Preventivní kontrola logu

Zpráva

Tomas.11 · #1 Příspěvek od **Tomas.11** » 26 led 2017 23:03

Dobrý den, dostal se mi zřejmě přes RDP vir Globeimposter, ESS v9 ho bohužel nezachytil, musel jsem obnovovat ze zállohy, prosím o kontrolo logu. Asi budu definitivně muset upgradovat alespon na Win 7.

Logfile of random's system information tool 1.10 (written by random/random)
Run by T at 2017-01-26 22:59:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (53%) free of 114 GB
Total RAM: 2046 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:02, on 26.1.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
c:\Program Files\TightVNC\tvnserver.exe
C:\PROGRA~1\VIEWPO~1.10\UPSMON~1.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ViewPower2.10\jre\bin\javaw.exe
C:\Program Files\ViewPower2.10\tomcat\bin\tomcat6.exe
C:\Program Files\TeamViewer\tv_w32.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\T\Plocha\RSIT.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\trend micro\T.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [tvncontrol] "c:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1390067357-1454471165-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Milan Lipavský')
O4 - HKUS\S-1-5-21-1390067357-1454471165-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Milan Lipavský')
O4 - HKUS\S-1-5-21-1390067357-1454471165-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'MH')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} (OvisLink IPCamera Control) - http://62.209.202.134:7001/classes/Ovis ... V_H264.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7155813140
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {6BA530D8-94B2-49E0-AC55-70899582FE1F} (CV781Object Object) - http://192.168.1.225/AV718.cab
O16 - DPF: {79EE81BD-6194-4240-A04F-131A81513DCB} (Media Control) - http://192.168.1.31/Media.CAB
O16 - DPF: {7A24CAC8-8549-4698-85A2-AFF61D4427F7} - http://192.168.1.223/classes/AlfaCamV.cab
O16 - DPF: {87D48502-D1FF-4D25-B66C-9DA4F7CB2722} (IPCamera Control) - http://192.168.1.227/classes/CamV_H264.cab
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} - http://62.209.202.134:6001/plugin/client.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.1.8/plugin/h263ctrl.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://snzr.ksrzis.cz/nsnzr/ozn/capicom.cab
O16 - DPF: {DB87A30F-4960-4247-9672-6A0D550EECE8} - http://192.168.1.31/SVRFind.CAB
O16 - DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} (CSQ2 Object) - http://62.209.202.134:6000/view.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4B689E6-71A9-4A5E-9F1F-FA3868115F32}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CryptoPrevent Email Service (CryptoPreventEmail) - Foolish IT LLC - C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
O23 - Service: CryptoPrevent Folder Watch Service (CryptoPreventFolderWatch) - Foolish IT LLC - C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
O23 - Service: CryptoPrevent Monitor Service (CryptoPreventMonSvc) - Foolish IT LLC - C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Acronis Managed Machine Service Mini (mmsminisrv) - Acronis - C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\system32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - c:\Program Files\TightVNC\tvnserver.exe
O23 - Service: upsMonitor - Acresso - C:\PROGRA~1\VIEWPO~1.10\UPSMON~1.EXE
O23 - Service: Apache Tomcat upsTomcat (upsTomcat) - Apache Software Foundation - C:\Program Files\ViewPower2.10\tomcat\bin\tomcat6.exe

--
End of file - 11969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job - C:\WINDOWS\system32\msfeedssync.exe sync

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\T\Data aplikací\Mozilla\Firefox\Profiles\u5h6kkxe.default

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.162 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"=c:\Program Files\TightVNC\tvnserver.exe [2013-07-19 1690096]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"ControlCenter4"=C:\Program Files\ControlCenter4\BrCcBoot.exe [2014-05-22 139776]
"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2014-05-22 4513792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2015-04-01 20145368]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-12-19 15708448]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-12-19 2602784]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2015-11-26 531808]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2015-11-26 7211112]
"AcronisTibMounterMonitor"=C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2015-11-10 651560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Temp\TV\TeamViewer.exe"="C:\Temp\TV\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\SUPDSvc.exe"="C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe"="C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe"="C:\Program Files\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\Ksoft\KOSYS\KOSYS.EXE"="C:\Ksoft\KOSYS\KOSYS.EXE:*:Enabled:KOSYS"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"\\192.168.1.99\other\Instalacky\Microsoft Toolkit 2.5.0.exe"="\\192.168.1.99\other\Instalacky\Microsoft Toolkit 2.5.0.exe:*:Enabled:Microsoft Toolkit 2.5.0.exe"
"C:\Program Files\KMSpico\KMSELDI.exe"="C:\Program Files\KMSpico\KMSELDI.exe:*:Enabled:KMS Emulator: KMSELDI.exe"
"C:\Program Files\KMSpico\AutoPico.exe"="C:\Program Files\KMSpico\AutoPico.exe:*:Enabled:KMS Emulator: AutoPico.exe"
"C:\Program Files\TightVNC\tvnserver.exe"="C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC"
"C:\Program Files\TightVNC\tvnviewer.exe"="C:\Program Files\TightVNC\tvnviewer.exe:*:Enabled:TightVNC"
"C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe"="C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\Program Files\ViewPower2.10\jre\bin\javaw.exe"="C:\Program Files\ViewPower2.10\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe"="C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\Program Files\Synology Data Replicator 3\Backup.exe"="C:\Program Files\Synology Data Replicator 3\Backup.exe:*:Enabled:Data Replicator"
"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe"="C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Disabled:EaseUS Todo Backup Agent Application"
"C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe"="C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe"="C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"
"C:\Program Files\TeamViewer\TeamViewer.exe"="C:\Program Files\TeamViewer\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe"="C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe"="C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe"="C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2017-01-26 22:59:58 ----D---- C:\rsit
2017-01-24 22:49:28 ----D---- C:\CryptoPreventQuarantine
2017-01-24 22:46:53 ----A---- C:\WINDOWS\system32\zlib.dll
2017-01-24 22:46:37 ----D---- C:\Program Files\Foolish IT
2017-01-24 22:06:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2017-01-24 22:06:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2017-01-24 22:06:19 ----A---- C:\mbam-setup-1.75.0.1300.exe
2017-01-24 21:59:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-01-24 21:57:13 ----A---- C:\mbam-setup-2.1.4.1018.exe
2017-01-24 21:52:01 ----ASH---- C:\pagefile.sys
2017-01-24 21:44:08 ----SHD---- C:\System Volume Information
2017-01-19 21:10:01 ----A---- C:\prijemka_palladium_170119_3.txt
2017-01-19 21:10:01 ----A---- C:\cenik_palladium_170119_3.txt
2017-01-19 21:09:47 ----A---- C:\prijemka_palladium_170119_2.txt
2017-01-19 21:09:47 ----A---- C:\cenik_palladium_170119_2.txt
2017-01-19 21:09:34 ----A---- C:\prijemka_palladium_170119_1.txt
2017-01-19 21:09:34 ----A---- C:\cenik_palladium_170119_1.txt
2017-01-18 13:15:02 ----A---- C:\prijemka_palladium_170118_2.txt
2017-01-18 13:15:02 ----A---- C:\cenik_palladium_170118_2.txt
2017-01-18 13:14:54 ----A---- C:\prijemka_palladium_170118_1.txt
2017-01-18 13:14:54 ----A---- C:\cenik_palladium_170118_1.txt
2017-01-16 13:41:20 ----A---- C:\prijemka_palladium_170116_1.txt
2017-01-16 13:41:20 ----A---- C:\cenik_palladium_170116_1.txt
2017-01-13 15:20:08 ----A---- C:\prijemka_palladium_170113_1.txt
2017-01-13 15:20:08 ----A---- C:\cenik_palladium_170113_1.txt
2017-01-10 13:22:43 ----A---- C:\prijemka_palladium_170110_3.txt
2017-01-10 13:22:43 ----A---- C:\cenik_palladium_170110_3.txt
2017-01-10 13:22:35 ----A---- C:\prijemka_palladium_170110_2.txt
2017-01-10 13:22:35 ----A---- C:\cenik_palladium_170110_2.txt
2017-01-10 13:22:26 ----A---- C:\prijemka_palladium_170110_1.txt
2017-01-10 13:22:26 ----A---- C:\cenik_palladium_170110_1.txt
2017-01-04 22:11:30 ----A---- C:\WINDOWS\OEWABLog.txt

