Prosím o kontrolu Logu ... PC ztrácí výkon

x18 · Příspěvekod **x18** » 11 led 2010 17:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:31, on 11.1.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\bobek\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9922 bytes

Reklama

Damned · Příspěvekod **Damned** » 14 led 2010 14:04

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

x18 · Příspěvekod **x18** » 14 led 2010 17:40

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3562
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

14.1.2010 17:39:12
mbam-log-2010-01-14 (17-39-12).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 104347
Uplynulý čas: 7 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 14 led 2010 17:48

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

x18 · Příspěvekod **x18** » 14 led 2010 18:44

ComboFix 10-01-13.0C - bobek 14.01.2010 18:11:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2157 [GMT 1:00]
Spuštěný z: C:\Users\bobek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1227 [VPS 100114-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1227 [VPS 100114-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-3942548257-2658917572-2333874959-501
C:\Program Files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
C:\ProgramData\ntuser.dat{ad2cbefd-c7c6-11de-8b62-00a0d1a754c9}.TMContainer00000000000000000001.regtrans-ms
C:\Users\bobek\AppData\Roaming\.#
C:\Windows\Suyin.reg
C:\Windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 17:24:22 . 2010-01-14 17:29:52 -------- d-----w- C:\Users\bobek\AppData\Local\temp
2010-01-14 17:24:22 . 2010-01-14 17:24:22 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-01-14 16:30:40 . 2010-01-14 16:30:40 -------- d-----w- C:\Users\bobek\AppData\Roaming\Malwarebytes
2010-01-14 16:30:33 . 2010-01-07 15:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-01-14 16:30:30 . 2010-01-14 16:30:30 -------- d-----w- C:\ProgramData\Malwarebytes
2010-01-14 16:30:29 . 2010-01-14 16:30:37 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-14 16:30:29 . 2010-01-07 15:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-01-13 18:41:56 . 2010-01-13 18:41:56 -------- d-----w- C:\Program Files\Windows Portable Devices
2010-01-13 16:28:44 . 2009-10-19 13:38:10 156672 ----a-w- C:\Windows\system32\t2embed.dll
2010-01-13 16:28:43 . 2009-10-19 13:35:05 72704 ----a-w- C:\Windows\system32\fontsub.dll
2010-01-13 16:22:14 . 2009-09-10 02:00:36 92672 ----a-w- C:\Windows\system32\UIAnimation.dll
2010-01-13 16:22:11 . 2009-09-10 02:01:02 3023360 ----a-w- C:\Windows\system32\UIRibbon.dll
2010-01-13 16:22:11 . 2009-09-10 02:00:54 1164800 ----a-w- C:\Windows\system32\UIRibbonRes.dll
2010-01-13 16:20:29 . 2009-10-01 01:02:05 30208 ----a-w- C:\Windows\system32\WPDShextAutoplay.exe
2010-01-13 16:18:09 . 2009-10-08 21:07:59 4096 ----a-w- C:\Windows\system32\oleaccrc.dll
2010-01-13 16:18:08 . 2009-10-08 21:08:01 555520 ----a-w- C:\Windows\system32\UIAutomationCore.dll
2010-01-13 16:18:08 . 2009-10-08 21:08:01 234496 ----a-w- C:\Windows\system32\oleacc.dll
2010-01-12 00:01:43 . 2010-01-12 00:02:08 -------- d-----w- C:\Windows\system32\ca-ES
2010-01-12 00:01:43 . 2010-01-12 00:02:05 -------- d-----w- C:\Windows\system32\eu-ES
2010-01-12 00:01:43 . 2010-01-12 00:02:02 -------- d-----w- C:\Windows\system32\vi-VN
2010-01-11 17:58:16 . 2010-01-11 17:58:20 -------- d-----w- C:\Windows\system32\EventProviders
2010-01-08 00:01:52 . 2010-01-08 00:01:52 -------- d-----w- C:\Program Files\Common Files\Protexis
2010-01-08 00:01:51 . 2010-01-08 00:01:58 -------- d-----w- C:\ProgramData\Corel
2010-01-07 23:57:39 . 2010-01-07 23:57:39 -------- d-----w- C:\Program Files\Common Files\Corel
2010-01-07 23:56:47 . 2010-01-07 23:56:47 -------- d-----w- C:\Program Files\Corel
2010-01-07 22:38:12 . 2010-01-07 22:38:19 -------- d-----w- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-01-05 22:05:50 . 2010-01-05 22:05:51 -------- d-----w- C:\Program Files\CCleaner
2010-01-03 11:38:41 . 2009-10-30 14:08:46 29512 ----a-w- C:\Windows\system32\TURegOpt.exe
2010-01-03 11:38:40 . 2009-10-30 14:01:12 21320 ----a-w- C:\Windows\system32\authuitu.dll
2010-01-03 11:38:40 . 2009-10-30 14:01:00 30024 ----a-w- C:\Windows\system32\uxtuneup.dll
2010-01-03 11:38:11 . 2010-01-03 11:38:39 -------- d-----w- C:\Program Files\TuneUp Utilities 2010
2010-01-03 11:38:01 . 2010-01-03 11:38:01 -------- d-sh--w- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 17:27:56 . 2008-07-30 20:38:58 190515 ----a-w- C:\ProgramData\nvModes.dat
2010-01-14 17:24:54 . 2008-07-31 10:37:23 12 ----a-w- C:\Windows\bthservsdp.dat
2010-01-14 17:14:44 . 2008-01-21 06:46:38 602086 ----a-w- C:\Windows\system32\perfh005.dat
2010-01-14 17:14:44 . 2008-01-21 06:46:38 116182 ----a-w- C:\Windows\system32\perfc005.dat
2010-01-14 17:00:06 . 2009-07-09 13:26:08 -------- d-----w- C:\Users\bobek\AppData\Roaming\Spyware Terminator
2010-01-14 17:00:06 . 2009-07-09 13:26:06 -------- d-----w- C:\Program Files\Spyware Terminator
2010-01-14 11:06:53 . 2009-06-05 15:14:14 -------- d-----w- C:\ProgramData\TrackMania
