Mizení místa na HDD
Napsal: 06 kvě 2018 22:18
Dobrý den,
prosím o pomoc s problémem PC, který používá moje manželka. Obsah vytvořený z FRST je níže.
Děkuji za pomoc předem.
Richard
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by avasku (administrator) on NOTEBOOK-DOMA (06-05-2018 23:10:27)
Running from C:\Users\avasku\Desktop
Loaded Profiles: avasku (Available Profiles: avasku)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-05] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-03-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{5EDBD75A-7BC6-451E-A34F-9F60B2F77587}: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{A9990539-0C94-42CB-BF5E-C5200282093C}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-195235002-2657258268-4010509441-1001 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
FireFox:
========
FF DefaultProfile: yplsswr1.default
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Mozilla\Firefox\Profiles\yplsswr1.default [2016-03-01]
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Greyfirst\Celtx\Profiles\ka6e5dmr.default [2018-05-03]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-16] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-16] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-01-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default [2018-05-06]
CHR Extension: (Prezentace) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Adblock Plus) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-20]
CHR Extension: (Vyhledávání Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabulky) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-06]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2017-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AdBlocker Ultimate) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2018-05-01]
CHR Extension: (Gmail) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-09-05] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-11-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [153304 2014-04-23] (Broadcom Corporation.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-10] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-10-18] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-06 23:10 - 2018-05-06 23:10 - 000018270 _____ C:\Users\avasku\Desktop\FRST.txt
2018-05-06 23:09 - 2018-05-06 23:10 - 000000000 ____D C:\FRST
2018-05-06 23:02 - 2018-05-06 23:02 - 000112640 _____ (forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
2018-05-06 23:00 - 2018-05-06 23:00 - 002406912 _____ (Farbar) C:\Users\avasku\Desktop\FRST64.exe
2018-05-03 19:36 - 2018-05-06 22:55 - 000000000 ___DO C:\Users\avasku\OneDrive
2018-05-02 18:24 - 2018-05-02 18:06 - 006482768 _____ C:\Users\avasku\Desktop\10-15_sochy.pdf
2018-04-23 11:18 - 2018-05-03 10:44 - 000000000 ____D C:\Users\avasku\AppData\Local\CrashDumps
2018-04-22 18:17 - 2018-05-02 10:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2018-04-20 07:21 - 2018-05-03 16:20 - 000000000 ____D C:\Users\avasku\Desktop\10_stoplus
2018-04-13 11:33 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-06 18:43 - 2018-04-06 18:43 - 000001129 _____ C:\Users\avasku\Downloads\Neomat export.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-06 23:02 - 2014-10-18 12:37 - 000762978 _____ C:\Windows\system32\perfh005.dat
2018-05-06 23:02 - 2014-10-18 12:37 - 000163700 _____ C:\Windows\system32\perfc005.dat
2018-05-06 23:02 - 2014-03-18 11:53 - 001876148 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 23:02 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-05-06 23:00 - 2014-12-31 21:06 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-195235002-2657258268-4010509441-1001
2018-05-06 22:55 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku
2018-05-06 22:54 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-06 22:45 - 2014-12-31 21:02 - 000003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D1174C0-4D37-4589-A203-F2C5FA8FBF32}
2018-05-06 15:29 - 2015-12-08 12:13 - 000000000 ____D C:\Users\avasku\AppData\Roaming\Skype
2018-05-06 13:14 - 2016-05-10 12:36 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForavasku.job
2018-05-06 13:13 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-03 19:22 - 2016-09-09 00:26 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForavasku
2018-05-03 16:24 - 2016-05-27 15:52 - 000000600 _____ C:\Users\avasku\AppData\Roaming\winscp.rnd
2018-05-03 11:45 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-05-03 08:54 - 2015-12-04 09:50 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 08:54 - 2015-12-04 09:50 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 08:52 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-05-02 11:19 - 2017-09-15 09:19 - 000000000 ___RD C:\Users\avasku\Desktop\Stažené soubory
