VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Krtimir at 2010-07-15 20:02:50
Microsoft Windows 7 Ultimate
System drive C: has 100 GB (26%) free of 381 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:56, on 15.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\ICQ7.1\ICQ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\trend micro\Krtimir.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 81.2.210.46 L2authd.Lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8273 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s
"C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
\??\C:\Windows\system32\conhost.exe
"C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"C:\Windows\vsnp2std.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum
"C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe"
taskeng.exe {0BCAEEF2-9947-46ED-A4A8-CBD32470B972}
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe" /startup
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\OSCAR Editor\OscarData\Tools\MyShowMessage.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
"C:\Windows\System32\rundll32.exe" P17RunE.dll,RunDLLEntry
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\WinMsgBalloonServer.exe"
\\.\pipe\raidxpertPipe1
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Xfire\xfire.exe"
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 1696
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 1696
"taskhost.exe"
"C:\Program Files (x86)\ICQ7.1\ICQ.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe166_ Global\UsGthrCtrlFltPipeMssGthrPipe166 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Krtimir\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1783296]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-26 16327712]
"snp2std"=C:\Windows\vsnp2std.exe [2006-09-15 675840]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 2114376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe [2008-07-30 2865152]
"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-03-31 95576]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"VolPanel"=C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2007-02-28 180224]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SMSTray"=C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-12-14 132624]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]

C:\Users\Krtimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-15 20:02:50 ----D---- C:\rsit
2010-07-15 20:02:50 ----D---- C:\Program Files\trend micro
2010-07-15 11:22:38 ----D---- C:\Program Files (x86)\Cenega Czech
2010-07-14 20:48:26 ----D---- C:\ProgramData\Alwil Software
2010-07-14 15:53:47 ----A---- C:\Windows\SYSWOW64\npptNT2.sys
2010-07-14 15:49:02 ----D---- C:\Program Files (x86)\Lineage II
2010-07-14 15:48:24 ----D---- C:\Users\Krtimir\AppData\Roaming\InstallShield
2010-07-14 07:08:09 ----A---- C:\Windows\system32\cdd.dll
2010-07-11 17:10:15 ----D---- C:\Program Files (x86)\EVGA Precision
2010-07-11 11:34:16 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-07-09 21:04:40 ----A---- C:\Windows\SYSWOW64\xfcodec.dll
2010-07-09 21:04:40 ----A---- C:\Windows\system32\xfcodec64.dll
2010-07-07 20:21:39 ----D---- C:\Users\Krtimir\AppData\Roaming\Mc & RENOX
2010-06-30 16:01:33 ----D---- C:\Program Files (x86)\Ashampoo
2010-06-30 15:53:23 ----D---- C:\Program Files (x86)\Sweet Home 3D
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bwhnt.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bwh.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bmdm.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bmdfl.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bcmnt.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bcm.sys
2010-06-27 23:18:55 ----A---- C:\Windows\system32\drivers\ss_bbus.sys
2010-06-27 23:18:31 ----D---- C:\ProgramData\Samsung
2010-06-27 23:18:19 ----A---- C:\Windows\system32\drivers\TFsExDisk.sys
2010-06-27 23:18:18 ----A---- C:\Windows\system32\FsExService64.exe
2010-06-27 21:26:20 ----D---- C:\Program Files (x86)\MarkAnyContentSAFER
2010-06-27 20:29:36 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2010-06-27 20:28:55 ----D---- C:\Windows\SYSWOW64\Samsung_USB_Drivers
2010-06-27 20:28:11 ----A---- C:\Windows\SYSWOW64\FsExService64.Exe
2010-06-27 20:28:11 ----A---- C:\Windows\SYSWOW64\drivers\TFsExDisk.Sys
2010-06-27 20:28:03 ----D---- C:\Users\Krtimir\AppData\Roaming\Samsung
2010-06-27 20:27:44 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2010-06-23 06:49:45 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-06-23 06:49:00 ----A---- C:\Windows\SYSWOW64\PresentationHostProxy.dll
2010-06-23 06:49:00 ----A---- C:\Windows\SYSWOW64\PresentationHost.exe
2010-06-23 06:49:00 ----A---- C:\Windows\SYSWOW64\netfxperf.dll
2010-06-23 06:49:00 ----A---- C:\Windows\SYSWOW64\mscoree.dll
2010-06-23 06:48:59 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2010-06-23 06:48:59 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 06:48:59 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 06:48:59 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 06:48:59 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 06:48:59 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 06:48:28 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2010-06-23 06:48:28 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 06:48:19 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2010-06-23 06:48:19 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 06:48:18 ----A---- C:\Windows\system32\msdri.dll
2010-06-18 10:40:50 ----D---- C:\Users\Krtimir\AppData\Roaming\Facebook
2010-06-16 15:15:23 ----HD---- C:\ProgramData\CanonIJEGV