2010-01-14 09:16:02 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-01-13 18:41:51 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2010-01-13 18:41:42 . 2010-01-13 18:41:42 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-13 18:41:17 . 2010-01-13 18:41:17 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-12 16:45:24 . 2009-07-17 20:26:11 -------- d-----w- C:\Program Files\ICQ6.5
2010-01-12 00:02:14 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Sidebar
2010-01-12 00:02:14 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Journal
2010-01-12 00:02:14 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Collaboration
2010-01-12 00:02:14 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Calendar
2010-01-12 00:02:13 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Photo Gallery
2010-01-12 00:02:12 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Defender
2010-01-09 22:08:14 . 2008-08-19 21:00:19 -------- d-----w- C:\Users\bobek\AppData\Roaming\gtk-2.0
2010-01-09 20:55:13 . 2009-07-24 12:04:43 -------- d-----w- C:\Program Files\BSplayer
2010-01-08 11:57:35 . 2010-01-08 00:05:12 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-01-08 11:57:35 . 2010-01-08 00:05:12 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-01-08 00:05:14 . 2008-09-22 22:09:11 -------- d-----w- C:\Users\bobek\AppData\Roaming\Corel
2010-01-08 00:05:12 . 2010-01-08 00:05:12 8 --sh--r- C:\ProgramData\85001D9247.sys
2010-01-08 00:05:12 . 2010-01-08 00:05:12 8 --sh--r- C:\ProgramData\85001D9247.sys
2010-01-08 00:05:10 . 2009-02-01 23:07:54 135448 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2010-01-07 22:49:13 . 2009-01-24 17:36:40 -------- d-----w- C:\Users\bobek\AppData\Roaming\Audacity
2010-01-06 11:08:08 . 2010-01-14 09:39:40 545280 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 11:08:08 . 2010-01-14 09:39:40 4726272 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 11:08:08 . 2010-01-14 09:39:40 4725760 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 11:08:08 . 2010-01-14 09:39:40 103424 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 11:08:08 . 2010-01-14 09:39:39 57856 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 11:08:08 . 2010-01-14 09:39:39 344064 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 11:08:08 . 2010-01-14 09:39:39 153600 ----a-w- C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-03 11:38:06 . 2008-11-20 17:22:44 -------- d-----w- C:\ProgramData\TuneUp Software
2010-01-02 10:02:21 . 2008-08-04 15:17:34 -------- d-----w- C:\Program Files\Java
2009-12-19 00:52:37 . 2009-12-19 00:52:37 515848 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-04 15:01:23 . 2009-07-09 13:26:06 -------- d-----w- C:\ProgramData\Spyware Terminator
2009-12-04 14:08:04 . 2009-12-04 13:56:37 -------- d-----w- C:\Users\bobek\AppData\Roaming\Trillian
2009-11-26 09:11:43 . 2009-11-26 09:11:43 -------- d-----w- C:\Program Files\MSXML 4.0
2009-11-21 06:40:20 . 2009-12-09 12:26:04 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-11-21 06:34:39 . 2009-12-09 12:26:01 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-11-21 06:34:39 . 2009-12-09 12:26:01 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-11-21 04:59:58 . 2009-12-09 12:26:02 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-11-18 10:49:55 . 2009-06-17 10:49:58 -------- d-----w- C:\Users\bobek\AppData\Roaming\Winamp
2009-11-10 13:36:31 . 2008-07-31 16:32:01 7592 ----a-w- C:\Users\bobek\AppData\Local\d3d9caps.dat
2009-11-09 12:31:42 . 2009-12-10 09:25:25 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2009-11-09 12:30:03 . 2009-12-10 09:25:18 30720 ----a-w- C:\Windows\system32\httpapi.dll
2009-11-09 10:36:45 . 2009-12-10 09:25:19 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2009-11-02 19:42:06 . 2009-10-03 08:29:36 195456 ------w- C:\Windows\system32\MpSigStub.exe
2009-11-02 18:15:43 . 2009-11-02 18:15:43 0 ----a-w- C:\Users\bobek\AppData\Roaming\wklnhst.dat
2009-11-02 17:44:07 . 2009-11-02 17:44:07 262144 ----a-w- C:\ProgramData\ntuser.dat
2009-10-29 09:17:42 . 2009-11-26 09:12:15 2048 ----a-w- C:\Windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38:12 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 11:58:52 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 09:53:54 5296128]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 09:26:54 1037608]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 17:30:28 397312]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 01:36:12 544768]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-23 14:55:00 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-23 14:55:00 92704]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 07:03:46 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 12:44:58 178712]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-30 20:43:28 3659264]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 08:56:18 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-04-28 11:18:26 809480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 14:38:34 78008]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 21:38:28 526896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-30 20:43:46 3024896 ----a-w- C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e3,ca,66,a8,67,93,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3942548257-2658917572-2333874959-1000]
"EnableNotificationsRef"=dword:00000005

