Ntb s havětí (ale OS ještě XP)

[Kopecký Josef]

Dobrý den.

Prosím o pomoc - ESET respektive jeho residentní ochrana mi hlásí na tomto ntb se starým OS Win XP často infiltraci Win32/Kryptík.DNZH trojský kůň a další. Tedy nejspíš nějaká "havěť", která se tam pořád někde drží nebo...

Zde log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Administrator (administrator) on FSC-VANEKV on 13-07-2015 12:43:19
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profiles: Administrator (Available Profiles: kopecky & semeckym & Boleslav & vanekv & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe
(O2Micro International) C:\WINDOWS\system32\o2flash.exe
(Famatech Corp.) C:\WINDOWS\system32\rserver30\rserver3.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Famatech Corp.) C:\WINDOWS\system32\rserver30\FamItrf2.Exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Famatech Corp.) C:\WINDOWS\system32\rserver30\FamItrfc.Exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
(FUJITSU LIMITED) C:\AddOn\Fujitsu\PSUtility\TrayManager.exe
(HP) C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Security\egui.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(InterVideo Inc.) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16010240 2006-03-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88365 2006-01-17] (Agere Systems)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761946 2006-01-05] (Synaptics, Inc.)
HKLM\...\Run: [IndicatorUtility] => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [81920 2005-08-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [69632 2005-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe [353792 2005-07-21] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [61440 2005-07-21] (FUJITSU LIMITED)
HKLM\...\Run: [PSUtility] => c:\AddOn\Fujitsu\PSUtility\TrayManager.exe [118784 2006-03-09] (FUJITSU LIMITED)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Security\egui.exe [3141320 2014-09-24] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-12-20] (ATI Technologies Inc.)
Winlogon\Notify\PSUTY: C:\WINDOWS\system32\PSUWNP.dll [2006-03-09] (FUJITSU LIMITED)
HKU\S-1-5-21-1220945662-1682526488-725345543-500\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_191_ActiveX.exe [927920 2015-07-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-1220945662-1682526488-725345543-500\...\MountPoints2: {76a88baa-c7ce-11de-bef2-0018de96cfb8} - F:\.\MigWiz\migsetup.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk [2009-02-19]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk [2009-02-19]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1220945662-1682526488-725345543-500] => 192.168.168.111:3128
HKU\S-1-5-21-1220945662-1682526488-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1220945662-1682526488-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> DefaultScope {49AAB2DA-1A66-4526-9790-4E7F9B006B21} URL = http://www.google.cz/search?q={searchTe ... {startPage}
SearchScopes: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> {2E72E462-6E86-482C-A475-D76575A28AE1} URL = http://search.avg.com/route/?d=4b3d2cf0 ... te=us&nt=1
SearchScopes: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> {49AAB2DA-1A66-4526-9790-4E7F9B006B21} URL = http://www.google.cz/search?q={searchTe ... {startPage}
SearchScopes: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> {665BB1B8-BC0F-47F0-AB82-DC5BE6866A09} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-13] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1220945662-1682526488-725345543-500 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.168.101 192.168.168.110
Tcpip\..\Interfaces\{FC41A5C2-F582-4AE0-BF28-7FC8F53A5AE7}: [DhcpNameServer] 192.168.168.101 192.168.168.110