2018-04-30 11:53 - 2018-03-13 17:11 - 000000000 ____D C:\Users\avasku\Desktop\aukro
2018-04-30 07:10 - 2018-03-28 15:30 - 000000000 ____D C:\Users\avasku\Desktop\WEBOVKY
2018-04-27 04:21 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2018-04-23 18:23 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku\AppData\Local\Packages
2018-04-22 12:23 - 2015-02-05 21:25 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-13 19:27 - 2015-01-14 15:45 - 000000000 ____D C:\Windows\system32\MRT
2018-04-13 19:20 - 2017-10-20 11:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-13 19:19 - 2015-01-14 15:45 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 13:25 - 2015-12-11 00:44 - 000000000 ____D C:\Users\avasku\AppData\Roaming\BSplayer
==================== Files in the root of some directories =======
2016-05-27 15:52 - 2018-05-03 16:24 - 000000600 _____ () C:\Users\avasku\AppData\Roaming\winscp.rnd
Some files in TEMP:
====================
2015-02-26 15:50 - 2013-06-04 11:30 - 000050432 ____R () C:\Users\avasku\AppData\Local\Temp\Extract.exe
2015-01-14 13:54 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00000.exe
2015-01-14 14:21 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00001.exe
2018-04-27 10:41 - 2018-04-27 10:42 - 058834376 _____ (Skype Technologies S.A.) C:\Users\avasku\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-22 17:41
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:21.12 GB) (Free:0.25 GB) NTFS
\\?\Volume{4c987669-a526-4e9e-a5f2-78382daaddca}\ (Images) (Fixed) (Total:7.62 GB) (Free:0.27 GB) NTFS
Available physical RAM: 290.37 MB
Total physical RAM: 1935.27 MB
Percentage of memory in use: 84%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 29.1 GB) (Disk ID: F23E93BD)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForavasku.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\avasku\Soubory cookie:ZepMq6vmo219Pb3dsDCU6PTtZq [2148]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Security Center ==================
AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\avasku\Desktop" je 877 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
prosím o pomoc s problémem PC, který používá moje manželka. Obsah vytvořený z FRST je níže.
Děkuji za pomoc předem.
Richard
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by avasku (administrator) on NOTEBOOK-DOMA (06-05-2018 23:10:27)
Running from C:\Users\avasku\Desktop
Loaded Profiles: avasku (Available Profiles: avasku)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-05] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-03-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{5EDBD75A-7BC6-451E-A34F-9F60B2F77587}: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{A9990539-0C94-42CB-BF5E-C5200282093C}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-195235002-2657258268-4010509441-1001 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
FireFox:
========
FF DefaultProfile: yplsswr1.default
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Mozilla\Firefox\Profiles\yplsswr1.default [2016-03-01]
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Greyfirst\Celtx\Profiles\ka6e5dmr.default [2018-05-03]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-16] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-16] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-01-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default [2018-05-06]
CHR Extension: (Prezentace) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Adblock Plus) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-20]
CHR Extension: (Vyhledávání Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabulky) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-06]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2017-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AdBlocker Ultimate) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2018-05-01]
CHR Extension: (Gmail) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-09-05] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-11-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [153304 2014-04-23] (Broadcom Corporation.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-10] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-10-18] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-06 23:10 - 2018-05-06 23:10 - 000018270 _____ C:\Users\avasku\Desktop\FRST.txt
2018-05-06 23:09 - 2018-05-06 23:10 - 000000000 ____D C:\FRST
