tak posílám:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014
Ran by Hanule (administrator) on HANULE-PC on 13-03-2014 11:21:58
Running from C:\Users\Hanule\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Logitech Inc.) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Hanule\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Akamai Technologies, Inc.) C:\Users\Hanule\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
() D:\PROFIT\PROFIT.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640 2009-05-14] (ESET)
HKLM\...\Run: [Cobian Backup 11 interface] - C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [LaunchList] - G:\programy\Pinacle\LaunchList2.exe
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [] - [X]
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Hanule\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [nzqjvywm] - regsvr32.exe "C:\ProgramData\nzqjvywm.dat"
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [kanivghd] - regsvr32.exe "C:\ProgramData\kanivghd.dat"
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\MountPoints2: {3d26ba94-a253-11e0-8e18-001999555c0f} - E:\StartVMCLite.exe
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\MountPoints2: {5ff43746-dcb8-11e0-9d0e-001999555c0f} - E:\DPFMate.exe
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\MountPoints2: {8373fd8f-efc0-11df-9deb-001999555c0f} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-1038337379-1371219172-3291653938-1000\...\MountPoints2: {cf3dfbdd-7119-11e1-81f7-001999555c0f} - H:\setup.exe
AppInit_DLLs: ከ鴴纣k輀⁈鴲纣r耀 => ከ鴴纣k輀⁈鴲纣r耀 File Not Found
IFEO\chrome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (SSA SoftSolutions GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu Siemens Computers\LaunchCenter\LaunchCenter.exe (SSA SoftSolutions GmbH)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.fujitsu-siemens.com/index2
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F47E687B-551F-4043-89B3-F6E3F5DAD01E}
http://77.95.41.42/VDControl.CAB
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\w9cg0gm7.default
FF Homepage: hxxp://
www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Hanule\AppData\Roaming\Mozilla\Firefox\Profiles\w9cg0gm7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [
eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-07-21]
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google Drive) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (YouTube) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google Search) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (No Name) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\Hanule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 CobianBackup11; C:\Program Files\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-05-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-05-14] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2011-02-01] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2764800 2011-02-01] (Firebird Project)
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [165984 2008-06-05] (Intel Corporation)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [93312 2009-05-14] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S4 oxpar; C:\Windows\system32\drivers\oxpar.sys [80128 2007-01-24] (OEM)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490784 2007-02-03] (Logitech Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 ASNDIS4; \??\C:\Windows\system32\ASNDIS4.SYS [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 EyeOneDp; system32\drivers\EyeOneDp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X]
S4 oxser; \SystemRoot\system32\drivers\oxser.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-13 11:21 - 2014-03-13 11:21 - 00112640 _____ (forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
2014-03-13 11:16 - 2014-03-13 11:22 - 00016705 _____ () C:\Users\Hanule\Desktop\FRST.txt
2014-03-13 11:16 - 2014-03-13 11:21 - 00000000 ____D () C:\FRST
2014-03-13 11:15 - 2014-03-13 11:15 - 01145856 _____ (Farbar) C:\Users\Hanule\Desktop\FRST.exe
2014-03-13 11:01 - 2014-03-13 11:01 - 00522240 _____ (OldTimer Tools) C:\Users\Hanule\Desktop\OTM.exe
2014-03-13 09:47 - 2014-03-13 09:47 - 00000000 ____D () C:\Users\Hanule\AppData\Local\{04944841-E680-43DE-B54F-795BEB2CA8B5}
2014-03-12 21:46 - 2014-03-12 21:46 - 00000000 ____D () C:\Users\Hanule\AppData\Local\{42A245EA-862E-4893-B929-3F48D40F1B5C}