======List of files/folders modified in the last 1 month======

2017-01-26 23:00:01 ----D---- C:\Program Files\trend micro
2017-01-26 22:56:53 ----D---- C:\WINDOWS\Prefetch
2017-01-26 22:55:00 ----D---- C:\WINDOWS\Temp
2017-01-26 22:54:31 ----A---- C:\Autoconfig.ini
2017-01-26 20:30:35 ----D---- C:\Ksoft
2017-01-26 19:33:13 ----D---- C:\WINDOWS\system32
2017-01-26 17:18:41 ----D---- C:\Program Files\TeamViewer
2017-01-26 09:51:47 ----A---- C:\WINDOWS\wincmd.ini
2017-01-25 16:53:42 ----D---- C:\DPH Seli
2017-01-25 16:37:55 ----D---- C:\MILI DPH
2017-01-25 14:30:22 ----D---- C:\WINDOWS\system32\CatRoot2
2017-01-24 22:49:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2017-01-24 22:46:55 ----RSD---- C:\WINDOWS\assembly
2017-01-24 22:46:37 ----D---- C:\Program Files
2017-01-24 22:35:26 ----D---- C:\WINDOWS\system32\drivers
2017-01-24 21:52:28 ----D---- C:\WINDOWS\system32\Restore
2017-01-19 21:08:37 ----A---- C:\WINDOWS\wcx_ftp.ini
2017-01-19 17:00:06 ----D---- C:\WINDOWS\repair
2017-01-17 13:51:15 ----D---- C:\Program Files\=PRIKAZY=
2017-01-16 13:50:25 ----D---- C:\Program Files\=PRIKAZY=MILIIMPORT
2017-01-16 00:55:05 ----D---- C:\WINDOWS\Registration
2017-01-04 22:11:30 ----SHD---- C:\WINDOWS\Installer
2017-01-04 22:11:30 ----D---- C:\WINDOWS
2017-01-04 22:11:24 ----D---- C:\Documents and Settings
2017-01-03 10:05:36 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 file_tracker;file_tracker; C:\WINDOWS\system32\DRIVERS\file_tracker.sys [2016-02-01 249184]
R0 fltsrv;Acronis Storage Filter Management; C:\WINDOWS\system32\DRIVERS\fltsrv.sys [2016-02-01 123744]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2008-11-04 83296]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2016-02-01 245088]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2015-12-25 329384]
R0 tib;Acronis TIB Manager; C:\WINDOWS\system32\DRIVERS\tib.sys [2016-02-01 685400]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2007-03-19 104064]
R0 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-11-01 77312]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-06-28 206496]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-06-28 156320]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2016-06-28 162472]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2016-06-28 77992]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2016-06-28 121504]
R2 tib_mounter;Acronis TIB Mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [2016-02-01 156504]
R2 virtual_file;Acronis Virtual File Driver; C:\WINDOWS\system32\DRIVERS\virtual_file.sys [2016-02-01 229720]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2016-06-28 55968]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4; C:\WINDOWS\system32\DRIVERS\flashud.sys [2009-09-09 42496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2015-09-16 6294744]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-12-19 12708160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2014-12-04 441048]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-19 25280]
S3 hipeer20;Remobo Instant Private Network; C:\WINDOWS\system32\DRIVERS\remobo32.sys [2009-04-22 26112]
S3 Huawei;Vodafone Mobile Broadband - USB Smart Card Reader (Huawei); C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-08-18 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-11-04 102528]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2009-11-04 100736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 pwdrvio;pwdrvio; \??\C:\windows\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\system32\pwdspio.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-03-04 709248]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 tap0901;TAP-Windows Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2013-08-22 35288]
S3 tnd;Acronis Try&Decide filter; C:\WINDOWS\system32\DRIVERS\tnd.sys [2016-02-01 398680]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-08-18 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-08-18 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-08-18 105088]
S4 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S4 RTL8023xp;D-Link DGE-528T Gigabit Ethernet Adapter NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\DLKRTXP.SYS [2006-07-31 83456]
S4 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880]
S4 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-11-27 174464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2015-11-26 950584]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2016-02-01 4463960]
R2 CryptoPreventMonSvc;CryptoPrevent Monitor Service; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [2017-01-24 600560]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-06-10 2000856]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-03 153376]
R2 mmsminisrv;Acronis Managed Machine Service Mini; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [2015-08-11 4884064]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-12-19 156960]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2015-11-06 7637744]
R2 TeamViewer;TeamViewer 11; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
R2 tvnserver;TightVNC Server; c:\Program Files\TightVNC\tvnserver.exe [2013-07-19 1690096]
R2 upsMonitor;upsMonitor; C:\PROGRA~1\VIEWPO~1.10\UPSMON~1.EXE [2015-01-11 116224]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2013-09-25 282112]
R3 CryptoPreventEmail;CryptoPrevent Email Service; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [2017-01-24 600560]
R3 CryptoPreventFolderWatch;CryptoPrevent Folder Watch Service; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [2017-01-24 600560]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 upsTomcat;Apache Tomcat upsTomcat; C:\Program Files\ViewPower2.10\tomcat\bin\tomcat6.exe [2011-04-15 57344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-21 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14 270016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-21 144200]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2016-12-15 172488]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\system32\SUPDSvc.exe [2009-03-24 127656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Tomas.11 · #2 Příspěvek od **Tomas.11** » 26 led 2017 23:14