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\System32\drivers\AlfaFF.sys [30.7.2008 21:43:32 43184]
R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [4.8.2008 11:31:54 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\System32\drivers\sp_rsdrv2.sys [9.7.2009 14:26:09 142592]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [4.8.2008 11:31:54 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [4.8.2008 11:31:32 51280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05:48 1021256]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [22.4.2008 10:02:06 599344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [25.4.2008 6:22:26 54784]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [25.4.2008 6:21:14 84240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24:44 10064]
R3 vfs101x;vfs101x;C:\Windows\System32\drivers\vfs101x.sys [22.4.2008 10:02:34 40752]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [25.4.2008 6:23:16 24576]
S2 IGBASVC;iGroupTec Service;C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [30.7.2008 21:43:37 3474432]
S3 FontCache;Mezipaměť písem Windows;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23:43 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-14 C:\Windows\Tasks\User_Feed_Synchronization-{4CC60630-8408-4B18-87AB-03C4558529D6}.job
- C:\Windows\system32\msfeedssync.exe [2009-12-09 12:26:01 . 2009-11-21 04:59:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: C:\Users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 18:28:37
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spvg.sys >>UNKNOWN [0x854DA944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9aad24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x855231f8
\Driver\iaStor -> iaStor.sys @ 0x8a2d4580
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3942548257-2658917572-2333874959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,63,70,ce,9f,88,ab,bf,8b,4f,40,a1,11,48,f4,04,49,6c,ba,37,a3,cd,af,
0e,dc,dc,0c,bb,6a,c9,75,1c,21,35,1f,00,56,90,b1,aa,98,11,84,a0,8f,e9,d5,3a,\
"??"=hex:ed,e5,69,89,53,e8,fe,28,95,00,5d,5e,43,4e,ab,05

[HKEY_USERS\S-1-5-21-3942548257-2658917572-2333874959-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:83,ad,db,13,f7,a4,e0,55,e0,49,2e,46,47,d1,21,a6,ae,09,aa,b9,41,
6e,0e,a5,b3,42,fe,3c,eb,1f,03,0b,81,7a,e6,7b,09,12,be,6a,8c,1d,3b,62,3a,c5,\
"rkeysecu"=hex:10,f3,f6,5b,8b,cd,c2,21,fb,7c,01,c9,18,21,58,31

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(336)
C:\Program Files\RocketDock\RocketDock.dll
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
C:\Windows\System32\SysHook.dll
C:\Windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-14 18:38:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-14 17:38:51

Před spuštěním: Volných bajtů: 21 685 624 832
Po spuštění: Volných bajtů: 21 430 824 960

- - End Of File - - D604BC92DAC73FF18A33CC122AB61ED0

Damned · Příspěvekod **Damned** » 14 led 2010 22:11

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\ProgramData\KGyGaAvL.sys
C:\ProgramData\85001D9247.sys
C:\Users\bobek\AppData\Local\d3d9caps.dat

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component:

