﻿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013
Ran by Ondra (administrator) on ACER-F8C2D844E9 on 11-12-2013 14:17:09
Running from C:\Documents and Settings\Ondra\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Overwolf) C:\Program Files\Overwolf\Overwolf.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(forum.viry.cz) C:\Documents and Settings\Ondra\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [817672 2009-02-20] (Dritek System Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [PersistenceThread] - C:\WINDOWS\system32\PersistenceThread.exe [92696 2009-05-01] (Intel Corporation)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-02-27] (Synaptics Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [ExpressFiles] - "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\igdlogin: C:\Windows\system32\igdlogin.dll ()
HKCU\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2009-04-15] (Acer)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2012-09-23] (Google Inc.)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\...\Run: [Overwolf] - C:\Program Files\Overwolf\Overwolf.exe [35256 2013-11-11] (Overwolf)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2009-04-15] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] - C:\WINDOWS\Screensavers\Acer\run_Acer.exe [ 2009-03-16] (TODO: <Company name>)
HKU\Mila Sopouskova\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2009-04-15] (Acer)
HKU\Mila Sopouskova\...\Run: [EPSON SX218 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE /FU "C:\WINDOWS\TEMP\E_S4B.tmp" /EF "HKCU"
HKU\Mila Sopouskova\...\Run: [Facebook Update] - C:\Documents and Settings\Mila Sopouskova\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [ 2012-07-16] (Facebook Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Mila Sopouskova\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph04101706l03c3wu45w48l15641
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph04101706l03c3wu45w48l15641
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph04101706l03c3wu45w48l15641
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {354B0DC0-B196-40EE-B9BB-3F7862D7DE4D} URL = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\pwhdinor.default
FF DefaultSearchEngine: Centrum.cz classic
FF DefaultSearchEngine: Centrum.cz classic
FF SelectedSearchEngine: Centrum.cz classic
FF Homepage: hxxp://www.centrum.cz/?utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_campaign=home
FF Keyword.URL: hxxp://search.centrum.cz/?charset=UTF-8&channel_id=ch-toolbar-ff,ch-toolbar-ff-searchbox,tb-classic&utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_content=toolbar-searchbox&utm_campaign=classic&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Ondra\Data aplikací\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Ondra\Data aplikací\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Ondra\Data aplikací\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Centrum doménový pomocník - C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\pwhdinor.default\Extensions\centrumpomocnik@centrum.cz
FF Extension: Lišta Centrum.cz - C:\Documents and Settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\pwhdinor.default\Extensions\toolbar@centrumholdings.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: search.conduit.com
CHR DefaultSearchProvider: Conduit
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40359670801142712&ctid=CT2928751&UM=1&sspv=TB_TH2
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Angry Birds Seasons) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\adkdbmomhdhkgdocinjlnacgjnmgdbpj\1.1_0
CHR Extension: (YouTube) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Facebook) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0
CHR Extension: (SmallringFX DarkOrange Theme) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\kjnlgbpnlangffmpnapcfdihmhhfnomg\1.7_0
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1952512 2009-02-20] (Broadcom Corporation)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533024 2009-06-19] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-05] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-04-16] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2008-07-25] (Broadcom Corporation.)
S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [37032 2008-02-05] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [45984 2009-06-19] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 igd; C:\Windows\System32\DRIVERS\igxpmp32.sys [5096544 2009-04-28] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-12-06] (Malwarebytes Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-22] ()
U3 ai1p1qmf; C:\Windows\System32\Drivers\ai1p1qmf.sys [0 ] (Microsoft Corporation)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 14:17 - 2013-12-11 14:18 - 00018687 _____ C:\Documents and Settings\Ondra\Plocha\FRST.txt
2013-12-10 21:31 - 2013-12-10 21:31 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Ondra\Plocha\FRSTLauncher.exe
2013-12-10 17:10 - 2013-12-10 21:25 - 00000000 ____D C:\FRST
2013-12-10 17:08 - 2013-12-10 21:25 - 01061325 _____ (Farbar) C:\Documents and Settings\Ondra\Plocha\FRST.exe
2013-12-06 18:00 - 2013-12-06 18:02 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-06 18:00 - 2013-12-06 18:00 - 00000788 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\Ondra\Data aplikací\Malwarebytes
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-06 17:59 - 2013-12-06 18:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-06 17:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-06 17:34 - 2013-12-06 17:40 - 00000000 ____D C:\AdwCleaner
2013-12-06 17:33 - 2013-12-06 17:33 - 01110034 _____ C:\Documents and Settings\Ondra\Plocha\adwcleaner.exe
2013-12-06 17:16 - 2013-12-06 17:16 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-06 17:12 - 2013-12-06 17:13 - 01034531 _____ (Thisisu) C:\Documents and Settings\Ondra\Plocha\JRT.exe
2013-12-06 14:56 - 2013-12-06 14:57 - 00000000 ____D C:\rsit
2013-12-06 14:56 - 2013-12-06 14:57 - 00000000 ____D C:\Program Files\trend micro
2013-12-06 14:55 - 2013-12-06 14:56 - 00781383 _____ C:\Documents and Settings\Ondra\Plocha\RSIT.exe
2013-12-06 14:27 - 2013-12-06 14:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-12-06 14:26 - 2013-12-06 14:27 - 00000000 ____D C:\Program Files\Common Files\Overwolf
2013-11-20 09:38 - 2013-12-11 13:52 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-18 16:53 - 2013-11-18 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-18 16:51 - 2013-11-18 16:51 - 00013870 _____ C:\WINDOWS\KB2900986.log
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-18 16:49 - 2013-11-18 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-18 16:49 - 2013-11-18 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-18 16:47 - 2013-11-18 16:49 - 00012173 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-18 15:19 - 2013-11-18 16:54 - 00020185 _____ C:\WINDOWS\KB2868626.log
2013-11-18 15:16 - 2013-11-18 16:49 - 00014718 _____ C:\WINDOWS\KB2862152.log
2013-11-18 15:13 - 2013-11-18 16:49 - 00013909 _____ C:\WINDOWS\KB2876331.log
2013-11-17 15:12 - 2013-11-18 15:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:26 - 2013-11-15 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Overwolf