ještě scan FRST, z důvodu počtu znaků musím nahrát zvytek jako TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2017
Ran by T (administrator) on SELI-KANCELAR1 (26-01-2017 23:04:06)
Running from C:\Documents and Settings\T\Plocha
Loaded Profiles: Milan Lipavský & T & MH (Available Profiles: Milan Lipavský & T & MH & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Foolish IT LLC) C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.phps <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.job <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.msc <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.92bs <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*.psc* <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\Administrator\*.xcs <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.rbs <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.isu <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.bas <====== ATTENTION
HKU\S-1-5-21-1390067357-1454471165-725345543-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1454471165-725345543-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VIA RAID TOOL.lnk [2011-06-05]
ShortcutTarget: VIA RAID TOOL.lnk -> C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2014-12-18]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{A4B689E6-71A9-4A5E-9F1F-FA3868115F32}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1390067357-1454471165-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1390067357-1454471165-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1390067357-1454471165-725345543-1004 -> DefaultScope {97F9760A-2A24-45F0-BBBE-4F02196A8B7F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-1390067357-1454471165-725345543-1004 -> {97F9760A-2A24-45F0-BBBE-4F02196A8B7F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1390067357-1454471165-725345543-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} hxxp://62.209.202.134:7001/classes/OvisLinkCamV_H264.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257155813140
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {6BA530D8-94B2-49E0-AC55-70899582FE1F} hxxp://192.168.1.225/AV718.cab
DPF: {79EE81BD-6194-4240-A04F-131A81513DCB} hxxp://192.168.1.31/Media.CAB
DPF: {7A24CAC8-8549-4698-85A2-AFF61D4427F7} hxxp://192.168.1.223/classes/AlfaCamV.cab
DPF: {87D48502-D1FF-4D25-B66C-9DA4F7CB2722} hxxp://192.168.1.227/classes/CamV_H264.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} hxxp://62.209.202.134:6001/plugin/client.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} hxxp://192.168.1.8/plugin/h263ctrl.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://snzr.ksrzis.cz/nsnzr/ozn/capicom.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DB87A30F-4960-4247-9672-6A0D550EECE8} hxxp://192.168.1.31/SVRFind.CAB
DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://62.209.202.134:6000/view.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\T\Data aplikací\Mozilla\Firefox\Profiles\u5h6kkxe.default [2016-08-05]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1454471165-725345543-1003: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\Milan Lipavský\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [1749-10-20] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-1390067357-1454471165-725345543-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\T\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2014-07-10] (Komerční banka, a.s.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\T\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\T\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-02-01] (Acronis)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R3 CryptoPreventEmail; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2000856 2016-06-10] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-11-03] (Sun Microsystems, Inc.)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S3 Samsung UPD Service; C:\windows\system32\SUPDSvc.exe [127656 2009-03-24] (Samsung Electronics CO., LTD.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295936 2010-03-16] (Microsoft Corporation) [File not signed]
R2 tvnserver; c:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
R2 upsMonitor; C:\Program Files\ViewPower2.10\upsMonitor.exe [116224 2015-01-11] (Acresso) [File not signed]
R3 upsTomcat; C:\Program Files\ViewPower2.10\tomcat\bin\tomcat6.exe [57344 2011-04-15] (Apache Software Foundation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2006-09-18] (Samsung Electronics Co., Ltd.) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206496 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156320 2016-06-28] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [121504 2016-06-28] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [162472 2016-06-28] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [55968 2016-06-28] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77992 2016-06-28] (ESET)
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-02-01] (Acronis International GmbH)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2008-11-19] (LogMeIn, Inc.)
S3 hipeer20; C:\WINDOWS\System32\DRIVERS\remobo32.sys [26112 2009-04-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2009-08-18] (Huawei Tech. Co., Ltd.)
S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [100736 2009-11-04] (Huawei Technologies Co., Ltd.)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R3 int0800; C:\WINDOWS\System32\DRIVERS\flashud.sys [42496 2009-09-09] (Intel Corporation) [File not signed]
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [83296 2008-11-04] (JMicron Technology Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [11104 2010-04-09] ()
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [709248 2009-03-04] (Ralink Technology, Corp.) [File not signed]
S4 RTL8023xp; C:\WINDOWS\System32\DRIVERS\DLKRTXP.SYS [83456 2006-07-31] (D-Link Corp. )
R3 serenum; C:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-12-25] (Duplex Secure Ltd.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-02-01] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-02-01] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-02-01] (Acronis International GmbH)
S4 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [104064 2007-03-19] (VIA Technologies inc,.ltd) [File not signed]
R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-11-01] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-02-01] (Acronis International GmbH)
S4 yukonwxp; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [174464 2003-11-27] (Marvell Semiconductor Inc.)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 23:04 - 2017-01-26 23:04 - 00361348 _____ C:\Documents and Settings\T\Plocha\FRST.txt
2017-01-26 23:03 - 2017-01-26 23:04 - 00000000 ____D C:\FRST
2017-01-26 22:59 - 2017-01-26 23:00 - 00000000 ____D C:\rsit
2017-01-26 22:59 - 2017-01-26 22:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\T\Plocha\FRSTLauncher.exe
2017-01-26 22:57 - 2017-01-26 22:57 - 01762816 _____ (Farbar) C:\Documents and Settings\T\Plocha\FRST.exe
2017-01-26 22:55 - 2017-01-26 22:55 - 01107968 _____ C:\Documents and Settings\T\Plocha\RSIT.exe
2017-01-25 15:36 - 2017-01-25 15:46 - 00000000 ____D C:\Documents and Settings\MH\Local Settings\Temp
2017-01-25 14:25 - 2017-01-25 14:59 - 00011132 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Novinky 25.1.2017.xlsx
2017-01-25 08:21 - 2017-01-25 08:21 - 00056884 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Document preview.pdf
2017-01-25 07:39 - 2017-01-26 23:04 - 00000000 ____D C:\Documents and Settings\T\Local Settings\Temp
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty\Obrázky
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty\Hudba
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ____D C:\CryptoPreventQuarantine
2017-01-24 22:46 - 2017-01-24 22:46 - 00053248 _____ C:\WINDOWS\system32\zlib.dll
2017-01-24 22:46 - 2017-01-24 22:46 - 00000907 _____ C:\Documents and Settings\All Users\Plocha\CryptoPrevent.lnk
2017-01-24 22:46 - 2017-01-24 22:46 - 00000000 ____D C:\Program Files\Foolish IT
2017-01-24 22:46 - 2017-01-24 22:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CryptoPrevent
2017-01-24 22:06 - 2017-01-24 22:06 - 10284816 _____ (Malwarebytes Corporation ) C:\mbam-setup-1.75.0.1300.exe
2017-01-24 22:06 - 2017-01-24 22:06 - 00000826 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Data aplikací\Malwarebytes
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2017-01-24 22:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-24 21:59 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-01-24 21:57 - 2017-01-24 21:57 - 21540440 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.1.4.1018.exe
2017-01-24 21:52 - 2017-01-26 23:04 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Local Settings\Temp
2017-01-19 21:10 - 2017-01-19 21:10 - 00000335 _____ C:\prijemka_palladium_170119_3.txt
2017-01-19 21:10 - 2017-01-19 21:10 - 00000291 _____ C:\cenik_palladium_170119_3.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00005511 _____ C:\prijemka_palladium_170119_1.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00004770 _____ C:\cenik_palladium_170119_1.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00002462 _____ C:\prijemka_palladium_170119_2.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00002129 _____ C:\cenik_palladium_170119_2.txt
2017-01-18 13:15 - 2017-01-18 13:15 - 00000556 _____ C:\prijemka_palladium_170118_2.txt
2017-01-18 13:15 - 2017-01-18 13:15 - 00000498 _____ C:\cenik_palladium_170118_2.txt
2017-01-18 13:14 - 2017-01-18 13:14 - 00003823 _____ C:\prijemka_palladium_170118_1.txt
2017-01-18 13:14 - 2017-01-18 13:14 - 00003352 _____ C:\cenik_palladium_170118_1.txt
2017-01-16 13:41 - 2017-01-16 13:41 - 00000112 _____ C:\prijemka_palladium_170116_1.txt
2017-01-16 13:41 - 2017-01-16 13:41 - 00000096 _____ C:\cenik_palladium_170116_1.txt
2017-01-16 10:51 - 2017-01-17 09:04 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Tesco obraty
2017-01-13 15:20 - 2017-01-13 15:20 - 00005738 _____ C:\prijemka_palladium_170113_1.txt
2017-01-13 15:20 - 2017-01-13 15:20 - 00005063 _____ C:\cenik_palladium_170113_1.txt
2017-01-13 09:20 - 2017-01-13 09:20 - 00000165 ____H C:\Documents and Settings\Milan Lipavský\Plocha\~$TESCO CRok.xlsx
2017-01-10 13:22 - 2017-01-10 13:22 - 00007543 _____ C:\prijemka_palladium_170110_1.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00006588 _____ C:\cenik_palladium_170110_1.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000892 _____ C:\prijemka_palladium_170110_2.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000798 _____ C:\cenik_palladium_170110_2.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000222 _____ C:\prijemka_palladium_170110_3.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000201 _____ C:\cenik_palladium_170110_3.txt
2017-01-06 10:31 - 2017-01-06 11:38 - 00010470 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Banky ešit1.xlsx
2017-01-04 22:11 - 2017-01-11 22:54 - 00000000 ____D C:\Documents and Settings\TEMP\Oblíbené položky
2017-01-04 22:11 - 2017-01-11 22:54 - 00000000 ____D C:\Documents and Settings\TEMP
2017-01-04 22:11 - 2017-01-04 22:11 - 00000173 _____ C:\WINDOWS\OEWABLog.txt
2017-01-04 20:40 - 2017-01-05 13:14 - 00011762 _____ C:\Documents and Settings\Milan Lipavský\Plocha\rozpSešit1.xlsx
2017-01-04 13:31 - 2017-01-04 13:31 - 00013626 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Návr novinek -listing-Tesco.xlsx
2016-12-29 11:40 - 2016-12-29 11:40 - 00010836 _____ C:\Documents and Settings\Milan Lipavský\Plocha\100m.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 23:04 - 2007-07-02 20:30 - 00000000 ____D C:\Documents and Settings\T\Plocha
2017-01-26 23:03 - 2007-07-02 20:30 - 00000000 ___HD C:\Documents and Settings\T\Local Settings\Data aplikací
2017-01-26 23:00 - 2009-11-06 08:32 - 00000000 ____D C:\Program Files\trend micro
2017-01-26 22:58 - 2007-11-05 20:20 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Data aplikací\Skype
2017-01-26 22:54 - 2014-02-12 07:38 - 00000072 _____ C:\Autoconfig.ini
2017-01-26 22:10 - 2016-12-17 00:05 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-26 20:30 - 2015-12-23 13:47 - 00000000 ____D C:\Ksoft
2017-01-26 19:50 - 2008-06-02 06:43 - 00000121 _____ C:\kosdat.mem
2017-01-26 17:18 - 2009-11-12 09:50 - 00000000 ____D C:\Program Files\TeamViewer
2017-01-26 15:14 - 2015-12-25 22:57 - 00004874 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-01-26 15:03 - 2007-06-30 11:28 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha
2017-01-26 09:51 - 2007-06-30 12:14 - 00008266 _____ C:\WINDOWS\wincmd.ini
2017-01-26 09:12 - 2016-05-24 14:39 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Libečkova
2017-01-26 00:31 - 2016-10-06 13:26 - 00000484 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job
2017-01-26 00:10 - 2016-12-17 00:05 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-25 16:53 - 2016-11-23 22:51 - 00000000 ____D C:\DPH Seli
2017-01-25 16:37 - 2016-11-23 23:21 - 00000000 ____D C:\MILI DPH
2017-01-25 16:36 - 2016-04-13 12:58 - 00000000 ____D C:\Documents and Settings\MH\Data aplikací\Skype
2017-01-25 15:36 - 2016-07-13 04:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-01-25 14:57 - 2016-07-08 12:26 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Objednávky Alvorada
2017-01-25 12:56 - 2007-06-30 11:28 - 00000000 ___HD C:\Documents and Settings\Milan Lipavský\Okolní síť
2017-01-25 08:38 - 2015-12-23 11:41 - 00000613 _____ C:\Documents and Settings\Milan Lipavský\Plocha\sdilena-slozka-pekarna.lnk
2017-01-25 07:44 - 2015-12-23 11:39 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Ikony Seli
2017-01-25 07:42 - 2007-07-02 20:30 - 00000000 ___HD C:\Documents and Settings\T\Okolní síť
2017-01-24 22:50 - 2007-06-30 11:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 22:49 - 2014-11-01 08:00 - 00196608 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-24 22:49 - 2007-06-30 11:27 - 00032474 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 22:49 - 2007-06-30 11:27 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-01-24 22:46 - 2007-06-30 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 22:46 - 2007-06-30 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 22:06 - 2007-06-30 11:28 - 00000000 __RHD C:\Documents and Settings\Milan Lipavský\Data aplikací
2017-01-24 21:59 - 2007-06-30 13:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 21:52 - 2001-10-25 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-19 21:08 - 2007-11-14 10:48 - 00000684 _____ C:\WINDOWS\wcx_ftp.ini
2017-01-19 17:00 - 2007-06-30 13:10 - 00000000 ____D C:\WINDOWS\repair
2017-01-18 00:10 - 2007-06-30 11:28 - 00000000 ___HD C:\Documents and Settings\Milan Lipavský\Local Settings\Data aplikací
2017-01-17 21:47 - 2016-09-08 01:03 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\OSTATNI SELI
2017-01-16 00:55 - 2007-06-30 11:20 - 00000000 ____D C:\WINDOWS\Registration
2017-01-15 17:47 - 2007-06-30 11:28 - 00000272 ___SH C:\Documents and Settings\Milan Lipavský\ntuser.ini
2017-01-15 17:47 - 2007-06-30 11:28 - 00000000 ____D C:\Documents and Settings\Milan Lipavský
2017-01-12 10:24 - 2015-12-23 11:41 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\PRYM 2015
2017-01-11 22:55 - 2007-07-02 20:30 - 00000272 ___SH C:\Documents and Settings\T\ntuser.ini
2017-01-04 22:11 - 2007-06-30 13:14 - 00000000 ____D C:\Documents and Settings
2017-01-03 10:05 - 2012-07-24 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-27 18:07 - 2014-01-21 14:48 - 00000000 __RHD C:\Documents and Settings\MH\Recent
2016-12-27 17:50 - 2014-01-21 14:48 - 01835008 ____H C:\Documents and Settings\MH\NTUSER.DAT