Driver::
KGyGaAvL
85001D9247

MBR::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

x18 · Příspěvekod **x18** » 17 led 2010 12:48

ComboFix 10-01-13.0C - bobek 17.01.2010 12:18:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.1820 [GMT 1:00]
Spuštěný z: c:\users\bobek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\bobek\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1227 [VPS 100117-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1227 [VPS 100117-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\85001D9247.sys"
"c:\programdata\KGyGaAvL.sys"
"c:\users\bobek\AppData\Local\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\85001D9247.sys
c:\programdata\KGyGaAvL.sys
c:\users\bobek\AppData\Local\d3d9caps.dat
.
---- Předchozí spuštění -------
.
c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\programdata\ntuser.dat{ad2cbefd-c7c6-11de-8b62-00a0d1a754c9}.TMContainer00000000000000000001.regtrans-ms
c:\windows\Suyin.reg
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-17 do 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 11:30 . 2010-01-17 11:32 -------- d-----w- c:\users\bobek\AppData\Local\temp
2010-01-17 11:30 . 2010-01-17 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-14 16:30 . 2010-01-14 16:30 -------- d-----w- c:\users\bobek\AppData\Roaming\Malwarebytes
2010-01-14 16:30 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 16:30 . 2010-01-14 16:30 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 16:30 . 2010-01-14 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 16:30 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 18:41 . 2010-01-13 18:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-13 16:28 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:28 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 16:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-01-13 16:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-01-13 16:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-01-13 16:20 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-13 16:18 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-13 16:18 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-13 16:18 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-12 00:01 . 2010-01-12 00:02 -------- d-----w- c:\windows\system32\ca-ES
2010-01-12 00:01 . 2010-01-12 00:02 -------- d-----w- c:\windows\system32\eu-ES
2010-01-12 00:01 . 2010-01-12 00:02 -------- d-----w- c:\windows\system32\vi-VN
2010-01-11 17:58 . 2010-01-11 17:58 -------- d-----w- c:\windows\system32\EventProviders
2010-01-08 00:01 . 2010-01-08 00:01 -------- d-----w- c:\program files\Common Files\Protexis
2010-01-08 00:01 . 2010-01-08 00:01 -------- d-----w- c:\programdata\Corel
2010-01-07 23:57 . 2010-01-07 23:57 -------- d-----w- c:\program files\Common Files\Corel
2010-01-07 23:56 . 2010-01-07 23:56 -------- d-----w- c:\program files\Corel
2010-01-07 22:38 . 2010-01-07 22:38 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-01-05 22:05 . 2010-01-05 22:05 -------- d-----w- c:\program files\CCleaner
2010-01-03 11:38 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-03 11:38 . 2009-10-30 14:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-01-03 11:38 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-03 11:38 . 2010-01-03 11:38 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-03 11:38 . 2010-01-03 11:38 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 11:31 . 2008-07-30 20:38 190515 ----a-w- c:\programdata\nvModes.dat
2010-01-17 11:30 . 2008-07-31 10:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-17 11:22 . 2008-01-21 06:46 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-01-17 11:22 . 2008-01-21 06:46 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-01-17 11:12 . 2009-07-09 13:26 -------- d-----w- c:\users\bobek\AppData\Roaming\Spyware Terminator
2010-01-17 11:05 . 2009-02-01 23:07 135920 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-16 23:22 . 2008-08-19 21:00 -------- d-----w- c:\users\bobek\AppData\Roaming\gtk-2.0
2010-01-16 14:19 . 2009-07-17 20:26 -------- d-----w- c:\program files\ICQ6.5
2010-01-14 17:00 . 2009-07-09 13:26 -------- d-----w- c:\program files\Spyware Terminator
2010-01-14 11:06 . 2009-06-05 15:14 -------- d-----w- c:\programdata\TrackMania
2010-01-14 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 18:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-13 18:41 . 2010-01-13 18:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-13 18:41 . 2010-01-13 18:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-12 00:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-09 20:55 . 2009-07-24 12:04 -------- d-----w- c:\program files\BSplayer
2010-01-08 00:05 . 2008-09-22 22:09 -------- d-----w- c:\users\bobek\AppData\Roaming\Corel
2010-01-07 22:49 . 2009-01-24 17:36 -------- d-----w- c:\users\bobek\AppData\Roaming\Audacity
2010-01-06 11:08 . 2010-01-14 09:39 545280 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 11:08 . 2010-01-14 09:39 4726272 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 11:08 . 2010-01-14 09:39 4725760 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 11:08 . 2010-01-14 09:39 103424 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 11:08 . 2010-01-14 09:39 57856 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 11:08 . 2010-01-14 09:39 344064 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 11:08 . 2010-01-14 09:39 153600 ----a-w- c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-03 11:38 . 2008-11-20 17:22 -------- d-----w- c:\programdata\TuneUp Software
2010-01-02 10:02 . 2008-08-04 15:17 -------- d-----w- c:\program files\Java
2009-12-19 00:52 . 2009-12-19 00:52 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-04 15:01 . 2009-07-09 13:26 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-04 14:08 . 2009-12-04 13:56 -------- d-----w- c:\users\bobek\AppData\Roaming\Trillian
2009-11-26 09:11 . 2009-11-26 09:11 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 06:40 . 2009-12-09 12:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 12:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 12:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 12:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31 . 2009-12-10 09:25 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:25 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:25 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 08:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 18:15 . 2009-11-02 18:15 0 ----a-w- c:\users\bobek\AppData\Roaming\wklnhst.dat
2009-11-02 17:44 . 2009-11-02 17:44 262144 ----a-w- c:\programdata\ntuser.dat
2009-10-29 09:17 . 2009-11-26 09:12 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-23 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-30 3659264]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-30 20:43 3024896 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e3,ca,66,a8,67,93,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3942548257-2658917572-2333874959-1000]
"EnableNotificationsRef"=dword:00000005