======List of files/folders modified in the last 1 months======

2010-07-15 20:02:56 ----D---- C:\Windows\Prefetch
2010-07-15 20:02:55 ----D---- C:\Windows\Temp
2010-07-15 20:02:50 ----RD---- C:\Program Files
2010-07-15 19:39:10 ----D---- C:\Users\Krtimir\AppData\Roaming\Skype
2010-07-15 18:39:13 ----D---- C:\Users\Krtimir\AppData\Roaming\ICQ
2010-07-15 17:53:20 ----D---- C:\Users\Krtimir\AppData\Roaming\uTorrent
2010-07-15 16:02:12 ----D---- C:\Users\Krtimir\AppData\Roaming\skypePM
2010-07-15 15:14:51 ----D---- C:\Windows\system32\config
2010-07-15 12:14:22 ----SHD---- C:\System Volume Information
2010-07-15 11:22:38 ----RD---- C:\Program Files (x86)
2010-07-15 06:57:41 ----D---- C:\Windows\System32
2010-07-15 06:57:41 ----D---- C:\Windows\inf
2010-07-15 06:57:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-14 20:50:37 ----D---- C:\Program Files\Alwil Software
2010-07-14 20:50:36 ----SD---- C:\Program Files (x86)\Xfire
2010-07-14 20:50:36 ----D---- C:\ProgramData\Xfire
2010-07-14 20:49:06 ----SHD---- C:\Windows\Installer
2010-07-14 20:49:06 ----SHD---- C:\Config.Msi
2010-07-14 20:49:05 ----D---- C:\Windows\winsxs
2010-07-14 20:48:50 ----D---- C:\Windows\SysWOW64
2010-07-14 20:48:50 ----D---- C:\Windows
2010-07-14 20:48:26 ----HD---- C:\ProgramData
2010-07-14 16:31:27 ----D---- C:\Program Files (x86)\Ufo
2010-07-14 15:49:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-14 14:16:21 ----D---- C:\Users\Krtimir\AppData\Roaming\Xfire
2010-07-14 13:13:36 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-07-14 07:08:42 ----D---- C:\Windows\debug
2010-07-14 07:07:58 ----D---- C:\Windows\system32\catroot
2010-07-13 13:31:34 ----D---- C:\HUDBA
2010-07-13 13:31:20 ----A---- C:\Windows\NeroDigital.ini
2010-07-13 04:57:17 ----D---- C:\Windows\system32\Tasks
2010-07-02 22:18:43 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 17:08:52 ----D---- C:\Windows\SYSWOW64\drivers
2010-07-01 15:24:53 ----D---- C:\Fraps
2010-06-30 16:02:35 ----RSD---- C:\Windows\assembly
2010-06-30 16:00:09 ----A---- C:\Windows\win.ini
2010-06-30 10:36:42 ----D---- C:\Windows\system32\catroot2
2010-06-28 22:57:12 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-06-28 20:55:42 ----D---- C:\Program Files (x86)\CCleaner
2010-06-27 23:21:57 ----D---- C:\Windows\system32\drivers
2010-06-27 23:19:10 ----D---- C:\Windows\system32\DriverStore
2010-06-27 23:18:42 ----D---- C:\Program Files (x86)\Samsung
2010-06-27 23:18:06 ----D---- C:\Windows\SoftwareDistribution
2010-06-27 23:10:27 ----D---- C:\Users\Krtimir\AppData\Roaming\vlc
2010-06-27 22:59:37 ----D---- C:\Users\Krtimir\AppData\Roaming\dvdcss
2010-06-27 21:32:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-06-27 20:29:36 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-23 07:28:09 ----D---- C:\Windows\Microsoft.NET
2010-06-23 06:53:18 ----D---- C:\Windows\AppPatch
2010-06-23 06:49:49 ----D---- C:\Windows\SYSWOW64\en-US
2010-06-23 06:49:49 ----D---- C:\Windows\system32\en-US
2010-06-23 06:48:54 ----D---- C:\Windows\ehome
2010-06-20 11:10:37 ----RD---- C:\Program Files (x86)\Skype
2010-06-16 15:14:37 ----D---- C:\Windows\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-01-08 24840]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2007-06-13 70144]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-04 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-18 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-18 43680]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2009-04-21 1288192]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-04-09 12342656]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 47368]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 35848]
S3 cpuz130;cpuz130; \??\C:\Users\Krtimir\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 cpuz132;cpuz132; \??\C:\Users\Krtimir\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-12-31 22336]
S3 gwiopm;gwiopm; \??\C:\Program Files (x86)\My Drivers\gwiopm.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2008-07-02 31624]
S3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys [2009-10-18 82048]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-03-25 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-03-25 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-03-25 161280]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-03-26 16448]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD_RAIDXpert;AMD RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-26 382496]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2009-10-12 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-04 79360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  nvraid.sys
  ndis.sys
  winlogon.exe
  explorer.exe
  userinit.exe
  lsass.exe
  svchost.exe
  smss.exe
  hal.dll
  ws2_32.dll
  tcpip.sys
  cryptsvc.dll
  Changer.sys
  JakNDis.sys
  isapnp.sys
  cdrom.sys
  autochk.exe
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Nějak se to zaseklo, mám to vypnout a spustit znova?