==================== Files in the root of some directories =======

2010-01-20 08:13 - 2010-01-20 08:13 - 0001910 ____N () C:\Program Files\Miliimport-nový 2.htm
2010-01-20 07:34 - 2010-01-20 07:43 - 0000403 ____N () C:\Program Files\Miliimport1.htm
2010-01-21 07:19 - 2010-01-21 07:19 - 0002663 ____N () C:\Program Files\Mliimport - šablona OK.htm
2010-01-21 07:19 - 2010-01-21 07:19 - 0006396 ____N () C:\Program Files\Mliimport - šablona OK.mht
2010-01-20 07:34 - 2010-01-20 07:34 - 0001136 ____N () C:\Program Files\podpis.html
2015-02-08 09:02 - 2016-08-07 21:28 - 0009216 _____ () C:\Documents and Settings\T\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-20 09:33 - 2015-03-20 12:25 - 0000269 ____N () C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\T\Plocha" je 3 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe"="C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"="C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe"="C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Temp\\TV\\TeamViewer.exe"="C:\\Temp\\TV\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\SUPDSvc.exe"="C:\\WINDOWS\\system32\\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe"="C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ScanCDLM.exe"="C:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\\Ksoft\\KOSYS\\KOSYS.EXE"="C:\\Ksoft\\KOSYS\\KOSYS.EXE:*:Enabled:KOSYS"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"\\\\192.168.1.99\\other\\Instalacky\\Microsoft Toolkit 2.5.0.exe"="\\\\192.168.1.99\\other\\Instalacky\\Microsoft Toolkit 2.5.0.exe:*:Enabled:Microsoft Toolkit 2.5.0.exe"
"C:\\Program Files\\KMSpico\\KMSELDI.exe"="C:\\Program Files\\KMSpico\\KMSELDI.exe:*:Enabled:KMS Emulator: KMSELDI.exe"
"C:\\Program Files\\KMSpico\\AutoPico.exe"="C:\\Program Files\\KMSpico\\AutoPico.exe:*:Enabled:KMS Emulator: AutoPico.exe"
"C:\\Program Files\\TightVNC\\tvnserver.exe"="C:\\Program Files\\TightVNC\\tvnserver.exe:*:Enabled:TightVNC"
"C:\\Program Files\\TightVNC\\tvnviewer.exe"="C:\\Program Files\\TightVNC\\tvnviewer.exe:*:Enabled:TightVNC"
"C:\\Program Files\\Samsung\\Easy Printer Manager\\uninstall.exe"="C:\\Program Files\\Samsung\\Easy Printer Manager\\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\\Program Files\\ViewPower2.10\\jre\\bin\\javaw.exe"="C:\\Program Files\\ViewPower2.10\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\Synology Data Replicator 3\\Backup.exe"="C:\\Program Files\\Synology Data Replicator 3\\Backup.exe:*:Enabled:Data Replicator"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe:*:Disabled:EaseUS Todo Backup Agent Application"
"C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"="C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe"="C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"
"C:\\Program Files\\TeamViewer\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"53:UDP"="53:UDP:*:Enabled:Promo"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"54925:UDP"="54925:UDP:*:Enabled:BrotherNetwork Scanner"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-01-2017
Ran by T (26-01-2017 23:04:49)
Running from C:\Documents and Settings\T\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2007-06-30 10:26:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1390067357-1454471165-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1390067357-1454471165-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1454471165-725345543-1000 - Limited - Disabled)
MH (S-1-5-21-1390067357-1454471165-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MH
Milan Lipavský (S-1-5-21-1390067357-1454471165-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Milan Lipavský
SUPPORT_388945a0 (S-1-5-21-1390067357-1454471165-725345543-1002 - Limited - Disabled)
T (S-1-5-21-1390067357-1454471165-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\T