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30.7.2008 21:43 43184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [4.8.2008 11:31 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [9.7.2009 14:26 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [4.8.2008 11:31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [4.8.2008 11:31 51280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [22.4.2008 10:02 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [25.4.2008 6:22 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [25.4.2008 6:21 84240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [22.4.2008 10:02 40752]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25.4.2008 6:23 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30.7.2008 21:43 3474432]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{4CC60630-8408-4B18-87AB-03C4558529D6}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\bobek\AppData\Roaming\Mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3942548257-2658917572-2333874959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,63,70,ce,9f,88,ab,bf,8b,4f,40,a1,11,48,f4,04,49,6c,ba,37,a3,cd,af,
0e,dc,dc,0c,bb,6a,c9,75,1c,21,35,1f,00,56,90,b1,aa,98,11,84,a0,8f,e9,d5,3a,\
"??"=hex:ed,e5,69,89,53,e8,fe,28,95,00,5d,5e,43,4e,ab,05

[HKEY_USERS\S-1-5-21-3942548257-2658917572-2333874959-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:83,ad,db,13,f7,a4,e0,55,e0,49,2e,46,47,d1,21,a6,ae,09,aa,b9,41,
6e,0e,a5,b3,42,fe,3c,eb,1f,03,0b,81,7a,e6,7b,09,12,be,6a,8c,1d,3b,62,3a,c5,\
"rkeysecu"=hex:10,f3,f6,5b,8b,cd,c2,21,fb,7c,01,c9,18,21,58,31

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\users\bobek\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-01-17 12:41:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-17 11:41

Před spuštěním: Volných bajtů: 21 439 664 128
Po spuštění: Volných bajtů: 21 406 298 112

- - End Of File - - 2DB1DA7495A6FE6882E8CDAAC900CFA0

x18 · Příspěvekod **x18** » 17 led 2010 12:48

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:35, on 17.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\bobek\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 8195 bytes

x18 · Příspěvekod **x18** » 17 led 2010 12:54

PC se mi zdá živější než předtím ... vyžší zatížení jsem ještě nestihnul udělat tak zatím nemužu říct zda se to výrazně projevilo

a na disku C:\ se mi udělaly nové složky které tam před tím nebyly... MSOCache, Program Data, Qoobox, Config.Msi ... ty tučně tam nebyly určitě ... ty zbylé dvě si jsem si jistý tak na 90% že tam nebyly