2014-03-12 20:36 - 2014-03-12 20:37 - 00000000 ____D () C:\rsit
2014-03-12 20:36 - 2014-03-12 20:36 - 00000000 ____D () C:\Program Files\trend micro
2014-03-12 19:00 - 2014-03-12 19:03 - 00227126 _____ () C:\Users\Hanule\Desktop\JRT.txt
2014-03-12 18:07 - 2014-03-12 18:07 - 00003277 _____ () C:\Users\Hanule\Desktop\AdwCleaner[S0].txt
2014-03-12 18:03 - 2014-03-12 18:04 - 00000000 ____D () C:\AdwCleaner
2014-03-12 18:02 - 2014-03-12 18:03 - 01949184 _____ () C:\Users\Hanule\Desktop\adwcleaner.exe
2014-03-12 17:55 - 2014-03-12 17:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 17:54 - 2014-03-12 17:54 - 01037734 _____ (Thisisu) C:\Users\Hanule\Desktop\JRT.exe
2014-03-12 17:02 - 2014-03-12 10:04 - 00079558 _____ () C:\Users\Hanule\Desktop\Záloha_samolepa na auta GG.cdr
2014-03-12 16:05 - 2014-03-12 16:05 - 00322232 _____ (Microsoft Corporation) C:\ProgramData\kanivghd.dat
2014-03-12 16:04 - 2014-03-13 10:25 - 00256680 _____ (Microsoft Corporation) C:\ProgramData\nzqjvywm.dat
2014-03-12 10:21 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:21 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:21 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:21 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:21 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:21 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:21 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 10:21 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:21 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:21 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:21 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 10:21 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:21 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 10:21 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:21 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 10:21 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:04 - 2014-03-12 17:02 - 00050177 _____ () C:\Users\Hanule\Desktop\samolepa na auta GG.cdr
2014-03-12 04:31 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 04:31 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 04:31 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 04:31 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-10 13:16 - 2014-03-10 13:16 - 00045322 ____N () C:\Users\Hanule\Desktop\LOGO NEW s R.cdr
2014-03-07 10:51 - 2014-03-10 12:40 - 00000000 ____D () C:\Users\Hanule\Desktop\dárky TMobil
2014-03-07 08:12 - 2014-03-07 08:12 - 00011574 ____N () C:\Users\Hanule\Desktop\TABULKA JÍDLO.xlsx
2014-03-04 16:29 - 2014-03-10 11:01 - 01401526 ____N () C:\Users\Hanule\Desktop\placky 4x4.cdr
2014-03-04 13:25 - 2014-03-04 14:36 - 01875167 ____N () C:\Users\Hanule\Desktop\4x4.cdr
2014-02-27 23:30 - 2013-12-09 10:23 - 03255296 ____N () C:\Users\Hanule\Desktop\Záloha_potvrzení objednávky MČP4.cdr
2014-02-27 00:28 - 2014-02-27 00:28 - 01614648 ____N () C:\Users\Hanule\Desktop\polo toptechnika.cdr
2014-02-25 03:02 - 2014-02-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-20 18:53 - 2014-02-20 18:53 - 00001531 ____N () C:\Users\Hanule\Desktop\RKreport[0]_S_02202014_185319.txt
2014-02-20 18:45 - 2014-02-20 18:45 - 00002520 ____N () C:\Users\Hanule\Desktop\RKreport[0]_S_02202014_184557.txt
2014-02-20 18:39 - 2014-02-20 18:39 - 03817984 _____ () C:\Users\Hanule\Downloads\RogueKiller (1).exe
2014-02-20 18:24 - 2014-02-20 18:45 - 00000000 ____D () C:\Users\Hanule\Desktop\RK_Quarantine
2014-02-20 18:24 - 2014-02-20 18:24 - 03809280 _____ () C:\Users\Hanule\Downloads\RogueKiller.exe
2014-02-20 18:22 - 2014-02-20 18:22 - 02347384 _____ (ESET) C:\Users\Hanule\Downloads\esetsmartinstaller_csy.exe
2014-02-18 19:27 - 2014-02-18 19:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 22:52 - 2014-02-16 22:52 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-02-14 21:26 - 2014-02-14 21:26 - 00001261 ____N () C:\Windows\IE9_main.log
2014-02-14 19:44 - 2014-02-14 19:44 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-02-14 08:34 - 2014-02-14 08:34 - 00000430 __RSH () C:\ProgramData\ntuser.pol
2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\Real
2014-02-12 08:25 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
==================== One Month Modified Files and Folders =======
2014-03-13 11:22 - 2014-03-13 11:16 - 00016705 _____ () C:\Users\Hanule\Desktop\FRST.txt
2014-03-13 11:21 - 2014-03-13 11:21 - 00112640 _____ (forum.viry.cz) C:\Users\Hanule\Desktop\FRSTLauncher.exe