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2016 (HKLM\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
Aktualizace systému Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace systému Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017) (HKLM\...\KB2482017-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455) (HKLM\...\KB974455-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325) (HKLM\...\KB976325-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207) (HKLM\...\KB978207-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Brother MFL-Pro Suite DCP-1610W series (HKLM\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.2.3 - Foolish IT LLC)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Enterra Icon Keeper 1.0.0.2 (HKLM\...\Enterra Icon Keeper_is1) (Version: - Enterra, Inc.)
ESET Smart Security (HKLM\...\{1365F53E-4615-4252-AE38-B33CF5DE3664}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version: - )
ffdshow [rev 3299] [2010-03-03] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune 2.50 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
IDES-CZ (HKLM\...\{15EDA964-9FA7-43BC-8DC2-033306253D12}) (Version: 8.0 - Werum Software & Systems, AG)
InstatDesk-CZ (HKLM\...\{FF60EF48-4C83-4E3B-BCE2-421110FC4D15}) (Version: 1.0.41 - XPIS)
J2SE Runtime Environment 5.0 Update 10 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150040}) (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Java(TM) 6 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
KOSYS verze 26-35-2 (HKLM\...\KOSYS®_is1) (Version: - )
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY (HKLM\...\{A2C9CD1B-2551-3AED-B244-6698FB929FA6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY (HKLM\...\{546C143E-68DC-314D-97BC-1E454E3BA429}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Migrace profilu uživatele pro systém Windows 7 (HKLM\...\WET7Cable) (Version: - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
Nvidia Omega Drivers Setup Files (HKLM\...\Nvidia Omega Drivers for Windows 2k-XPv1.6693) (Version: - )
NVIDIA Ovladače grafiky 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
ODIR (HKLM\...\ODIR_is1) (Version: - Vaita)
Ovládací panel NVIDIA 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
Poradce pro upgrade na systém Windows 7 (HKLM\...\{C3A13A35-63AC-427a-92E6-960C1D01FABB}) (Version: 2.0.5000.0 - Microsoft Corporation)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7513 - Realtek Semiconductor Corp.)
sala's Terminal Server Patch 2.1 (HKLM\...\sala-termserv) (Version: - )
Samsung SCX-3200 Series (HKLM\...\Samsung SCX-3200 Series) (Version: __VERSION__ - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.850.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Software602 Form Filler (HKLM\...\{00A58FD6-1A11-412C-8297-66D793771758}) (Version: 4.54 - Software602 a.s.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3663 - Analog Devices)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
VIA Integrated Setup Wizard (HKLM\...\InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}) (Version: 0.99 - VIA Technologies, Inc.)
VIA Integrated Setup Wizard (Version: 0.99 - VIA Technologies, Inc.) Hidden
VIA Platforma Ovladače zařízení (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
ViewPower2.10 (HKLM\...\ViewPower2.10) (Version: 1.0.0.0 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031517 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1003_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Documents and Settings\Milan Lipavský\Data aplikací\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1004_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Documents and Settings\T\Data aplikací\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\T\Okolní síť\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\IDES-CZ\ Informace o aktuálním stavu systému - chyby a poruchy.lnk -> hxxp://www.celnisprava.cz/cz/dalsi-kompetence/ ... astatu.asp
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\IDES-CZ\Informace helpdesku.lnk -> hxxp://www.celnisprava.cz/cz/dalsi-kompetence/ ... efault.asp