Zkuste vypnout pred skenem antivir, zrejme mu blokuje pristup do registru ktere prohledava....

Pokud by nepomohlo, spustte OTl s timto (upravenym) skriptem

OTL Extras logfile created on: 16.7.2010 11:18:02 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Krtimir\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,12 Gb Total Space | 100,15 Gb Free Space | 26,91% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 30,98 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 326,51 Gb Total Space | 29,32 Gb Free Space | 8,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 111,79 Gb Total Space | 15,61 Gb Free Space | 13,96% Space Free | Partition Type: NTFS

Computer Name: KRTIMIR-PC
Current User Name: Krtimir
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with ACDSee] -- C:\Program Files (x86)\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 3] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet 3\Fotolab Fotosvet 3.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with ACDSee] -- C:\Program Files (x86)\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 3] -- "C:\Program Files (x86)\Fotolab\Fotolab Fotosvet 3\Fotolab Fotosvet 3.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18D00C9F-B259-4838-871A-C61FCFF34C59}" = EA SPORTS™ Rugby 08
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = OSCAR Editor
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{33CE2580-2B1E-4B4C-8E91-27FC58A548E4}" = Port Royale 2
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3FEDF39A-4BA9-41F0-80EE-D4B5642F4D45}" = Battlestations Midway
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Trust Webcam 15007
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a14ed09d-4570-4321-bfa5-4eec7dbbbb2c}" = Nero 9 Trial
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.3 - Czech
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C72D7008-266D-4DD8-BF3C-296B736127F6}" = Mafia
"{C85E633E-864A-4AFE-0095-844838BFCC7E}" = Madden NFL 07
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ALZip_is1" = ALZip
"ATC for Battlefield 2 Complete_is1" = ATC for Battlefield 2 Complete
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"BSPlayer1" = BSPlayer
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Call of Juarez_is1" = Call of Juarez
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DVD To AVI Converter_is1" = DVD To AVI Converter 4.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fotolab Fotosvet 3" = Fotolab Fotosvet 3
"Fraps" = Fraps (remove only)
"FSCZ_is1" = FORM studio
"G-Force" = G-Force
"InstallShield_{21FFDD40-F6B9-4609-B1C9-514E0A342BFA}" = OSCAR Editor
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"MotoGP 2007_is1" = MotoGP 2007
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"PPTView97" = Microsoft PowerPoint Viewer 97
"Precision" = EVGA Precision 1.9.5
"rajče.net_is1" = rajče beta48
"Registrace uživatele zařízení Canon MP540 series" = Registrace uživatele zařízení Canon MP540 series
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SoftSkies" = SoftSkies
"Sweet Home 3D_is1" = Sweet Home 3D version 2.2
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"UFO: Enemy Unknown (DosBox emulation)" = UFO: Enemy Unknown (DosBox emulation)
"Uloz.to Uploader" = Uloz.to Uploader 1.1.1.122
"uTorrent" = µTorrent
"Vietcong" = Vietcong
"VLC media player" = VLC media player 1.0.2
"VMidi" = vanBasco's Karaoke Player
"WaveStudio 7" = Creative WaveStudio 7
"WhiteCap" = WhiteCap
"WinRAR archiver" = WinRAR archiver
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aliens vs Predator" = Aliens vs Predator
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 26.4.2010 16:09:21 | Computer Name = Krtimir-PC | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 16.7.2010 11:18:02 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Krtimir\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,12 Gb Total Space | 100,15 Gb Free Space | 26,91% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 30,98 Gb Free Space | 13,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 326,51 Gb Total Space | 29,32 Gb Free Space | 8,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 111,79 Gb Total Space | 15,61 Gb Free Space | 13,96% Space Free | Partition Type: NTFS

