B46B-5B05-EA92-166041688360}" = CCC Help Finnish
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12001F32-80E8-67DC-17BF-B71FF08952D4}" = Catalyst Control Center Localization Spanish
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1337189C-ADD8-FA87-2037-1556FB8A4BC6}" = CCC Help Japanese
"{13647C4D-F5F4-C251-7A96-78B86AB007AC}" = Catalyst Control Center Graphics Previews Common
"{14D35B82-806E-FB4A-A80F-3FF7258832AA}" = ccc-core-preinstall
"{17BACA06-1CA8-D3F7-7F79-ACDCF96599DF}" = Catalyst Control Center Localization Japanese
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B7DCF2E-774A-11E0-9986-0013D3D69929}" = Vegas Pro 10.0
"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368D5CDC-628E-2836-9E71-043672084991}" = Catalyst Control Center Localization Finnish
"{3E783AF8-51F7-1C42-53D5-F082FB0A28C1}" = Catalyst Control Center Localization Chinese Standard
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.0.17b
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{401079AB-7327-7FFB-C742-1BE7EC8B7C06}" = CCC Help Danish
"{41148666-8506-4ABD-6935-AB1035A12A3E}" = Catalyst Control Center Localization Swedish
"{41F7FFF4-B5B3-D96D-58FD-AEE5EA280528}" = CCC Help Czech
"{43CF15E8-E3CF-4BCF-8AAC-19162268276A}_3.9.2.2_is1" = ScanSpyware 3.9.2.2
"{47F95FE7-B901-2DB9-C370-D198DD7E7911}" = Catalyst Control Center Localization Russian
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{567D3326-2E0E-BDF8-791B-E77186020343}" = Catalyst Control Center Localization French
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590F4980-1C17-EF89-E0C8-1D5866385DD5}" = CCC Help English
"{5A2F8E75-C291-F338-F48B-524C3EADE800}" = CCC Help Italian
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{5ECA5B22-4073-8A6D-2E7E-8F4C39FC4309}" = Catalyst Control Center InstallProxy
"{5F72D175-2F8E-21EE-8A8F-15AD607C0531}" = CCC Help Swedish
"{617A16E4-A178-0E1E-DD80-88A44ACAF688}" = CCC Help Korean
"{635509DE-5A40-D9CC-C40C-C96FB4E266E0}" = Skins
"{65BF54F3-CE3C-098D-4410-7F64468BDDA7}" = CCC Help Norwegian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7227FD56-0482-6DBC-7B04-E748FB638283}" = Catalyst Control Center Localization Korean
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CEA075-4371-2E52-F83F-FFC53CEABE12}" = Catalyst Control Center Localization Portuguese
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74C45428-03A3-BAE9-F393-590FD36B69EE}" = CCC Help German
"{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7AEF3C07-82FE-50B4-9962-A38DD38733C5}" = ccc-core-static
"{7B8B54E7-0008-3DF8-266C-1A7105A0C7ED}" = Catalyst Control Center Localization Czech
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7D5DE1C9-25FD-ECB3-74C9-50899F086A9F}" = CCC Help Hungarian
"{81EB9BC3-F6FA-CB2E-40BD-798FE703CCE4}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866367B2-136A-6DCE-7D07-3F56175087BF}" = CCC Help Greek
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8F027BD7-9175-CFF0-107E-E7AC0DE36E10}" = Catalyst Control Center Core Implementation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{90120000-0100-041B-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovak) 2007
"{90120000-0101-041B-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovak) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A55A33F-8AFA-5578-69F9-0772EA3D7D9E}" = Catalyst Control Center Localization Chinese Traditional
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D80AE12-18EC-7E24-DBB4-09E6B7E667D9}" = ccc-utility
"{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3469F2F-A2B8-6B89-D431-19376590240A}" = Catalyst Control Center Localization Hungarian
"{A45C237A-2D4F-71DA-0C25-540C645FA9CA}" = CCC Help Thai
"{A5CD6935-E688-9FA3-6002-CCD08EB9818B}" = CCC Help Polish
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1051-7B44-A94000000001}" = Adobe Reader 9.4.5 - Slovak
"{AFC57FD9-2705-9531-DA23-9A4E6F50D85C}" = Catalyst Control Center Localization Polish
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BA99DF96-55D0-922C-A8B1-943C1755D0BE}" = Catalyst Control Center Graphics Full Existing
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF438498-A8BE-44B4-6079-540A9C4073AB}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C7EC2121-A688-3126-B53A-18C815E4D043}" = Catalyst Control Center Localization Italian