==================== Loaded Modules (Whitelisted) ==============

Tomas.11 · #3 Příspěvek od **Tomas.11** » 26 led 2017 23:14

ještě scan FRST, z důvodu počtu znaků musím nahrát zvytek jako TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2017
Ran by T (administrator) on SELI-KANCELAR1 (26-01-2017 23:04:06)
Running from C:\Documents and Settings\T\Plocha
Loaded Profiles: Milan Lipavský & T & MH (Available Profiles: Milan Lipavský & T & MH & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Foolish IT LLC) C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.phps <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.job <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.msc <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.92bs <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*.psc* <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\Administrator\*.xcs <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.rbs <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.isu <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.bas <====== ATTENTION
HKU\S-1-5-21-1390067357-1454471165-725345543-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1390067357-1454471165-725345543-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VIA RAID TOOL.lnk [2011-06-05]
ShortcutTarget: VIA RAID TOOL.lnk -> C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2014-12-18]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{A4B689E6-71A9-4A5E-9F1F-FA3868115F32}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1390067357-1454471165-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1390067357-1454471165-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1390067357-1454471165-725345543-1004 -> DefaultScope {97F9760A-2A24-45F0-BBBE-4F02196A8B7F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-1390067357-1454471165-725345543-1004 -> {97F9760A-2A24-45F0-BBBE-4F02196A8B7F} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1390067357-1454471165-725345543-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} hxxp://62.209.202.134:7001/classes/OvisLinkCamV_H264.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257155813140
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {6BA530D8-94B2-49E0-AC55-70899582FE1F} hxxp://192.168.1.225/AV718.cab
DPF: {79EE81BD-6194-4240-A04F-131A81513DCB} hxxp://192.168.1.31/Media.CAB
DPF: {7A24CAC8-8549-4698-85A2-AFF61D4427F7} hxxp://192.168.1.223/classes/AlfaCamV.cab
DPF: {87D48502-D1FF-4D25-B66C-9DA4F7CB2722} hxxp://192.168.1.227/classes/CamV_H264.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} hxxp://62.209.202.134:6001/plugin/client.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} hxxp://192.168.1.8/plugin/h263ctrl.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://snzr.ksrzis.cz/nsnzr/ozn/capicom.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DB87A30F-4960-4247-9672-6A0D550EECE8} hxxp://192.168.1.31/SVRFind.CAB
DPF: {FF3BA0DA-79B5-4110-8FAC-C402D85AAEDA} hxxp://62.209.202.134:6000/view.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\T\Data aplikací\Mozilla\Firefox\Profiles\u5h6kkxe.default [2016-08-05]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-11-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1390067357-1454471165-725345543-1003: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\Milan Lipavský\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [1749-10-20] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-1390067357-1454471165-725345543-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\T\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2014-07-10] (Komerční banka, a.s.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\T\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\T\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-02-01] (Acronis)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R3 CryptoPreventEmail; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [600560 2017-01-24] (Foolish IT LLC)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2000856 2016-06-10] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-11-03] (Sun Microsystems, Inc.)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S3 Samsung UPD Service; C:\windows\system32\SUPDSvc.exe [127656 2009-03-24] (Samsung Electronics CO., LTD.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295936 2010-03-16] (Microsoft Corporation) [File not signed]
R2 tvnserver; c:\Program Files\TightVNC\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
R2 upsMonitor; C:\Program Files\ViewPower2.10\upsMonitor.exe [116224 2015-01-11] (Acresso) [File not signed]
R3 upsTomcat; C:\Program Files\ViewPower2.10\tomcat\bin\tomcat6.exe [57344 2011-04-15] (Apache Software Foundation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2006-09-18] (Samsung Electronics Co., Ltd.) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [206496 2016-06-28] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [156320 2016-06-28] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [121504 2016-06-28] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [162472 2016-06-28] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [55968 2016-06-28] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77992 2016-06-28] (ESET)
R1 Ext2fs; C:\WINDOWS\System32\DRIVERS\ext2fs.sys [181120 2008-09-25] (Stephan Schreiber) [File not signed]
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-02-01] (Acronis International GmbH)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2008-11-19] (LogMeIn, Inc.)
S3 hipeer20; C:\WINDOWS\System32\DRIVERS\remobo32.sys [26112 2009-04-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2009-08-18] (Huawei Tech. Co., Ltd.)
S3 hwusbfake; C:\WINDOWS\System32\DRIVERS\ewusbfake.sys [100736 2009-11-04] (Huawei Technologies Co., Ltd.)
R1 IfsMount; C:\WINDOWS\System32\DRIVERS\ifsmount.sys [51072 2008-08-28] (Stephan Schreiber) [File not signed]
R3 int0800; C:\WINDOWS\System32\DRIVERS\flashud.sys [42496 2009-09-09] (Intel Corporation) [File not signed]
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [83296 2008-11-04] (JMicron Technology Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [11104 2010-04-09] ()
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [709248 2009-03-04] (Ralink Technology, Corp.) [File not signed]
S4 RTL8023xp; C:\WINDOWS\System32\DRIVERS\DLKRTXP.SYS [83456 2006-07-31] (D-Link Corp. )
R3 serenum; C:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [329384 2015-12-25] (Duplex Secure Ltd.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-02-01] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-02-01] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-02-01] (Acronis International GmbH)
S4 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [104064 2007-03-19] (VIA Technologies inc,.ltd) [File not signed]
R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-11-01] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2007-03-29] (VIA Technologies, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-02-01] (Acronis International GmbH)
S4 yukonwxp; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [174464 2003-11-27] (Marvell Semiconductor Inc.)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 23:04 - 2017-01-26 23:04 - 00361348 _____ C:\Documents and Settings\T\Plocha\FRST.txt
2017-01-26 23:03 - 2017-01-26 23:04 - 00000000 ____D C:\FRST
2017-01-26 22:59 - 2017-01-26 23:00 - 00000000 ____D C:\rsit
2017-01-26 22:59 - 2017-01-26 22:59 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\T\Plocha\FRSTLauncher.exe
2017-01-26 22:57 - 2017-01-26 22:57 - 01762816 _____ (Farbar) C:\Documents and Settings\T\Plocha\FRST.exe
2017-01-26 22:55 - 2017-01-26 22:55 - 01107968 _____ C:\Documents and Settings\T\Plocha\RSIT.exe
2017-01-25 15:36 - 2017-01-25 15:46 - 00000000 ____D C:\Documents and Settings\MH\Local Settings\Temp
2017-01-25 14:25 - 2017-01-25 14:59 - 00011132 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Novinky 25.1.2017.xlsx
2017-01-25 08:21 - 2017-01-25 08:21 - 00056884 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Document preview.pdf
2017-01-25 07:39 - 2017-01-26 23:04 - 00000000 ____D C:\Documents and Settings\T\Local Settings\Temp