Computer Name: KRTIMIR-PC
Current User Name: Krtimir
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.16 06:48:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krtimir\Desktop\OTL.exe
PRC - [2010.07.02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.31 15:46:06 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.10.12 19:15:03 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.09.19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009.09.19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009.09.19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009.05.15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.01.15 19:42:46 | 007,430,144 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.15 19:42:44 | 007,434,240 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.07.30 13:52:37 | 002,865,152 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe
PRC - [2007.12.14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007.12.12 10:29:48 | 000,323,584 | ---- | M] (TODO: A4 Tech) -- C:\Program Files (x86)\OSCAR Editor\OscarData\Tools\MyShowMessage.exe
PRC - [2007.02.28 18:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006.09.15 14:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (SafeList) ==========

MOD - [2010.07.16 06:48:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krtimir\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 19:37:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.10.12 19:15:03 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009.05.15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.03.26 09:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.25 13:08:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.03.25 13:08:52 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.03.25 13:08:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009.12.21 17:39:40 | 000,051,712 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.11.04 23:03:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.18 12:29:41 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.18 12:29:40 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.10.18 12:05:24 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin64a.sys -- (Pcouffin64)
DRV:64bit: - [2009.08.13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.20 04:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.21 15:12:50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.01.08 00:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008.12.07 13:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008.07.02 15:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.06.24 22:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2007.06.13 17:47:02 | 000,070,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007.05.11 04:12:06 | 000,038,160 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2007.04.09 12:37:18 | 012,342,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2007.03.05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2007.03.05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT)
DRV:64bit: - [2007.03.05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - [2007.03.05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010.03.26 09:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.12.31 16:53:03 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007.05.11 04:12:06 | 000,038,160 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.09 03:00:58 | 000,044,688 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.04.09 12:38:06 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2007.03.05 06:48:12 | 000,037,648 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 07 57 57 4F 4B CA 01 [binary data]
IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.27 21:32:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.04 09:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.03.10 13:05:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins

[2009.10.12 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Extensions
[2010.06.28 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\extensions
[2010.06.20 16:56:28 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Sunbird\Profiles\uidxq6k3.default\extensions
[2010.03.10 13:07:43 | 000,000,000 | ---D | M] (Provider for Google Calendar) -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Sunbird\Profiles\uidxq6k3.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
[2010.07.12 14:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin-1.xml
[2010.06.18 06:48:47 | 000,000,947 | ---- | M] () -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin.xml
[2010.07.15 19:12:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.05 19:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.20 09:18:50 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.20 09:18:50 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.20 09:18:50 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.20 09:18:50 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.20 09:18:50 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.09.05 18:04:16 | 000,000,053 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 81.2.210.46 L2authd.Lineage2.com
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000..\Run: [OscarEditor] C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Krtimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.08 20:45:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a179281-b750-11de-9c04-001a4d5a7f87}\Shell - "" = AutoRun
O33 - MountPoints2\{2a179281-b750-11de-9c04-001a4d5a7f87}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{7a938d6e-bbcf-11de-ac90-001a4d5a7f87}\Shell - "" = AutoRun
O33 - MountPoints2\{7a938d6e-bbcf-11de-ac90-001a4d5a7f87}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O33 - MountPoints2\{7a938d6f-bbcf-11de-ac90-001a4d5a7f87}\Shell - "" = AutoRun
O33 - MountPoints2\{7a938d6f-bbcf-11de-ac90-001a4d5a7f87}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2010.07.16 06:48:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Krtimir\Desktop\OTL.exe
[2010.07.15 20:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.15 20:02:50 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.15 11:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cenega Czech
[2010.07.14 20:48:50 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010.07.14 20:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.07.14 15:53:47 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010.07.14 15:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lineage II
[2010.07.14 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Krtimir\AppData\Roaming\InstallShield
[2010.07.14 07:08:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.11 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010.07.11 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009.12.25 10:34:49 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.07.16 11:19:47 | 003,932,160 | -HS- | M] () -- C:\Users\Krtimir\ntuser.dat
[2010.07.16 06:48:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Krtimir\Desktop\OTL.exe
[2010.07.15 11:22:39 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Mafia.lnk
[2010.07.15 06:57:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 06:57:51 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.15 06:57:41 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.15 06:57:41 | 000,639,748 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.07.15 06:57:41 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.15 06:57:41 | 000,126,660 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.07.15 06:57:41 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.15 06:52:37 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.07.15 06:52:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.15 06:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.15 06:52:14 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.15 06:51:15 | 003,304,029 | -H-- | M] () -- C:\Users\Krtimir\AppData\Local\IconCache.db
[2010.07.14 20:49:07 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.07.14 20:49:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.07.14 15:58:44 | 000,001,142 | ---- | M] () -- C:\Users\Krtimir\Desktop\L2 – zástupce.lnk
[2010.07.14 13:13:36 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.07.14 13:13:36 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.07.13 13:31:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.11 17:10:16 | 000,001,116 | ---- | M] () -- C:\Users\Krtimir\Desktop\EVGA Precision.lnk
[2010.07.11 11:34:17 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.07.09 21:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.09 21:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.15 11:22:39 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Mafia.lnk
[2010.07.14 20:49:07 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.07.14 15:58:44 | 000,001,142 | ---- | C] () -- C:\Users\Krtimir\Desktop\L2 – zástupce.lnk
[2010.07.14 15:53:47 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010.07.11 17:10:16 | 000,001,116 | ---- | C] () -- C:\Users\Krtimir\Desktop\EVGA Precision.lnk
[2010.07.11 11:34:17 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.09 21:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.03.06 23:47:30 | 000,000,104 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.02.27 14:25:10 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini
[2010.02.10 07:31:09 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.01.04 19:09:00 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2010.01.04 19:07:58 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2010.01.04 19:07:55 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2010.01.04 19:07:55 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.01.04 19:07:45 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.04 19:07:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.12.31 16:40:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.12.25 10:34:49 | 012,039,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2009.12.25 10:34:49 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2009.12.25 10:34:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2009.11.23 14:12:31 | 001,496,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.08 22:39:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.21 15:40:43 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LAME_MP3.dll
[2009.10.18 12:23:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.13 17:46:08 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.13 15:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2006.10.09 01:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2005.10.14 11:56:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Ogg.dll
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2003.04.08 20:39:56 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[1999.08.12 00:00:00 | 001,708,032 | ---- | C] () -- C:\Windows\SysWow64\MSO97V.DLL
[1999.08.12 00:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\MSORFS.DLL
[1999.08.12 00:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010.06.11 11:26:33 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Ascaron Entertainment
[2010.01.11 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Canon
[2009.10.12 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\DAEMON Tools Lite
[2009.10.21 15:39:26 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\DataCast
[2010.06.18 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Facebook
[2010.05.08 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\GetRightToGo
[2010.04.25 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\GHISLER
[2010.07.16 07:55:58 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\ICQ
[2009.10.13 17:26:22 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\IObit
[2009.10.13 20:23:27 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\IrfanView
[2010.06.03 15:46:19 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Kastner software
[2010.07.07 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mc & RENOX
[2010.03.07 09:38:21 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Nokia
[2009.11.22 13:40:59 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\OpenOffice.org
[2010.03.06 23:52:15 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\PC Suite
[2010.06.27 23:18:12 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Samsung
[2010.02.21 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\SoundSpectrum
[2010.02.01 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\TS3Client
[2010.05.02 15:05:17 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Ubisoft
[2010.07.16 06:47:41 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\uTorrent
[2010.07.15 06:52:37 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010.05.05 17:01:10 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"OscarEditor" = "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum -- [2008.07.30 13:52:37 | 002,865,152 | ---- | M] ()
"AutoStartNPSAgent" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe -- [2010.03.31 15:46:06 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.15 18:33:11 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Adobe
[2010.06.11 11:26:33 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Ascaron Entertainment
[2010.01.11 18:47:31 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Canon
[2010.01.04 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Creative
[2009.10.12 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\DAEMON Tools Lite
[2009.10.21 15:39:26 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\DataCast
[2010.01.05 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Download Manager
[2010.06.27 22:59:37 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\dvdcss
[2009.10.20 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\ESTsoft
[2010.06.18 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Facebook
[2010.05.08 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\GetRightToGo
[2010.04.25 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\GHISLER
[2010.07.16 07:55:58 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\ICQ
[2009.10.12 17:05:42 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Identities
[2010.07.14 15:48:24 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\InstallShield
[2009.10.13 17:26:22 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\IObit
[2009.10.13 20:23:27 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\IrfanView
[2010.06.03 15:46:19 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Kastner software
[2009.10.12 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Macromedia
[2010.07.07 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mc & RENOX
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Media Center Programs
[2010.05.08 15:40:25 | 000,000,000 | --SD | M] -- C:\Users\Krtimir\AppData\Roaming\Microsoft
[2009.11.04 19:40:52 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Microsoft Games
[2010.03.10 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Mozilla
[2010.04.29 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Nero
[2010.03.07 09:38:21 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Nokia
[2009.11.22 13:40:59 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\OpenOffice.org
[2010.03.06 23:52:15 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\PC Suite
[2010.06.27 23:18:12 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Samsung
[2009.11.21 21:44:14 | 000,000,000 | RH-D | M] -- C:\Users\Krtimir\AppData\Roaming\SecuROM
[2010.07.16 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Skype
[2010.07.16 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\skypePM
[2010.02.21 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\SoundSpectrum
[2010.03.10 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Talkback
[2010.03.21 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\teamspeak2
[2010.02.01 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\TS3Client
[2010.05.02 15:05:17 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Ubisoft
[2010.07.16 06:47:41 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\uTorrent
[2010.04.21 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Ventrilo
[2010.06.27 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\vlc
[2010.07.15 21:33:30 | 000,000,000 | ---D | M] -- C:\Users\Krtimir\AppData\Roaming\Xfire