2018-05-06 23:02 - 2018-05-06 23:02 - 000112640 _____ (forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
2018-05-06 23:00 - 2018-05-06 23:00 - 002406912 _____ (Farbar) C:\Users\avasku\Desktop\FRST64.exe
2018-05-03 19:36 - 2018-05-06 22:55 - 000000000 ___DO C:\Users\avasku\OneDrive
2018-05-02 18:24 - 2018-05-02 18:06 - 006482768 _____ C:\Users\avasku\Desktop\10-15_sochy.pdf
2018-04-23 11:18 - 2018-05-03 10:44 - 000000000 ____D C:\Users\avasku\AppData\Local\CrashDumps
2018-04-22 18:17 - 2018-05-02 10:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2018-04-20 07:21 - 2018-05-03 16:20 - 000000000 ____D C:\Users\avasku\Desktop\10_stoplus
2018-04-13 11:33 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-06 18:43 - 2018-04-06 18:43 - 000001129 _____ C:\Users\avasku\Downloads\Neomat export.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-06 23:02 - 2014-10-18 12:37 - 000762978 _____ C:\Windows\system32\perfh005.dat
2018-05-06 23:02 - 2014-10-18 12:37 - 000163700 _____ C:\Windows\system32\perfc005.dat
2018-05-06 23:02 - 2014-03-18 11:53 - 001876148 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 23:02 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-05-06 23:00 - 2014-12-31 21:06 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-195235002-2657258268-4010509441-1001
2018-05-06 22:55 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku
2018-05-06 22:54 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-06 22:45 - 2014-12-31 21:02 - 000003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D1174C0-4D37-4589-A203-F2C5FA8FBF32}
2018-05-06 15:29 - 2015-12-08 12:13 - 000000000 ____D C:\Users\avasku\AppData\Roaming\Skype
2018-05-06 13:14 - 2016-05-10 12:36 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForavasku.job
2018-05-06 13:13 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-03 19:22 - 2016-09-09 00:26 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForavasku
2018-05-03 16:24 - 2016-05-27 15:52 - 000000600 _____ C:\Users\avasku\AppData\Roaming\winscp.rnd
2018-05-03 11:45 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-05-03 08:54 - 2015-12-04 09:50 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 08:54 - 2015-12-04 09:50 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 08:52 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-05-02 11:19 - 2017-09-15 09:19 - 000000000 ___RD C:\Users\avasku\Desktop\Stažené soubory
2018-04-30 11:53 - 2018-03-13 17:11 - 000000000 ____D C:\Users\avasku\Desktop\aukro
2018-04-30 07:10 - 2018-03-28 15:30 - 000000000 ____D C:\Users\avasku\Desktop\WEBOVKY
2018-04-27 04:21 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2018-04-23 18:23 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku\AppData\Local\Packages
2018-04-22 12:23 - 2015-02-05 21:25 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-13 19:27 - 2015-01-14 15:45 - 000000000 ____D C:\Windows\system32\MRT
2018-04-13 19:20 - 2017-10-20 11:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-13 19:19 - 2015-01-14 15:45 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 13:25 - 2015-12-11 00:44 - 000000000 ____D C:\Users\avasku\AppData\Roaming\BSplayer
==================== Files in the root of some directories =======
2016-05-27 15:52 - 2018-05-03 16:24 - 000000600 _____ () C:\Users\avasku\AppData\Roaming\winscp.rnd
Some files in TEMP:
====================
2015-02-26 15:50 - 2013-06-04 11:30 - 000050432 ____R () C:\Users\avasku\AppData\Local\Temp\Extract.exe
2015-01-14 13:54 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00000.exe
2015-01-14 14:21 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00001.exe
2018-04-27 10:41 - 2018-04-27 10:42 - 058834376 _____ (Skype Technologies S.A.) C:\Users\avasku\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-22 17:41
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:21.12 GB) (Free:0.25 GB) NTFS
\\?\Volume{4c987669-a526-4e9e-a5f2-78382daaddca}\ (Images) (Fixed) (Total:7.62 GB) (Free:0.27 GB) NTFS
Available physical RAM: 290.37 MB
Total physical RAM: 1935.27 MB
Percentage of memory in use: 84%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 29.1 GB) (Disk ID: F23E93BD)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForavasku.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\avasku\Soubory cookie:ZepMq6vmo219Pb3dsDCU6PTtZq [2148]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]
==================== Security Center ==================
AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\avasku\Desktop" je 877 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================