==================== One Month Modified Files and Folders =======

2013-12-11 14:19 - 2012-02-08 06:54 - 00000466 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C6452F8-6F82-4E43-9676-8EAC8B6277A0}.job
2013-12-11 14:18 - 2013-12-11 14:17 - 00018687 _____ C:\Documents and Settings\Ondra\Plocha\FRST.txt
2013-12-11 14:17 - 2013-09-25 17:04 - 00000000 ____D C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Overwolf
2013-12-11 14:17 - 2012-05-26 16:26 - 00000000 ____D C:\Documents and Settings\Ondra\Plocha
2013-12-11 14:16 - 2012-05-26 16:26 - 00000000 ___HD C:\Documents and Settings\Ondra\Local Settings\Data aplikací
2013-12-11 14:15 - 2013-07-15 18:06 - 00000272 _____ C:\WINDOWS\Tasks\RMAutoUpdate.job
2013-12-11 14:15 - 2012-02-17 18:20 - 00000290 _____ C:\WINDOWS\Tasks\Express Files Updater.job
2013-12-11 14:15 - 2010-04-30 12:04 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 14:14 - 2012-02-08 08:09 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1007UA.job
2013-12-11 13:55 - 2012-11-15 15:09 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1008UA.job
2013-12-11 13:52 - 2013-11-20 09:38 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-11 13:52 - 2009-07-29 23:09 - 01503880 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-11 13:44 - 2012-08-28 14:47 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-11 13:44 - 2009-07-29 23:15 - 00032230 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-11 13:42 - 2009-07-30 01:04 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-11 13:42 - 2009-07-30 01:04 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-11 13:42 - 2009-07-29 23:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-10 21:40 - 2013-10-23 12:11 - 00198856 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2013-12-10 21:40 - 2012-05-26 16:26 - 00000178 ___SH C:\Documents and Settings\Ondra\ntuser.ini
2013-12-10 21:40 - 2009-07-29 23:15 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2013-12-10 21:37 - 2010-04-30 12:04 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 21:32 - 2012-06-28 14:58 - 00000000 ____D C:\Documents and Settings\Ondra\Dokumenty\Stažené soubory
2013-12-10 21:31 - 2013-12-10 21:31 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Ondra\Plocha\FRSTLauncher.exe
2013-12-10 21:25 - 2013-12-10 17:10 - 00000000 ____D C:\FRST
2013-12-10 21:25 - 2013-12-10 17:08 - 01061325 _____ (Farbar) C:\Documents and Settings\Ondra\Plocha\FRST.exe
2013-12-10 21:15 - 2013-07-15 09:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-12-10 20:41 - 2011-12-23 16:43 - 00001086 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1005UA.job
2013-12-10 17:55 - 2012-11-15 15:09 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1008Core.job
2013-12-10 15:20 - 2010-04-28 23:04 - 00000178 ___SH C:\Documents and Settings\Mila Sopouskova\ntuser.ini
2013-12-10 08:14 - 2012-02-08 08:09 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1007Core.job
2013-12-06 18:02 - 2013-12-06 18:00 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-12-06 18:00 - 2013-12-06 18:00 - 00000788 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\Ondra\Data aplikací\Malwarebytes
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2013-12-06 18:00 - 2013-12-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-12-06 18:00 - 2013-12-06 17:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-06 18:00 - 2012-05-26 16:26 - 00000000 __RHD C:\Documents and Settings\Ondra\Data aplikací
2013-12-06 18:00 - 2009-07-30 01:01 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-06 18:00 - 2009-07-30 01:00 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-12-06 18:00 - 2009-07-30 01:00 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-12-06 17:46 - 2009-07-30 01:01 - 01196612 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-06 17:40 - 2013-12-06 17:34 - 00000000 ____D C:\AdwCleaner
2013-12-06 17:37 - 2010-04-28 23:04 - 00000000 __RHD C:\Documents and Settings\Mila Sopouskova\Data aplikací