Damned · Příspěvekod **Damned** » 17 led 2010 18:58

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

x18 · Příspěvekod **x18** » 18 led 2010 20:40

OTL Extras logfile created on: 18.1.2010 16:19:36 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\bobek\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 19,41 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 14,72 Gb Free Space | 14,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROZHON-PC
Current User Name: bobek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3942548257-2658917572-2333874959-1000]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD185D5-D5DF-42D9-9CF4-B8A722890A70}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{1B08744C-0CE6-414A-B4B0-309F97B4AD72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B6AA210-4C43-4B8F-B22B-CD8AD714315D}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{1D0E3385-DF1E-469D-A840-115D0DA95453}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{201269E7-17ED-4B23-978F-3B2B563D7094}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{2021A00A-916A-4640-9C7C-CC5AEF98BDB2}" = rport=5357 | protocol=6 | dir=out | app=system |
"{265BD088-0509-4175-9058-9921126C71DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{27772228-A8BB-416F-8FB3-00F9A9FDAB73}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{312B4EB7-B035-410D-AFAE-B276A3A4FB57}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{433F522A-3C01-402D-9263-A7CB9077B361}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{47825778-C8FE-41F0-BF2E-C4654BCDEF2C}" = rport=5358 | protocol=6 | dir=out | app=system |
"{55CFB237-18F1-4977-9E78-5431AAEDE846}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{57413843-5124-4D40-94F9-3F5BF0EA284B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{686B2AA9-4885-48DC-B67F-6FA651D95672}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{6ABD9E0D-2640-4905-8C96-8AF4FBB1B9E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{77362510-5A77-418B-AB0C-58300F2E2F18}" = lport=5357 | protocol=6 | dir=in | app=system |
"{7E4BF399-8C4C-49B7-A9EE-4C7E9E0A32D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82FF00BD-2610-480D-A762-943E6466AFAF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8C5D2D03-9B02-4DD4-975C-D71B68152A1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8D3F8ECE-4331-41E0-BD7E-46C8B681D45D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EF4D557-A1CD-4369-81C3-DB587CFD4C66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F1B6880-AAE8-47BB-B0DC-C9C40A0ABA3A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A0C07A33-970A-4554-9F8D-F68B9AAF5698}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1BB1FE0-3C8A-44DC-BD5C-10B2273F9AC6}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{A6629A3A-A7A4-4E8D-ADDF-2F339AFF47EA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD8F7EA6-BF23-4879-9B65-CE7575D973ED}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{B217194F-103C-451E-9CDE-CBB31B2E3D46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B36ECE91-798C-41E6-965E-0D11157356B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{B5710184-9AB2-4CCF-B8B2-15D5282AF1CC}" = lport=51303 | protocol=17 | dir=in | name=torrent |
"{B5F18EEB-56A4-415C-BB16-56071ABABF87}" = lport=5358 | protocol=6 | dir=in | app=system |
"{BF2C3778-B6CC-47E1-AE78-6C7D190538B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5DEB3F4-8691-4620-B145-E9FD35E4F4E3}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{DC344374-26C8-4664-9989-3213593B4011}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCDB0254-42A9-4542-87EE-B9CF09A393E8}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E0972E2D-0FA1-4704-8C2A-AF4CCDAC2FA2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E6F65DB9-FE7A-4710-A8DB-503243FB4C62}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{E85F27CC-6494-4952-AA2C-74FB5C429876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6BEDAA8-6456-4AB9-94DE-2453925BB00E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9DCE509-A6EE-4A90-A1EF-8A05968E2562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC2EBFA0-FAB2-417F-B142-4A1D3CF50E76}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{FD4CE066-25E1-4179-AC35-5B7FFA2D6B29}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DB55C1-A4CD-4B2F-8E70-8B7F571A194A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{10A0F59E-4DB8-445A-9464-3BE05AEBF9E5}" = protocol=17 | dir=in | app=d:\burnout paradise\burnoutlauncher.exe |
"{185DB94A-FF76-47C9-A7D7-072A4751E0D4}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{188D35FF-9D07-40D8-8010-211DE0FAB5DB}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{1AC5AE1C-1870-4409-874A-E35484AA356A}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{1DC77E0D-97C3-4D1E-8ED5-ED0DD2C29C41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1EE941AC-5475-44AB-B1FF-13858BECADFA}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{329A22EB-EFC4-4D81-BF9E-C892A74126A3}" = protocol=6 | dir=out | app=system |
"{33C444D6-9C7F-4097-B35B-9C6A724AF385}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{35902982-31FD-46CA-AB9D-7B0D8C9551F9}" = protocol=6 | dir=in | app=d:\pes 2009\pes2009.exe |
"{39BE42DD-CE3F-4886-9CAA-09AE003C1CC6}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{3BE50182-EFC6-45B0-BD21-A47D620025E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3F6AF3A2-7F70-47AC-85E0-CF17D0EBCCA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{54BE3688-6F16-4D50-B9BE-B97FA2AEF78E}" = protocol=17 | dir=in | app=d:\burnout paradise\burnoutconfigtool.exe |
"{6969A641-C312-48C0-86D7-EC9BBF3813AD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{69A3D01E-973F-476A-8128-9750AD03472B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D73715B-8DBA-4BA3-97D9-3737ADEC90C4}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6E6842AC-4C7F-452D-A493-730A9B6AF1D0}" = protocol=6 | dir=in | app=d:\pro evolution soccer 2010\pes2010.exe |
"{6F3350EA-1A71-40F9-AD61-AC6FB40153C4}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{72F88962-C3B4-46AD-A6A3-A95965C10BA8}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{732D0126-3217-4023-B381-F025F69356A3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{73607046-5673-4FDB-A429-6D46F2178E40}" = protocol=6 | dir=in | app=d:\burnout paradise\burnoutconfigtool.exe |
"{7C6ECC15-5236-4860-BA7B-107F49552803}" = protocol=6 | dir=in | app=d:\burnout paradise\burnoutlauncher.exe |
"{80798464-5E6D-42C3-8D0A-32CE276DCC15}" = protocol=17 | dir=in | app=d:\pro evolution soccer 2010\pes2010.exe |
"{8520D57A-8DDD-4642-A74A-D2D9B85BE3D6}" = protocol=6 | dir=in | app=d:\burnout paradise\burnoutparadise.exe |
"{87D84EB1-FFA8-4673-ACCD-1265A07E2034}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{8D7B3C36-AED6-4FCC-81A2-D2F386C6884C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CAF3C51-A4B3-4852-90BC-1B754E8E6216}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0B41D5D-DDA3-4841-BC3C-32A8B377AFA3}" = protocol=17 | dir=in | app=d:\pes 2009\pes2009.exe |
"{A3FAE772-26D8-4C50-AD86-8A0D4E500E5E}" = protocol=17 | dir=in | app=d:\burnout paradise\burnoutparadise.exe |
"{C96AD0BF-0027-4551-8235-8E5D9E4189F4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D21B56DA-5544-4AFA-A2C9-B27FE69614EE}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{D49B2DDC-4246-4978-B880-3CDB3CB0ABF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D873D99B-FE0A-4A99-9E5F-78B758AC1E77}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{EDCC5FF2-BC95-4D87-A7B8-451B42DF2A62}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{094E4A5C-B9E8-4AF8-BA81-706679ADB1A3}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{53D2135A-3559-406E-84E6-A370848BDD77}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{67680B30-0974-4210-BA07-510E38CE5C6C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6E5CA965-DDD8-4BC9-B706-B51433D2FB81}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"TCP Query User{87AF5C95-2D96-433A-8C96-313E278FB156}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9A5A03A7-5511-4963-918A-D16725F01E77}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"TCP Query User{A382A7EF-B5FC-43FE-901C-9E9AA61C5711}C:\qip infium jadrispack\infium.exe" = protocol=6 | dir=in | app=c:\qip infium jadrispack\infium.exe |
"TCP Query User{A3EBB0CC-ADF1-493F-BC46-0FD89B4D68C9}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"TCP Query User{A476749B-53A6-4D30-AA76-2A4173807C9D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B40A6B9E-BD5F-42D5-973A-F694A748E8D5}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"TCP Query User{B6FD2F97-3BDB-4F32-9230-A377FF56CC56}H:\programy\mirandaportable\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=h:\programy\mirandaportable\app\miranda\miranda32.exe |
"TCP Query User{BC9E26DB-C520-4839-B64D-B06B33960D14}C:\program files\k-lite codec pack\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mplayerc.exe |
"UDP Query User{05A08E34-DF62-4909-B6E7-EA50B86620D8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{090B674B-574A-420D-A6FE-5F77257EEA1C}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"UDP Query User{0EF5EB2B-7446-4EC4-AA72-26C0E7212E59}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{2D11951F-5A23-4A29-898A-7B6ECC78336B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{39B4B4F3-8A06-4BB7-9BA5-DE069E1D873F}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"UDP Query User{54283845-2D0F-4F23-B40E-B968176BFF44}C:\program files\k-lite codec pack\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mplayerc.exe |
"UDP Query User{596D9E04-6729-4DDA-9836-C0F1B29E0779}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{864761F0-CECB-4EF3-982D-C6A79C743D70}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{B4FB9653-EFA0-46A1-8C0E-E538B2828748}C:\qip infium jadrispack\infium.exe" = protocol=17 | dir=in | app=c:\qip infium jadrispack\infium.exe |
"UDP Query User{BD69781B-5F44-4048-8FC4-4C0C62D35B71}C:\program files\packet tracer 5.2\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files\packet tracer 5.2\bin\packettracer5.exe |
"UDP Query User{C445ABF7-E81F-4E10-83A1-BD164FA50A41}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{F2C129F3-B749-41E2-93D4-30BB666F5481}H:\programy\mirandaportable\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=h:\programy\mirandaportable\app\miranda\miranda32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-6001-0405-0002-0060B0CE6BBA}" = AutoCAD 2008 - Český
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{37180755-CA2B-40AD-9637-89FB0CE7CB36}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_SharePointDesigner_{251C27CD-8661-4387-B23F-ABC8289B747D}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}_SharePointDesigner_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}_SharePointDesigner_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}_SharePointDesigner_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0405-0000-0000000FF1CE}_SharePointDesigner_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"µTorrent CZ_is1" = µTorrent CZ 1.8 (build 11813)
"Acer Acer Bio Protection 6.0.00.12" = Acer Bio Protection