StartMenuInternet: IEXPLORE.EXE - C:\Documents and Settings\vanekv\Local Settings\Data aplikací\kpt.exe -a C:\Program Files\Internet Explorer\iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird [2014-12-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Security\EHttpSrv.exe [33992 2014-09-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Security\ekrn.exe [1029704 2014-09-24] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [188104 2014-09-24] (ESET)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45056 2013-11-14] (Hewlett-Packard) [File not signed]
R2 O2Flash; c:\WINDOWS\system32\o2flash.exe [57344 2005-09-13] (O2Micro International) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RServer3; C:\WINDOWS\system32\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S2 avgagent; avgagent.exe /srvfsys [X]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 adusbmdm6501; C:\WINDOWS\System32\DRIVERS\adusbmdm65.sys [64896 2005-05-02] (AnyDATA Corporation) [File not signed]
S3 adusbser; C:\WINDOWS\System32\DRIVERS\adusbser.sys [93440 2006-10-23] (AnyDATA Corporation)
S3 adusbser6501; C:\WINDOWS\System32\DRIVERS\adusbser65.sys [64896 2005-05-02] (AnyDATA Corporation) [File not signed]
R2 BtnHnd; C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys [21120 2005-07-21] (FUJITSU LIMITED) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [167184 2014-08-19] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [128056 2014-08-19] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [157408 2014-08-19] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [63672 2014-08-19] (ESET)
R3 FUJ02B1; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [5248 2001-08-01] (FUJITSU LIMITED)
R3 FUJ02E1; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [5632 2004-10-18] (Fujitsu Limited)
S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [9344 2005-09-20] (Hewlett Packard)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
S3 hwcdcmdm0; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [65152 2006-10-30] (QUALCOMM Incorporated)
S3 hwusbapp; C:\WINDOWS\System32\DRIVERS\ewusbapp.sys [65152 2006-10-30] (QUALCOMM Incorporated)
S3 hwusbser; C:\WINDOWS\System32\DRIVERS\ewusbser.sys [65152 2006-10-30] (QUALCOMM Incorporated)
S3 IpwP; C:\WINDOWS\System32\DRIVERS\ipw3gnet.sys [51040 2008-10-10] (IPWireless Inc.) [File not signed]
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 METROP; C:\WINDOWS\System32\DRIVERS\hp53pw2k.sys [96300 2001-11-04] (Hewlett Packard Inc.) [File not signed]
R3 mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [3328 2012-12-18] (Famatech International Corp.)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R3 O2SCBUS; C:\WINDOWS\System32\DRIVERS\ozscr.sys [92561 2004-10-25] (O2Micro)
R1 raddrvv3; C:\WINDOWS\system32\rserver30\raddrvv3.sys [48920 2012-12-19] (Famatech Corp.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-10-24] (SMC)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed]
R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed]
R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-04-13] (TOSHIBA CORPORATION) [File not signed]
R3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed]
R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed]
S3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed]
S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed]
R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [243712 2005-12-09] (Marvell)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 12:43 - 2015-07-13 12:43 - 00016789 _____ C:\Documents and Settings\Administrator\Plocha\FRST.txt
2015-07-13 12:42 - 2015-07-13 12:43 - 00000000 ____D C:\FRST
2015-07-13 12:40 - 2015-07-13 12:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2015-07-13 12:39 - 2015-07-13 12:39 - 01636864 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2015-07-13 12:33 - 2015-07-13 12:33 - 00000783 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2015-07-13 12:33 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-13 12:33 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-13 12:32 - 2015-07-13 12:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Dokumenty\mbam-setup-2.1.8.1057.exe