2014-03-13 11:21 - 2014-03-13 11:16 - 00000000 ____D () C:\FRST
2014-03-13 11:15 - 2014-03-13 11:15 - 01145856 _____ (Farbar) C:\Users\Hanule\Desktop\FRST.exe
2014-03-13 11:14 - 2012-06-15 22:17 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 11:04 - 2012-12-19 11:13 - 00000000 ____D () C:\Users\Hanule\AppData\Local\CrashDumps
2014-03-13 11:01 - 2014-03-13 11:01 - 00522240 _____ (OldTimer Tools) C:\Users\Hanule\Desktop\OTM.exe
2014-03-13 10:47 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 10:47 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 10:25 - 2014-03-12 16:04 - 00256680 _____ (Microsoft Corporation) C:\ProgramData\nzqjvywm.dat
2014-03-13 09:47 - 2014-03-13 09:47 - 00000000 ____D () C:\Users\Hanule\AppData\Local\{04944841-E680-43DE-B54F-795BEB2CA8B5}
2014-03-13 02:26 - 2008-12-16 04:50 - 01414970 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 01:30 - 2011-11-29 09:50 - 00000382 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2014-03-12 21:46 - 2014-03-12 21:46 - 00000000 ____D () C:\Users\Hanule\AppData\Local\{42A245EA-862E-4893-B929-3F48D40F1B5C}
2014-03-12 20:47 - 2011-04-04 20:41 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-03-12 20:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 20:46 - 2008-12-15 23:29 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-03-12 20:46 - 2006-11-02 14:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 20:37 - 2014-03-12 20:36 - 00000000 ____D () C:\rsit
2014-03-12 20:36 - 2014-03-12 20:36 - 00000000 ____D () C:\Program Files\trend micro
2014-03-12 19:03 - 2014-03-12 19:00 - 00227126 _____ () C:\Users\Hanule\Desktop\JRT.txt
2014-03-12 18:07 - 2014-03-12 18:07 - 00003277 _____ () C:\Users\Hanule\Desktop\AdwCleaner[S0].txt
2014-03-12 18:04 - 2014-03-12 18:03 - 00000000 ____D () C:\AdwCleaner
2014-03-12 18:04 - 2009-01-12 21:54 - 00000000 ____D () C:\ProgramData\ICQ
2014-03-12 18:03 - 2014-03-12 18:02 - 01949184 _____ () C:\Users\Hanule\Desktop\adwcleaner.exe
2014-03-12 17:55 - 2014-03-12 17:55 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 17:54 - 2014-03-12 17:54 - 01037734 _____ (Thisisu) C:\Users\Hanule\Desktop\JRT.exe
2014-03-12 17:02 - 2014-03-12 10:04 - 00050177 _____ () C:\Users\Hanule\Desktop\samolepa na auta GG.cdr
2014-03-12 16:05 - 2014-03-12 16:05 - 00322232 _____ (Microsoft Corporation) C:\ProgramData\kanivghd.dat
2014-03-12 12:33 - 2012-06-15 22:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 12:33 - 2011-07-25 08:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 11:11 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 10:44 - 2014-01-19 21:48 - 03433168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 10:43 - 2009-08-10 12:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 10:19 - 2013-08-20 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-12 10:13 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-12 10:04 - 2014-03-12 17:02 - 00079558 _____ () C:\Users\Hanule\Desktop\Záloha_samolepa na auta GG.cdr
2014-03-11 15:53 - 2011-04-04 16:05 - 00002665 ____N () C:\Users\Hanule\Desktop\CorelDRAW X5.lnk
2014-03-10 13:16 - 2014-03-10 13:16 - 00045322 ____N () C:\Users\Hanule\Desktop\LOGO NEW s R.cdr
2014-03-10 12:40 - 2014-03-07 10:51 - 00000000 ____D () C:\Users\Hanule\Desktop\dárky TMobil
2014-03-10 11:01 - 2014-03-04 16:29 - 01401526 ____N () C:\Users\Hanule\Desktop\placky 4x4.cdr
2014-03-09 08:33 - 2014-01-19 21:47 - 103676834 ____N () C:\Windows\PFRO.log
2014-03-07 08:12 - 2014-03-07 08:12 - 00011574 ____N () C:\Users\Hanule\Desktop\TABULKA JÍDLO.xlsx
2014-03-04 14:36 - 2014-03-04 13:25 - 01875167 ____N () C:\Users\Hanule\Desktop\4x4.cdr
2014-02-27 23:30 - 2010-10-18 08:54 - 04193076 ____N () C:\Users\Hanule\Desktop\potvrzení objednávky MČP4.cdr
2014-02-27 00:28 - 2014-02-27 00:28 - 01614648 ____N () C:\Users\Hanule\Desktop\polo toptechnika.cdr
2014-02-25 03:02 - 2014-02-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-25 03:02 - 2009-06-22 08:03 - 00000000 ___RD () C:\Program Files\Skype
2014-02-25 03:02 - 2008-12-29 23:18 - 00000000 ____D () C:\ProgramData\Skype
2014-02-24 23:37 - 2006-11-02 11:33 - 01533230 ____N () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 23:30 - 2008-12-25 16:07 - 00000000 ____D () C:\Users\Public\Documents\1Click DVD Copy
2014-02-24 07:53 - 2008-12-15 23:59 - 00118784 _____ () C:\Users\Hanule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 06:55 - 2013-11-14 09:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-24 06:46 - 2008-12-29 23:19 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\Skype