"{C7FB85AE-EA6C-6BE8-790F-ECC99197D735}" = CCC Help Turkish
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA7CDD01-93B6-4C3D-0807-20EE83E40F65}" = CCC Help Russian
"{CA979620-BE17-D758-17D3-142123785A17}" = CCC Help Chinese Standard
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{d1964ae5-f0d1-4e24-8257-9c8bf3dedd65}" = Nero 9
"{D1AE169D-4681-8886-D67E-FD6DCE1586F8}" = Catalyst Control Center Localization Norwegian
"{D289EDFF-D798-6169-A7D3-91D6B5CEB20B}" = Catalyst Control Center Graphics Full New
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D86847C4-6B93-91A8-9B28-A49563A9ED95}" = Catalyst Control Center Localization German
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF547081-AAAF-5F9C-0B80-89F9E130E1DB}" = CCC Help English
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E0E9E379-528A-FABD-12BD-78C82C096F4A}" = Catalyst Control Center Graphics Light
"{E41AC810-F9A5-09AB-0D69-0694A3A980F0}" = Catalyst Control Center Localization Turkish
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E7211161-CCC8-0912-60EF-364CA205B84A}" = Catalyst Control Center Localization Greek
"{E75B773E-3309-B615-0B91-385A8BDD2B03}" = CCC Help French
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ECDB40C4-D343-6405-9D00-E42F07D84463}" = Catalyst Control Center Localization Dutch
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F4AF1F4C-12D4-F77A-8FF0-37C221302343}" = CCC Help Portuguese
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7540817-B9F2-D025-2A88-F15E906D1367}" = CCC Help Spanish
"{F8CDA789-8DF0-049A-3130-5C14B888B913}" = Catalyst Control Center Localization Danish
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AF9035HB DriverInstaller_10.4.26.1" = AF9035HB Driver v10.4.26.1
"Artopik_is1" = Artopik 1.51
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"avast" = avast! Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Encore 4.5.3" = Encore 4.5.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoldWave v5.55" = GoldWave v5.55
"GoldWave v5.58" = GoldWave v5.58
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.0
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"lameclidll_is1" = LAME MP3 Encoder 3.9.8 CLI/DLL
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 sk)" = Mozilla Firefox 4.0.1 (x86 sk)
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.sk-sk" = Microsoft Office Language Pack 2007 - Slovak/Slovenčina
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Space Photo Screensaver" = Space Photo Screensaver
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 17.5.2010 2:12:45 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:19:44 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:28:10 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:30:50 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:52:40 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 11:57:39 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:03:42 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:07:43 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:08:03 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
Error - 17.5.2010 12:08:07 | Computer Name = FOXFAMILY | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 15.5.2011 7:18:36 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Studio.exe, verzia 12.0.0.6163, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 16.5.2011 14:01:41 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
nsutil.dll, verzia 0.0.0.0, adresa zlyhania 0x0000a6c2.
Error - 17.5.2011 12:13:40 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie explorer.exe, verzia 6.0.2900.5512, zlyhanie modulu
unknown, verzia 0.0.0.0, adresa zlyhania 0x05319cf4.
Error - 17.5.2011 12:15:13 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie , verzia 0.0.0.0, zlyhanie modulu unknown, verzia
0.0.0.0, adresa zlyhania 0x00000000.
Error - 18.5.2011 12:59:13 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia vegas100.exe, verzia 10.0.0.669, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 5.6.2011 10:23:22 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
nsutil.dll, verzia 0.0.0.0, adresa zlyhania 0x0000a6c2.
Error - 13.6.2011 13:17:59 | Computer Name = FOXFAMILY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 5.5.7.2789, zlyhanie modulu
clvsd.ax, verzia 8.4.0.1408, adresa zlyhania 0x0008ba58.