AAV 6.0.00.12
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.04
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"AutoCAD 2008 - Český" = AutoCAD 2008 - Český
"avast!" = avast! Antivirus
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.0
"Lexicon 4.0" = Lingea Lexicon 2002
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"NVIDIA Drivers" = NVIDIA Drivers
"Packet Tracer 5.2_is1" = Packet Tracer 5.2
"QIP Infium JadrisPack 2.6.1" = QIP Infium JadrisPack 2.6.1
"RocketDock_is1" = RocketDock 1.3.5
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever
"TuneUp Utilities" = TuneUp Utilities
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21.9.2008 16:26:18 | Computer Name = Rozhon-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Users\bobek\AppData\Roaming\ICQ\APPLICATION.MDB failed, 00000005.

Error - 2.11.2009 13:42:25 | Computer Name = Rozhon-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Users\bobek\Desktop\Fotky\Radvanice\Jakartovice - Radvanice 18.4.2009\102_4738.JPG
failed, 00000005.

[ Application Events ]
Error - 12.1.2010 5:40:20 | Computer Name = Rozhon-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace AcroRd32.exe, verze 8.1.0.137, časové razítko 0x46444e37,
chybující modul PDDom.api, verze 8.0.0.456, časové razítko 0x453c8928, kód výjimky
0xc0000005, posun chyby 0x000089df, ID procesu 0x15b4, čas spuštění aplikace 0x01ca936b100f04c3.