2014-02-23 06:50 - 2014-03-12 10:21 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 06:47 - 2014-03-12 10:21 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 06:43 - 2014-03-12 10:21 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 06:41 - 2014-03-12 10:21 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 06:40 - 2014-03-12 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 06:39 - 2014-03-12 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 06:38 - 2014-03-12 10:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 06:38 - 2014-03-12 10:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 06:38 - 2014-03-12 10:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 06:37 - 2014-03-12 10:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 06:37 - 2014-03-12 10:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 06:37 - 2014-03-12 10:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 06:37 - 2014-03-12 10:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 06:36 - 2014-03-12 10:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:36 - 2014-03-12 10:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 06:35 - 2014-03-12 10:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-21 12:28 - 2010-10-25 08:59 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Windows Live
2014-02-20 18:53 - 2014-02-20 18:53 - 00001531 ____N () C:\Users\Hanule\Desktop\RKreport[0]_S_02202014_185319.txt
2014-02-20 18:45 - 2014-02-20 18:45 - 00002520 ____N () C:\Users\Hanule\Desktop\RKreport[0]_S_02202014_184557.txt
2014-02-20 18:45 - 2014-02-20 18:24 - 00000000 ____D () C:\Users\Hanule\Desktop\RK_Quarantine
2014-02-20 18:39 - 2014-02-20 18:39 - 03817984 _____ () C:\Users\Hanule\Downloads\RogueKiller (1).exe
2014-02-20 18:24 - 2014-02-20 18:24 - 03809280 _____ () C:\Users\Hanule\Downloads\RogueKiller.exe
2014-02-20 18:23 - 2009-07-21 21:53 - 00000000 ____D () C:\Program Files\ESET
2014-02-20 18:22 - 2014-02-20 18:22 - 02347384 _____ (ESET) C:\Users\Hanule\Downloads\esetsmartinstaller_csy.exe
2014-02-18 19:27 - 2014-02-18 19:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-18 09:52 - 2013-02-08 13:03 - 00000961 ____N () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-02-16 22:52 - 2014-02-16 22:52 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-02-16 03:44 - 2011-11-05 23:13 - 00000000 ____D () C:\Users\Hanule\AppData\Local\Akamai
2014-02-16 03:44 - 2008-12-15 21:15 - 00000000 ____D () C:\Users\Hanule
2014-02-16 03:44 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-16 03:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-16 03:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-16 03:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-16 03:44 - 2006-11-02 11:22 - 54525952 ____N () C:\Windows\system32\config\software_previous
2014-02-16 03:42 - 2006-11-02 11:22 - 61341696 ____N () C:\Windows\system32\config\system_previous
2014-02-15 21:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 18:28 - 2014-02-03 15:57 - 00002733 ____N () C:\Windows\setupact.log
2014-02-15 18:28 - 2006-11-02 11:22 - 48234496 ____N () C:\Windows\system32\config\components_previous
2014-02-15 18:28 - 2006-11-02 11:22 - 00262144 ____N () C:\Windows\system32\config\security_previous
2014-02-15 18:28 - 2006-11-02 11:22 - 00262144 ____N () C:\Windows\system32\config\sam_previous
2014-02-15 18:28 - 2006-11-02 11:22 - 00262144 ____N () C:\Windows\system32\config\default_previous
2014-02-15 18:24 - 2014-02-03 15:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-14 21:26 - 2014-02-14 21:26 - 00001261 ____N () C:\Windows\IE9_main.log
2014-02-14 19:44 - 2014-02-14 19:44 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-02-14 08:34 - 2014-02-14 08:34 - 00000430 __RSH () C:\ProgramData\ntuser.pol
2014-02-13 18:29 - 2014-02-13 18:29 - 00000000 ____D () C:\Users\Hanule\AppData\Roaming\Real
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\kanivghd.dat
C:\ProgramData\nzqjvywm.dat
C:\Users\Hanule\AppData\Roaming\settings.ini
Some content of TEMP:
====================
C:\Users\Hanule\AppData\Local\Temp\2file_saw.exe
C:\Users\Hanule\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job => G:\programy\Wise Disk Cleaner\WiseDiskCleaner.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Hanule\Desktop" je 57 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Poprosim o log z RSIT