Error - 23.7.2011 13:53:30 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia explorer.exe, verzia 6.0.2900.5512, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 23.7.2011 13:53:30 | Computer Name = FOXFAMILY | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia explorer.exe, verzia 6.0.2900.5512, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 26.7.2011 9:52:27 | Computer Name = FOXFAMILY | Source = MsiInstaller | ID = 10005
Description = Product: Catalyst Control Center -- Internal Error 2753. installShell.exe
[ OSession Events ]
Error - 1.6.2010 15:21:30 | Computer Name = FOXFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2861
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.7.2011 7:19:24 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 7:19:27 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 7:19:27 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 11:08:43 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 11:08:51 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 11:08:51 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 13:04:36 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Task Scheduler zlyhalo kvôli nasledujúcej chybe:
%%2
Error - 28.7.2011 13:04:41 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 13:04:41 | Computer Name = FOXFAMILY | Source = Ntfs | ID = 262199
Description = Štruktúra systému súborov na disku je poškodená a je nepoužiteľná.
Na
zväzku D: spustite pomôcku chkdsk.
Error - 28.7.2011 14:41:56 | Computer Name = FOXFAMILY | Source = Service Control Manager | ID = 7034
Description = Služba srvsysdriver32 sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát.
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13493
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Help Fcb...
Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.
Kód: Vybrat vše
:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:Files
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe
C:\WINDOWS\nvsvc32.exe
C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe
:OTL
O4 - HKLM..\Run: [LaunchList] File not found
SRV - [2011.07.27 16:33:45 | 000,502,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011.07.26 15:27:50 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.07.25 21:07:17 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.07.25 20:58:31 | 001,185,280 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
IE - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
O2 - BHO: (qs Class) - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKU\S-1-5-21-1801674531-884357618-2147288249-1003..\Run: [PCSpeedUp] File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wowfx.dll) - File not found
O29 - HKLM SecurityProviders - (snapapi32.dll) - File not found
O29 - HKLM SecurityProviders - (digest32.dll) - File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011.07.28 17:18:49 | 000,008,704 | ---- | C] (ScanSpyware.net) -- C:\WINDOWS\System32\ssbtsr.exe
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware
[2011.07.28 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware
[2011.07.28 17:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSpyware
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.26 15:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.26 15:27:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.26 15:27:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.25 21:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.25 21:05:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.07.25 21:05:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.07.28 17:18:49 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk
[2011.07.27 16:55:27 | 000,000,156 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.26 15:36:09 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:36:09 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:31:32 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:27:59 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.26 15:36:09 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.26 15:36:09 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.26 15:36:08 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.26 15:28:13 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.26 15:28:12 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.26 15:28:12 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.26 15:28:03 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.25 21:10:37 | 000,000,156 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.25 21:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 20:58:35 | 001,185,280 | ---- | C] () -- C:\WINDOWS\services32.exe
[2010.01.07 11:18:35 | 000,002,298 | ---- | M] () -- C:\bwdthu.exe
[2010.01.07 11:18:11 | 000,002,301 | ---- | M] () -- C:\hcbabhx.exe
[2010.01.07 11:18:42 | 000,002,310 | ---- | M] () -- C:\hqwu.exe
[2010.01.07 11:19:54 | 000,002,301 | ---- | M] () -- C:\mmhcaf.exe
[2010.01.07 11:19:15 | 000,002,298 | ---- | M] () -- C:\mudyfh.exe
[2010.01.07 11:19:49 | 000,002,307 | ---- | M] () -- C:\ocoxphhi.exe
[2010.01.07 11:19:58 | 000,002,295 | ---- | M] () -- C:\ouvjj.exe
[2011.07.25 21:07:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.25 21:07:17 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.25 20:58:31 | 001,185,280 | ---- | M] () -- C:\WINDOWS\services32.exe
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe" =-
"C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe" =-
"C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe" =-
"C:\WINDOWS\update.1\svchost.exe" =-
"C:\WINDOWS\services32.exe" =-
"C:\WINDOWS\update.tray-7-0\svchost.exe" =-
"C:\WINDOWS\update.2\svchost.exe" =-Re: Help Fcb...