2015-07-13 12:24 - 2015-07-13 12:24 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2015-07-13 12:23 - 2015-07-13 12:23 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Dokumenty\mbam-setup-1.75.0.1300.exe
2015-07-13 12:18 - 2015-07-13 12:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-13 12:18 - 2015-07-13 12:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2015-07-13 12:18 - 2015-07-13 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-07-13 12:09 - 2015-07-13 12:09 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-13 12:07 - 2015-07-13 12:11 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Oracle
2015-07-13 11:51 - 2015-07-13 11:51 - 00003728 _____ C:\WINDOWS\setupapi.log
2015-07-13 11:51 - 2015-07-13 11:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Radmin Server 3
2015-07-13 11:51 - 2015-07-13 11:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-13 11:51 - 2015-07-13 11:51 - 00000000 _____ C:\WINDOWS\setupact.log
2015-07-13 11:50 - 2015-07-13 11:50 - 00001812 _____ C:\Documents and Settings\cc_20150713_115007.reg
2015-07-13 10:56 - 2015-07-13 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2015-07-13 10:54 - 2015-07-13 10:54 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\MPC-HC
2015-07-13 10:53 - 2015-07-13 10:53 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\K-Lite Codec Pack
2015-07-13 10:53 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-07-13 10:53 - 2015-02-25 00:37 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-07-13 10:53 - 2015-02-25 00:37 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-07-13 10:53 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-07-13 10:52 - 2015-07-13 10:52 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-07-13 10:52 - 2015-04-15 20:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-07-13 10:52 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-07-13 10:52 - 2011-06-22 16:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-07-03 14:55 - 2015-07-03 14:56 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\Seznam.cz
2015-07-03 14:55 - 2015-07-03 14:55 - 00000631 _____ C:\Documents and Settings\semeckym\Plocha\Media Player Classic - HC.lnk
2015-07-03 14:55 - 2015-07-03 14:55 - 00000000 ____D C:\Documents and Settings\semeckym\Nabídka Start\Programy\X Codec Pack 2.6.9
2015-07-03 14:53 - 2015-07-03 14:53 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\Macromedia
2015-07-03 14:52 - 2015-07-03 14:52 - 00000000 __SHD C:\Documents and Settings\semeckym\PrivacIE
2015-07-03 14:50 - 2015-07-03 14:50 - 00002528 _____ C:\Documents and Settings\semeckym\Data aplikací\$_hpcst$.hpc
2015-07-03 14:50 - 2015-07-03 14:50 - 00000000 ___RD C:\Documents and Settings\semeckym\Dokumenty\Filmy
2015-07-03 14:50 - 2015-07-03 14:50 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\PC Suite
2015-07-03 14:49 - 2015-07-03 14:49 - 00005632 _____ C:\Documents and Settings\semeckym\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-03 10:17 - 2015-07-03 10:17 - 00000000 ____D C:\Documents and Settings\semeckym\Local Settings\Data aplikací\ESET
2015-07-03 10:17 - 2015-07-03 10:17 - 00000000 ____D C:\Documents and Settings\semeckym\Dokumenty\Bluetooth
2015-07-03 10:17 - 2015-07-03 10:17 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\ESET
2015-07-03 10:16 - 2015-07-03 13:34 - 00000187 _____ C:\Documents and Settings\semeckym\Plocha\Outlook Web Acess.url
2015-07-03 10:16 - 2015-07-03 13:34 - 00000185 _____ C:\Documents and Settings\semeckym\Plocha\Vzdálený přístup TS2.url
2015-07-03 10:16 - 2015-07-03 13:34 - 00000185 _____ C:\Documents and Settings\semeckym\Plocha\Vzdálený přístup TS1.url
2015-07-03 10:16 - 2015-07-03 10:16 - 00000212 _____ C:\Documents and Settings\semeckym\Plocha\Interní web.lnk
2015-07-03 10:16 - 2015-07-03 10:16 - 00000000 ____D C:\Documents and Settings\semeckym\Nabídka Start\Programy\Windows SBS
2015-07-03 10:16 - 2015-07-03 10:16 - 00000000 ____D C:\Documents and Settings\semeckym\Data aplikací\Windows Small Business Server
2015-06-22 10:40 - 2015-06-22 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 10