2013-12-06 17:37 - 2010-04-28 23:04 - 00000000 ___HD C:\Documents and Settings\Mila Sopouskova\Local Settings\Data aplikací
2013-12-06 17:33 - 2013-12-06 17:33 - 01110034 _____ C:\Documents and Settings\Ondra\Plocha\adwcleaner.exe
2013-12-06 17:20 - 2012-05-26 16:26 - 00000000 ___RD C:\Documents and Settings\Ondra\Dokumenty
2013-12-06 17:16 - 2013-12-06 17:16 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-06 17:13 - 2013-12-06 17:12 - 01034531 _____ (Thisisu) C:\Documents and Settings\Ondra\Plocha\JRT.exe
2013-12-06 14:57 - 2013-12-06 14:56 - 00000000 ____D C:\rsit
2013-12-06 14:57 - 2013-12-06 14:56 - 00000000 ____D C:\Program Files\trend micro
2013-12-06 14:56 - 2013-12-06 14:55 - 00781383 _____ C:\Documents and Settings\Ondra\Plocha\RSIT.exe
2013-12-06 14:41 - 2011-12-23 16:43 - 00001064 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1005Core.job
2013-12-06 14:28 - 2013-09-25 17:07 - 00000000 ____D C:\Program Files\Overwolf
2013-12-06 14:27 - 2013-12-06 14:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-12-06 14:27 - 2013-12-06 14:26 - 00000000 ____D C:\Program Files\Common Files\Overwolf
2013-12-05 16:51 - 2009-07-30 08:44 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-04 16:44 - 2012-08-28 08:39 - 00001817 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-12-03 17:15 - 2013-08-01 16:46 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-11-20 09:27 - 2012-05-06 15:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 11:21 - 2013-08-13 15:15 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-18 16:54 - 2013-11-18 15:19 - 00020185 _____ C:\WINDOWS\KB2868626.log
2013-11-18 16:54 - 2010-04-28 23:11 - 00701011 _____ C:\WINDOWS\setupapi.log
2013-11-18 16:54 - 2009-07-30 01:01 - 01917277 _____ C:\WINDOWS\FaxSetup.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00919261 _____ C:\WINDOWS\ocgen.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00732655 _____ C:\WINDOWS\tsoc.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00642894 _____ C:\WINDOWS\comsetup.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00388071 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00301848 _____ C:\WINDOWS\iis6.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00119001 _____ C:\WINDOWS\ocmsn.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00095425 _____ C:\WINDOWS\msgsocm.log
2013-11-18 16:54 - 2009-07-30 01:01 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-18 16:54 - 2009-07-29 23:29 - 00158627 _____ C:\WINDOWS\updspapi.log
2013-11-18 16:53 - 2013-11-18 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-18 16:53 - 2009-07-30 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-18 16:51 - 2013-11-18 16:51 - 00013870 _____ C:\WINDOWS\KB2900986.log
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-18 16:51 - 2013-08-13 15:18 - 00001912 _____ C:\WINDOWS\epplauncher.mif
2013-11-18 16:51 - 2009-07-30 01:01 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-18 16:50 - 2013-08-13 15:11 - 00001702 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Security Essentials.lnk
2013-11-18 16:50 - 2013-08-13 15:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 16:49 - 2013-11-18 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-18 16:49 - 2013-11-18 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-18 16:49 - 2013-11-18 16:47 - 00012173 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-18 16:49 - 2013-11-18 15:16 - 00014718 _____ C:\WINDOWS\KB2862152.log
2013-11-18 16:49 - 2013-11-18 15:13 - 00013909 _____ C:\WINDOWS\KB2876331.log
2013-11-18 15:29 - 2013-08-15 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-18 15:16 - 2013-11-17 15:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 15:12 - 2010-05-05 18:00 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-15 18:26 - 2013-11-15 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Overwolf
2013-11-15 18:25 - 2012-05-26 16:48 - 00000000 ____D C:\Documents and Settings\Ondra\Data aplikací\Mozilla