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Pavol Liska
->Temp folder emptied: 54893633 bytes
->Temporary Internet Files folder emptied: 18934732 bytes
->Java cache emptied: 55545889 bytes
->FireFox cache emptied: 70417681 bytes
->Google Chrome cache emptied: 244098382 bytes
->Flash cache emptied: 225599 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2504444 bytes
%systemroot%\System32 .tmp files removed: 3604497 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67157605 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144846424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 217669282 bytes
Total Files Cleaned = 839,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Pavol Liska
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== FILES ==========
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
File\Folder C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe not found.
File\Folder C:\WINDOWS\nvsvc32.exe not found.
File\Folder C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe not found.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchList deleted successfully.
Service srviecheck stopped successfully!
Service srviecheck deleted successfully!
C:\WINDOWS\update.2\svchost.exe moved successfully.
Service srvbtcclient stopped successfully!
Service srvbtcclient deleted successfully!
C:\WINDOWS\update.5.0\svchost.exe moved successfully.
Service srvsysdriver32 stopped successfully!
Service srvsysdriver32 deleted successfully!
C:\WINDOWS\sysdriver32.exe moved successfully.
Service wxpdrivers stopped successfully!
Service wxpdrivers deleted successfully!
C:\WINDOWS\update.1\svchost.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://start.icq.com/" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A555E0E-6240-DD93-198D-45F571D4FD9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A555E0E-6240-DD93-198D-45F571D4FD9B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
C:\WINDOWS\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\wowfx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:snapapi32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\WINDOWS\system32\ssbtsr.exe moved successfully.
C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware\3.9.2.2 folder moved successfully.
C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\skins folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\quarantine\DAF_July-28-2011_05-21-46-PM folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\quarantine folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\logs folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\languages folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\ignorelist folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\database folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\customscanlist folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware folder moved successfully.
C:\Program Files\ScanSpyware\3.9.2.2 folder moved successfully.
C:\Program Files\ScanSpyware folder moved successfully.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-7-0 folder moved successfully.
C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk moved successfully.
C:\WINDOWS\info1 moved successfully.
C:\WINDOWS\phoenix.rar moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\ufa.rar moved successfully.
C:\WINDOWS\rpcminer.rar moved successfully.
C:\WINDOWS\geoiplist.rar moved successfully.
C:\WINDOWS\l1rezerv.exe moved successfully.
C:\WINDOWS\geoiplist moved successfully.
File C:\WINDOWS\phoenix.rar not found.
File C:\WINDOWS\ufa.rar not found.
File C:\WINDOWS\rpcminer.rar not found.
File C:\WINDOWS\geoiplist not found.
File C:\WINDOWS\geoiplist.rar not found.
File C:\WINDOWS\unrar.exe not found.
File C:\WINDOWS\l1rezerv.exe not found.
File C:\WINDOWS\info1 not found.
C:\WINDOWS\loader2.exe_ok moved successfully.
C:\WINDOWS\sysdriver32_.exe moved successfully.
File C:\WINDOWS\sysdriver32.exe not found.
C:\WINDOWS\services32.exe moved successfully.
C:\bwdthu.exe moved successfully.
C:\hcbabhx.exe moved successfully.
C:\hqwu.exe moved successfully.
C:\mmhcaf.exe moved successfully.
C:\mudyfh.exe moved successfully.
C:\ocoxphhi.exe moved successfully.
C:\ouvjj.exe moved successfully.
File C:\WINDOWS\loader2.exe_ok not found.
File C:\WINDOWS\sysdriver32_.exe not found.
File C:\WINDOWS\sysdriver32.exe not found.
File C:\WINDOWS\services32.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.
OTL by OldTimer - Version 3.2.26.1 log created on 07282011_212258
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Pavol Liska
->Temp folder emptied: 54893633 bytes
->Temporary Internet Files folder emptied: 18934732 bytes
->Java cache emptied: 55545889 bytes
->FireFox cache emptied: 70417681 bytes
->Google Chrome cache emptied: 244098382 bytes
->Flash cache emptied: 225599 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2504444 bytes
%systemroot%\System32 .tmp files removed: 3604497 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67157605 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144846424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 217669282 bytes
Total Files Cleaned = 839,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Pavol Liska
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== FILES ==========
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
File\Folder C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe not found.