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty\Obrázky
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty\Hudba
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ___RD C:\Documents and Settings\LocalService\Dokumenty
2017-01-24 22:49 - 2017-01-24 22:49 - 00000000 ____D C:\CryptoPreventQuarantine
2017-01-24 22:46 - 2017-01-24 22:46 - 00053248 _____ C:\WINDOWS\system32\zlib.dll
2017-01-24 22:46 - 2017-01-24 22:46 - 00000907 _____ C:\Documents and Settings\All Users\Plocha\CryptoPrevent.lnk
2017-01-24 22:46 - 2017-01-24 22:46 - 00000000 ____D C:\Program Files\Foolish IT
2017-01-24 22:46 - 2017-01-24 22:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CryptoPrevent
2017-01-24 22:06 - 2017-01-24 22:06 - 10284816 _____ (Malwarebytes Corporation ) C:\mbam-setup-1.75.0.1300.exe
2017-01-24 22:06 - 2017-01-24 22:06 - 00000826 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Data aplikací\Malwarebytes
2017-01-24 22:06 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2017-01-24 22:06 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-24 21:59 - 2017-01-24 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-01-24 21:57 - 2017-01-24 21:57 - 21540440 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.1.4.1018.exe
2017-01-24 21:52 - 2017-01-26 23:04 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Local Settings\Temp
2017-01-19 21:10 - 2017-01-19 21:10 - 00000335 _____ C:\prijemka_palladium_170119_3.txt
2017-01-19 21:10 - 2017-01-19 21:10 - 00000291 _____ C:\cenik_palladium_170119_3.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00005511 _____ C:\prijemka_palladium_170119_1.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00004770 _____ C:\cenik_palladium_170119_1.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00002462 _____ C:\prijemka_palladium_170119_2.txt
2017-01-19 21:09 - 2017-01-19 21:09 - 00002129 _____ C:\cenik_palladium_170119_2.txt
2017-01-18 13:15 - 2017-01-18 13:15 - 00000556 _____ C:\prijemka_palladium_170118_2.txt
2017-01-18 13:15 - 2017-01-18 13:15 - 00000498 _____ C:\cenik_palladium_170118_2.txt
2017-01-18 13:14 - 2017-01-18 13:14 - 00003823 _____ C:\prijemka_palladium_170118_1.txt
2017-01-18 13:14 - 2017-01-18 13:14 - 00003352 _____ C:\cenik_palladium_170118_1.txt
2017-01-16 13:41 - 2017-01-16 13:41 - 00000112 _____ C:\prijemka_palladium_170116_1.txt
2017-01-16 13:41 - 2017-01-16 13:41 - 00000096 _____ C:\cenik_palladium_170116_1.txt
2017-01-16 10:51 - 2017-01-17 09:04 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Tesco obraty
2017-01-13 15:20 - 2017-01-13 15:20 - 00005738 _____ C:\prijemka_palladium_170113_1.txt
2017-01-13 15:20 - 2017-01-13 15:20 - 00005063 _____ C:\cenik_palladium_170113_1.txt
2017-01-13 09:20 - 2017-01-13 09:20 - 00000165 ____H C:\Documents and Settings\Milan Lipavský\Plocha\~$TESCO CRok.xlsx
2017-01-10 13:22 - 2017-01-10 13:22 - 00007543 _____ C:\prijemka_palladium_170110_1.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00006588 _____ C:\cenik_palladium_170110_1.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000892 _____ C:\prijemka_palladium_170110_2.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000798 _____ C:\cenik_palladium_170110_2.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000222 _____ C:\prijemka_palladium_170110_3.txt
2017-01-10 13:22 - 2017-01-10 13:22 - 00000201 _____ C:\cenik_palladium_170110_3.txt
2017-01-06 10:31 - 2017-01-06 11:38 - 00010470 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Banky ešit1.xlsx
2017-01-04 22:11 - 2017-01-11 22:54 - 00000000 ____D C:\Documents and Settings\TEMP\Oblíbené položky
2017-01-04 22:11 - 2017-01-11 22:54 - 00000000 ____D C:\Documents and Settings\TEMP
2017-01-04 22:11 - 2017-01-04 22:11 - 00000173 _____ C:\WINDOWS\OEWABLog.txt
2017-01-04 20:40 - 2017-01-05 13:14 - 00011762 _____ C:\Documents and Settings\Milan Lipavský\Plocha\rozpSešit1.xlsx
2017-01-04 13:31 - 2017-01-04 13:31 - 00013626 _____ C:\Documents and Settings\Milan Lipavský\Plocha\Návr novinek -listing-Tesco.xlsx
2016-12-29 11:40 - 2016-12-29 11:40 - 00010836 _____ C:\Documents and Settings\Milan Lipavský\Plocha\100m.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-26 23:04 - 2007-07-02 20:30 - 00000000 ____D C:\Documents and Settings\T\Plocha
2017-01-26 23:03 - 2007-07-02 20:30 - 00000000 ___HD C:\Documents and Settings\T\Local Settings\Data aplikací
2017-01-26 23:00 - 2009-11-06 08:32 - 00000000 ____D C:\Program Files\trend micro
2017-01-26 22:58 - 2007-11-05 20:20 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Data aplikací\Skype
2017-01-26 22:54 - 2014-02-12 07:38 - 00000072 _____ C:\Autoconfig.ini
2017-01-26 22:10 - 2016-12-17 00:05 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-26 20:30 - 2015-12-23 13:47 - 00000000 ____D C:\Ksoft
2017-01-26 19:50 - 2008-06-02 06:43 - 00000121 _____ C:\kosdat.mem
2017-01-26 17:18 - 2009-11-12 09:50 - 00000000 ____D C:\Program Files\TeamViewer
2017-01-26 15:14 - 2015-12-25 22:57 - 00004874 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-01-26 15:03 - 2007-06-30 11:28 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha
2017-01-26 09:51 - 2007-06-30 12:14 - 00008266 _____ C:\WINDOWS\wincmd.ini
2017-01-26 09:12 - 2016-05-24 14:39 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Libečkova
2017-01-26 00:31 - 2016-10-06 13:26 - 00000484 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job
2017-01-26 00:10 - 2016-12-17 00:05 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-25 16:53 - 2016-11-23 22:51 - 00000000 ____D C:\DPH Seli
2017-01-25 16:37 - 2016-11-23 23:21 - 00000000 ____D C:\MILI DPH
2017-01-25 16:36 - 2016-04-13 12:58 - 00000000 ____D C:\Documents and Settings\MH\Data aplikací\Skype
2017-01-25 15:36 - 2016-07-13 04:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-01-25 14:57 - 2016-07-08 12:26 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Objednávky Alvorada
2017-01-25 12:56 - 2007-06-30 11:28 - 00000000 ___HD C:\Documents and Settings\Milan Lipavský\Okolní síť
2017-01-25 08:38 - 2015-12-23 11:41 - 00000613 _____ C:\Documents and Settings\Milan Lipavský\Plocha\sdilena-slozka-pekarna.lnk
2017-01-25 07:44 - 2015-12-23 11:39 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\Ikony Seli
2017-01-25 07:42 - 2007-07-02 20:30 - 00000000 ___HD C:\Documents and Settings\T\Okolní síť
2017-01-24 22:50 - 2007-06-30 11:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 22:49 - 2014-11-01 08:00 - 00196608 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-24 22:49 - 2007-06-30 11:27 - 00032474 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 22:49 - 2007-06-30 11:27 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-01-24 22:46 - 2007-06-30 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 22:46 - 2007-06-30 13:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 22:06 - 2007-06-30 11:28 - 00000000 __RHD C:\Documents and Settings\Milan Lipavský\Data aplikací
2017-01-24 21:59 - 2007-06-30 13:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 21:52 - 2001-10-25 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-19 21:08 - 2007-11-14 10:48 - 00000684 _____ C:\WINDOWS\wcx_ftp.ini
2017-01-19 17:00 - 2007-06-30 13:10 - 00000000 ____D C:\WINDOWS\repair
2017-01-18 00:10 - 2007-06-30 11:28 - 00000000 ___HD C:\Documents and Settings\Milan Lipavský\Local Settings\Data aplikací
2017-01-17 21:47 - 2016-09-08 01:03 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\OSTATNI SELI
2017-01-16 00:55 - 2007-06-30 11:20 - 00000000 ____D C:\WINDOWS\Registration
2017-01-15 17:47 - 2007-06-30 11:28 - 00000272 ___SH C:\Documents and Settings\Milan Lipavský\ntuser.ini
2017-01-15 17:47 - 2007-06-30 11:28 - 00000000 ____D C:\Documents and Settings\Milan Lipavský
2017-01-12 10:24 - 2015-12-23 11:41 - 00000000 ____D C:\Documents and Settings\Milan Lipavský\Plocha\PRYM 2015
2017-01-11 22:55 - 2007-07-02 20:30 - 00000272 ___SH C:\Documents and Settings\T\ntuser.ini
2017-01-04 22:11 - 2007-06-30 13:14 - 00000000 ____D C:\Documents and Settings
2017-01-03 10:05 - 2012-07-24 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-27 18:07 - 2014-01-21 14:48 - 00000000 __RHD C:\Documents and Settings\MH\Recent
2016-12-27 17:50 - 2014-01-21 14:48 - 01835008 ____H C:\Documents and Settings\MH\NTUSER.DAT