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 12:43 - 2009-02-20 13:44 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-07-13 12:43 - 2009-02-19 12:02 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2015-07-13 12:43 - 2009-02-19 12:02 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-07-13 12:41 - 2009-02-19 12:02 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty
2015-07-13 12:41 - 2009-02-19 12:02 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-07-13 12:40 - 2011-07-19 16:10 - 00000472 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7B4DADA-1FFE-4E97-8408-E2F719076237}.job
2015-07-13 12:37 - 2011-07-20 10:48 - 01096651 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-13 12:33 - 2009-02-19 12:06 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-13 12:29 - 2009-02-19 12:06 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-13 12:24 - 2009-02-19 12:02 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2015-07-13 12:18 - 2009-02-19 12:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-13 12:13 - 2013-03-25 17:05 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-13 12:11 - 2009-02-20 16:20 - 00000136 _____ C:\WINDOWS\system32\config\netlogon.ftl
2015-07-13 12:10 - 2009-02-19 12:07 - 01279370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-13 12:08 - 2014-12-03 20:49 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-07-13 12:08 - 2014-12-03 20:49 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-07-13 12:07 - 2009-02-19 11:50 - 00000000 ____D C:\Program Files\Java
2015-07-13 11:57 - 2009-02-19 12:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-07-13 11:57 - 2004-08-18 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-13 11:54 - 2009-02-19 12:08 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-13 11:54 - 2009-02-19 12:08 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-13 11:54 - 2009-02-19 11:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-13 11:53 - 2009-02-19 12:58 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-07-13 11:53 - 2009-02-19 12:02 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-07-13 11:53 - 2009-02-19 11:57 - 00032446 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-13 11:53 - 2009-02-19 11:57 - 00000000 ____D C:\WINDOWS\security
2015-07-13 11:51 - 2012-03-27 12:15 - 00000000 ____D C:\WINDOWS\system32\rserver30
2015-07-13 11:43 - 2012-03-05 12:04 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-13 11:43 - 2009-02-19 12:02 - 00000000 ____D C:\Documents and Settings\Administrator
2015-07-13 11:35 - 2009-05-11 14:53 - 00000000 ____D C:\Program Files\CCleaner
2015-07-13 11:29 - 2009-02-20 14:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-13 11:28 - 2009-02-20 10:18 - 00000000 ____D C:\Program Files\OpenVPN
2015-07-13 11:28 - 2009-02-19 12:02 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start\Programy
2015-07-13 11:27 - 2012-08-09 15:03 - 00000000 ____D C:\Program Files\DrayTek Router Tools V4.3.0
2015-07-13 11:25 - 2012-11-22 10:28 - 00000178 ___SH C:\Documents and Settings\semeckym\ntuser.ini
2015-07-13 11:25 - 2012-11-22 10:27 - 00000000 ____D C:\Documents and Settings\semeckym
2015-07-13 11:24 - 2012-11-22 10:28 - 00000000 ____D C:\Documents and Settings\semeckym\Plocha
2015-07-13 11:24 - 2012-11-22 10:28 - 00000000 ____D C:\Documents and Settings\semeckym\Local Settings\Temp
2015-07-13 11:13 - 2013-03-25 17:05 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-13 11:13 - 2012-01-19 20:15 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-13 10:54 - 2012-11-22 10:28 - 00000000 __RHD C:\Documents and Settings\semeckym\Data aplikací
2015-07-03 14:55 - 2012-11-22 10:28 - 00000000 ___RD C:\Documents and Settings\semeckym\Nabídka Start\Programy
2015-07-03 14:50 - 2012-11-22 10:28 - 00000794 _____ C:\Documents and Settings\semeckym\Nabídka Start\Programy\Windows Media Player.lnk
2015-07-03 14:50 - 2012-11-22 10:28 - 00000000 ___RD C:\Documents and Settings\semeckym\Dokumenty
2015-07-03 14:50 - 2012-08-15 13:27 - 00002359 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft ActiveSync.lnk
2015-07-03 14:49 - 2012-11-22 10:28 - 00000000 ___HD C:\Documents and Settings\semeckym\Local Settings\Data aplikací
2015-07-03 10:16 - 2012-11-22 10:28 - 00065284 __RSH C:\Documents and Settings\semeckym\ntuser.pol
2015-07-03 10:16 - 2012-11-22 10:28 - 00000000 ___RD C:\Documents and Settings\semeckym\Oblíbené položky
2015-06-29 18:41 - 2011-07-19 16:54 - 00000178 ___SH C:\Documents and Settings\vanekv\ntuser.ini
2015-06-29 18:30 - 2014-05-30 07:44 - 00000187 _____ C:\Documents and Settings\vanekv\Plocha\Outlook Web Acess.url
2015-06-29 18:30 - 2014-05-30 07:44 - 00000185 _____ C:\Documents and Settings\vanekv\Plocha\Vzdálený přístup TS2.url
2015-06-29 18:30 - 2014-05-30 07:44 - 00000185 _____ C:\Documents and Settings\vanekv\Plocha\Vzdálený přístup TS1.url
2015-06-29 18:30 - 2011-07-19 16:54 - 00000000 ____D C:\Documents and Settings\vanekv\Local Settings\Temp
2015-06-25 20:20 - 2011-07-19 16:53 - 00000000 ____D C:\Documents and Settings\vanekv
2015-06-25 20:18 - 2011-07-19 16:54 - 00000000 ____D C:\Documents and Settings\vanekv\Plocha
2015-06-25 20:13 - 2011-07-19 16:47 - 00002477 _____ C:\Documents and Settings\vanekv\Plocha\Microsoft Office Excel 2007.lnk
2015-06-25 16:14 - 2011-07-19 16:54 - 00066166 __RSH C:\Documents and Settings\vanekv\ntuser.pol
2015-06-22 10:40 - 2014-12-03 20:45 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\TeamViewer 10.lnk
2015-06-22 10:40 - 2014-12-03 20:45 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-16 07:18 - 2013-06-25 14:11 - 00000000 ____D C:\Documents and Settings\vanekv\Dokumenty\dochazka
2015-06-15 14:37 - 2012-11-22 14:40 - 00001880 _____ C:\WINDOWS\AUTOLNCH.REG
2015-06-15 09:10 - 2011-07-19 16:54 - 00000000 ___RD C:\Documents and Settings\vanekv\Dokumenty