< %APPDATA%\*.exe /s >
[2010.06.18 10:40:51 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Krtimir\AppData\Roaming\Facebook\uninstall.exe
[2009.12.28 13:16:30 | 000,010,134 | R--- | M] () -- C:\Users\Krtimir\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.14 20:49:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config.nt
[2010.07.14 13:13:36 | 000,215,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
[2010.07.14 13:13:36 | 000,215,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.xtr
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF
< End of report >

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Windows\SysWow64\rsnp2std.dll
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
  IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 07 57 57 4F 4B CA 01 [binary data]
  IE - HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\..\URLSearchHook: - Reg Error: Key error. File not found
  FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
  FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
  [2010.07.12 14:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin-1.xml
  [2010.06.18 06:48:47 | 000,000,947 | ---- | M] () -- C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin.xml
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O13 - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{2a179281-b750-11de-9c04-001a4d5a7f87}\Shell - "" = AutoRun
  O33 - MountPoints2\{7a938d6e-bbcf-11de-ac90-001a4d5a7f87}\Shell - "" = AutoRun
  O33 - MountPoints2\{7a938d6f-bbcf-11de-ac90-001a4d5a7f87}\Shell - "" = AutoRun
  [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp ->  ]
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== OTL ==========
HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3569689414-3256884826-3288814900-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3569689414-3256884826-3288814900-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_result ... 2.0.0.2&q=" removed from keyword.URL
C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Krtimir\AppData\Roaming\Mozilla\Firefox\Profiles\wjzhwaur.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a179281-b750-11de-9c04-001a4d5a7f87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a179281-b750-11de-9c04-001a4d5a7f87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a938d6e-bbcf-11de-ac90-001a4d5a7f87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a938d6e-bbcf-11de-ac90-001a4d5a7f87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a938d6f-bbcf-11de-ac90-001a4d5a7f87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a938d6f-bbcf-11de-ac90-001a4d5a7f87}\ not found.
C:\Windows\SysWow64\SET8DC5.tmp deleted successfully.
C:\Windows\SysWow64\SET8EBF.tmp deleted successfully.
C:\Windows\SysWow64\tmp3F6C.tmp deleted successfully.
C:\Windows\SysWow64\tmp3F7D.tmp deleted successfully.
C:\Windows\SysWow64\tmp7EDF.tmp deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP folder deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDC55.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI834.tmp moved successfully.
C:\WINDOWS\Installer\MSIF203.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp100529969.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp104835540.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp111078460.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp12358121.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp133752865.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp153165682.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp235702405.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp32156243.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp73836662.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Krtimir
->Temp folder emptied: 7457939 bytes
->Temporary Internet Files folder emptied: 1474672 bytes
->Java cache emptied: 66577228 bytes
->FireFox cache emptied: 64207191 bytes
->Flash cache emptied: 1680 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72646 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85315 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 133,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Krtimir
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_195855

Files\Folders moved on Reboot...
C:\Users\Krtimir\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_KRTIMIR-PC$\1968 not found!

Registry entries deleted on Reboot...

Co na to PC, jak se chova

Všechno je v pohodě

To rad slysim

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Teď už všechno funguje, děkuji za pomoc