File\Folder C:\WINDOWS\nvsvc32.exe not found.
File\Folder C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe not found.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchList deleted successfully.
Service srviecheck stopped successfully!
Service srviecheck deleted successfully!
C:\WINDOWS\update.2\svchost.exe moved successfully.
Service srvbtcclient stopped successfully!
Service srvbtcclient deleted successfully!
C:\WINDOWS\update.5.0\svchost.exe moved successfully.
Service srvsysdriver32 stopped successfully!
Service srvsysdriver32 deleted successfully!
C:\WINDOWS\sysdriver32.exe moved successfully.
Service wxpdrivers stopped successfully!
Service wxpdrivers deleted successfully!
C:\WINDOWS\update.1\svchost.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://start.icq.com/" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A555E0E-6240-DD93-198D-45F571D4FD9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A555E0E-6240-DD93-198D-45F571D4FD9B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
C:\WINDOWS\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-884357618-2147288249-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\wowfx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:snapapi32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\WINDOWS\system32\ssbtsr.exe moved successfully.
C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware\3.9.2.2 folder moved successfully.
C:\Documents and Settings\Pavol Liska\Start Menu\Programs\ScanSpyware folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\skins folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\quarantine\DAF_July-28-2011_05-21-46-PM folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\quarantine folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\logs folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\languages folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\ignorelist folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\database folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware\customscanlist folder moved successfully.
C:\Documents and Settings\Pavol Liska\Application Data\ScanSpyware folder moved successfully.
C:\Program Files\ScanSpyware\3.9.2.2 folder moved successfully.
C:\Program Files\ScanSpyware folder moved successfully.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-7-0 folder moved successfully.
C:\Documents and Settings\Pavol Liska\Desktop\ScanSpyware.lnk moved successfully.
C:\WINDOWS\info1 moved successfully.
C:\WINDOWS\phoenix.rar moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\ufa.rar moved successfully.
C:\WINDOWS\rpcminer.rar moved successfully.
C:\WINDOWS\geoiplist.rar moved successfully.
C:\WINDOWS\l1rezerv.exe moved successfully.
C:\WINDOWS\geoiplist moved successfully.
File C:\WINDOWS\phoenix.rar not found.
File C:\WINDOWS\ufa.rar not found.
File C:\WINDOWS\rpcminer.rar not found.
File C:\WINDOWS\geoiplist not found.
File C:\WINDOWS\geoiplist.rar not found.
File C:\WINDOWS\unrar.exe not found.
File C:\WINDOWS\l1rezerv.exe not found.
File C:\WINDOWS\info1 not found.
C:\WINDOWS\loader2.exe_ok moved successfully.
C:\WINDOWS\sysdriver32_.exe moved successfully.
File C:\WINDOWS\sysdriver32.exe not found.
C:\WINDOWS\services32.exe moved successfully.
C:\bwdthu.exe moved successfully.
C:\hcbabhx.exe moved successfully.
C:\hqwu.exe moved successfully.
C:\mmhcaf.exe moved successfully.
C:\mudyfh.exe moved successfully.
C:\ocoxphhi.exe moved successfully.
C:\ouvjj.exe moved successfully.
File C:\WINDOWS\loader2.exe_ok not found.
File C:\WINDOWS\sysdriver32_.exe not found.
File C:\WINDOWS\sysdriver32.exe not found.
File C:\WINDOWS\services32.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\Desktop\P17535732.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\Desktop\facebook-pic000934519.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Pavol Liska\My Documents\Downloads\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.
OTL by OldTimer - Version 3.2.26.1 log created on 07282011_212258
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13493
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Help Fcb...
ok, Fcb sa rozbehol (to bol povodca problemov...) so zmenou hesla, jedine co pozorujem, tak mi zmizol antivir....ale to bude najmensi problem.....
Re: Help Fcb...
Zatial to bezi vsetko ok, srdecna vdaka....a propos - co som dlzny?...
Přispějete na provoz fóra?