==================== Files in the root of some directories =======

2009-02-20 13:53 - 2005-02-24 14:15 - 0285696 _____ () C:\Program Files\arpview.exe
2009-02-19 12:03 - 2009-02-19 12:03 - 0000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\boleslav\Local Settings\Temp\applnch.exe
C:\Documents and Settings\boleslav\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\kopecky\Local Settings\Temp\applnch.exe
C:\Documents and Settings\semeckym\Local Settings\Temp\applnch.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7B4DADA-1FFE-4E97-8408-E2F719076237}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Endpoint Security 5.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 428 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\OpenVPN\\bin\\openvpn.exe"="C:\\Program Files\\OpenVPN\\bin\\openvpn.exe:*:Enabled:openvpn"
"C:\\WINDOWS\\avgagent.exe"="C:\\WINDOWS\\avgagent.exe:*:Enabled:avgagent.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe:*:Enabled:Instaltor AVG"
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG10\\avgnsx.exe:*:Enabled:Webov tt"
"C:\\Program Files\\AVG\\AVG10\\avgam.exe"="C:\\Program Files\\AVG\\AVG10\\avgam.exe:*:Enabled:Sprvce udlost AVG"
"C:\\Program Files\\AVG\\AVG10\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG10\\avgemcx.exe:*:Enabled:Obecn kontrola poty"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe:*:Enabled:Radmin Server 3"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\OpenVPN\\bin\\openvpn.exe"="C:\\Program Files\\OpenVPN\\bin\\openvpn.exe:*:Enabled:openvpn"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe:*:Enabled:Radmin Server 3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"6150:TCP"="6150:TCP:*:Enabled:avgagent.exe"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"4899:TCP"="4899:TCP:*:Enabled:Radmin"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"5985:TCP"="5985:TCP:*:Disabled:Vzdlen sprva systmu Windows "
"80:TCP"="80:TCP:*:Disabled:Vzdlen sprva systmu Windows - reim kompatibility (HTTP-In) "
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Prosím o pomoc.

Děkuji Josef K.

[Kopecký Josef]

...ještě přikládám přilohu aditional.txt.

JosefK.

[vyosek]

Zdravim

Jedna se o nejaky pracovni\firemni PC??

[Kopecký Josef]

Dobrý den.

Jedná se o starší ntb firmy INSTAL-RENČ s.r.o., ale je vyřazen a používám, ho soukromě (dětem na přehrávání flmů a pod.). Nicméně je ještě stále členem původní domény "instalrenc.local". Myslíte ho raději z domény vyřadit??

Děkuji Josef K.

[vyosek]

Pokud je pro domaci pouzivani, tak na nem nema verze ESET Endpoint co delat, ta je urcena jen a vyhradne pro firemni klientelu

A z domeny bych jej taky vyradil

[Kopecký Josef]

..rozumím, ale jen nevím zda a jak to souvisí s infekcí. Ntb má nejspíš firma a tedy i IT v evidenci. O mém "soukromém" užívání ví a tedy pokud není nutné - asi bych to nechctěl řešit.

Prosím jen o pomoc s odstraněním "trojského koně" a podobné infekce...

Děkuji Josef K.

[vyosek]

Pokud je v evidenci a ve vlastnictvi firmy, tak at se o to placeny IT postara - proc to mame delat za nej...My poskytujeme rady domacim uziavtelum s domacimi PC, nikolik abychom nahrazovali firemni IT. Pokud si s tim placeny IT nevi rady, tak at se obrati pripadne na pomoc na tech. podporu ESETu, ktera je k dane licenci poskytovana.

[Kopecký Josef]

OK, chápu a děkuji.

Spojím se tedy s IT adminem, který nejspíš provede komplet čistou reinstalaci, kterou mu budu muset nějak....

Každopádně berme tedy tuto záležitost za vyřízenou.

Děkuji Josef K.

[vyosek]