Error - 12.1.2010 10:30:57 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.1.2010 11:02:58 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.1.2010 11:13:24 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.1.2010 12:13:53 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.1.2010 14:45:12 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.1.2010 14:55:57 | Computer Name = Rozhon-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 14.1.2010 5:09:54 | Computer Name = Rozhon-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.1.2010 7:15:15 | Computer Name = Rozhon-PC | Source = Application Hang | ID = 1002
Description = Program TmForever.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 8b8 Čas zahájení: 01ca95099dd99ee8 Čas ukončení: 6623

Error - 14.1.2010 12:26:45 | Computer Name = Rozhon-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace AcroRd32.exe, verze 8.1.0.137, časové razítko 0x46444e37,
chybující modul AcroRd32.dll, verze 8.1.6.21, časové razítko 0x4a15ab7f, kód výjimky
0xc0000005, posun chyby 0x00352b20, ID procesu 0x838, čas spuštění aplikace 0x01ca951d7623d1e8.

[ Media Center Events ]
Error - 2.11.2009 13:06:04 | Computer Name = Rozhon-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

Error - 1.12.2009 13:53:55 | Computer Name = Rozhon-PC | Source = Media Center Guide | ID = 0
Description = Informace o události: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Proces: DefaultDomain Název objektu: Media Center
Guide

[ OSession Events ]
Error - 29.11.2008 14:52:03 | Computer Name = Rozhon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 9947 seconds with 0 seconds of active time. This session ended with a crash.

Error - 26.4.2009 16:28:27 | Computer Name = Rozhon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.5.2009 14:20:04 | Computer Name = Rozhon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27090
seconds with 5100 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17.1.2010 7:32:15 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17.1.2010 7:32:15 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17.1.2010 7:35:50 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 17.1.2010 7:37:30 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 17.1.2010 7:38:34 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 17.1.2010 7:39:37 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 17.1.2010 7:41:29 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 17.1.2010 7:44:24 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.1.2010 3:25:24 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.1.2010 11:10:31 | Computer Name = Rozhon-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

x18 · Příspěvekod **x18** » 18 led 2010 21:20

OTL logfile created on: 18.1.2010 16:19:36 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\bobek\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 19,41 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive D: | 104,90 Gb Total Space | 14,72 Gb Free Space | 14,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROZHON-PC
Current User Name: bobek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\bobek\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\bobek\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Users\bobek\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (IGBASVC) -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (ENTECH) -- C:\Windows\System32\drivers\Entech.sys (EnTech Taiwan)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NETw4v32) Ovladač adaptéru Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://seznam.cz"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.2.0
FF - prefs.js..extensions.enabledItems: one@h3j4.com:1.45
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.03 06:30:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.11 16:58:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.11 16:58:17 | 00,000,000 | ---D | M]

[2008.08.01 19:16:31 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Extensions
[2008.08.01 19:16:31 | 00,000,000 | ---D | M] (No name found) -- C:\Users\bobek\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.01.17 20:11:30 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions
[2009.10.22 22:11:50 | 00,000,000 | ---D | M] (BugMeNot) -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009.11.16 17:49:51 | 00,000,000 | ---D | M] (iPox) -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010.01.14 10:39:42 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.11 23:03:26 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\firefox@tvunetworks.com
[2009.07.12 12:05:33 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\chromifox@altmusictv.com
[2009.07.09 14:14:23 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\one@h3j4.com
[2010.01.14 10:39:41 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\piclens@cooliris.com
[2009.12.28 18:48:26 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\stratareloaded@addons.mozilla.org
[2009.11.16 17:49:57 | 00,000,000 | ---D | M] (No name found) -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2009.11.16 17:49:57 | 00,000,000 | ---D | M] (No name found) -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009.12.28 18:48:46 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions
[2009.12.28 18:48:43 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions
[2009.12.28 18:48:45 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions
[2009.12.28 18:48:45 | 00,000,000 | ---D | M] -- C:\Users\bobek\AppData\Roaming\mozilla\Firefox\Profiles\rfepijl2.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.7x\mozapps\extensions
[2010.01.17 20:11:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.11 16:58:17 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.08.04 16:18:32 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.11 16:31:03 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.24 21:27:39 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.10.13 12:15:40 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.01.02 11:02:29 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.01.11 16:58:00 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.11 16:58:00 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008.01.23 07:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009.10.11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.01.11 16:58:04 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006.10.26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008.10.14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008.07.28 04:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008.07.28 04:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007.03.10 00:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009.06.24 13:08:36 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.06.24 13:08:36 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.06.24 13:08:36 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.06.24 13:08:36 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.06.24 13:08:36 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.06.24 13:08:36 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.01.17 12:31:30 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21043.cfx File not found
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bobek\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\bobek\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

Prosím o kontrolu Logu ... PC ztrácí výkon Vyřešeno

Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Re: Prosím o kontrolu Logu ... PC ztrácí výkon

Kdo je online