Files to move or delete:
====================
C:\Documents and Settings\Mila Sopouskova\jagex_runescape_preferences.dat
C:\Documents and Settings\Mila Sopouskova\jagex_runescape_preferences2.dat
C:\Documents and Settings\Mila Sopouskova\jagex__preferences3.dat
C:\Documents and Settings\Ondra\jagex_cl_runescape_LIVE.dat


Some content of TEMP:
====================
C:\Documents and Settings\Mila Sopouskova\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Mila Sopouskova\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Mila Sopouskova\Local Settings\Temp\tbuTo2.dll
C:\Documents and Settings\Mila Sopouskova\Local Settings\Temp\utt19.tmp.exe
C:\Documents and Settings\Ondra\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Ondra\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Ondra\Local Settings\Temp\PotPlayerSetup.exe
C:\Documents and Settings\Ondra\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Ondra\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2009-07-30 08:43] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1 

C:\Windows\System32\winlogon.exe
[2009-07-30 08:44] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea 

C:\Windows\System32\svchost.exe
[2009-07-30 08:44] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93 

C:\Windows\System32\services.exe
[2009-07-30 08:44] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7 

C:\Windows\System32\User32.dll
[2009-07-30 08:44] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53 

C:\Windows\System32\userinit.exe
[2009-07-30 08:44] - [2008-04-14 13:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239 

C:\Windows\System32\Drivers\volsnap.sys
[2009-07-30 08:44] - [2008-04-14 13:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1 




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Express Files Updater.job => C:\Program Files\ExpressFiles\EFupdater.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1005Core.job => C:\Documents and Settings\Mila Sopouskova\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1005UA.job => C:\Documents and Settings\Mila Sopouskova\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1007Core.job => C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1007UA.job => C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1008Core.job => C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3825283475-3410288154-3143571267-1008UA.job => C:\Documents and Settings\Ondra\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C6452F8-6F82-4E43-9676-8EAC8B6277A0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Ondra\Plocha" je 4 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall	REG_DWORD	0x1
    DisableNotifications	REG_DWORD	0x0
    DoNotAllowExceptions	REG_DWORD	0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall	REG_DWORD	0x1
    DisableNotifications	REG_DWORD	0x0
    DoNotAllowExceptions	REG_DWORD	0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Metin2\\metin2.bin"="C:\\Program Files\\Metin2\\metin2.bin:*:Enabled:metin2"
"C:\\Program Files\\Metin2\\metin2client.bin"="C:\\Program Files\\Metin2\\metin2client.bin:*:Enabled:metin2client"
"C:\\Program Files\\Metin2\\metin2.exe"="C:\\Program Files\\Metin2\\metin2.exe:*:Enabled:metin2"
"C:\\Program Files\\Acer\\Acer VCM\\VC.exe"="C:\\Program Files\\Acer\\Acer VCM\\VC.exe:*:Enabled:Acer Video Quality Enhancement"
"C:\\Documents and Settings\\Mila Sopouskova\\Dokumenty\\Downloads\\chmatakov15.exe"="C:\\Documents and Settings\\Mila Sopouskova\\Dokumenty\\Downloads\\chmatakov15.exe:*:Disabled:chmatakov15"
"C:\\Documents and Settings\\Mila Sopouskova\\Dokumenty\\Downloads\\chmatakov15 (1).exe"="C:\\Documents and Settings\\Mila Sopouskova\\Dokumenty\\Downloads\\chmatakov15 (1).exe:*:Enabled:chmatakov15 (1)"
"C:\\Documents and Settings\\Ondra\\Local Settings\\Data aplikac\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Ondra\\Local Settings\\Data aplikac\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Ondra\\Plocha\\chmatakov15.exe"="C:\\Documents and Settings\\Ondra\\Plocha\\chmatakov15.exe:*:Disabled:chmatakov15"
"C:\\Documents and Settings\\Ondra\\Plocha\\ChmatJabko.exe"="C:\\Documents and Settings\\Ondra\\Plocha\\ChmatJabko.exe:*:Disabled:ChmatJabko"
"C:\\Documents and Settings\\Mila Sopouskova\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Mila Sopouskova\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Documents and Settings\\Ondra\\Local Settings\\Temp\\Rar$EX82.512\\Chmatakov15n - 826 ip.ini.exe"="C:\\Documents and Settings\\Ondra\\Local Settings\\Temp\\Rar$EX82.512\\Chmatakov15n - 826 ip.ini.exe:*:Enabled:Multimedia Fusion Stand Alone Application"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

 
==================== End Of Log ==============================