==================== Files in the root of some directories =======

2010-01-20 08:13 - 2010-01-20 08:13 - 0001910 ____N () C:\Program Files\Miliimport-nový 2.htm
2010-01-20 07:34 - 2010-01-20 07:43 - 0000403 ____N () C:\Program Files\Miliimport1.htm
2010-01-21 07:19 - 2010-01-21 07:19 - 0002663 ____N () C:\Program Files\Mliimport - šablona OK.htm
2010-01-21 07:19 - 2010-01-21 07:19 - 0006396 ____N () C:\Program Files\Mliimport - šablona OK.mht
2010-01-20 07:34 - 2010-01-20 07:34 - 0001136 ____N () C:\Program Files\podpis.html
2015-02-08 09:02 - 2016-08-07 21:28 - 0009216 _____ () C:\Documents and Settings\T\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-20 09:33 - 2015-03-20 12:25 - 0000269 ____N () C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\T\Plocha" je 3 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe"="C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"="C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe"="C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Temp\\TV\\TeamViewer.exe"="C:\\Temp\\TV\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\SUPDSvc.exe"="C:\\WINDOWS\\system32\\SUPDSvc.exe:*:Enabled:Samsung UPD Service"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe"="C:\\Program Files\\Samsung\\Samsung Universal Print Driver 2\\PrinterSelector\\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ScanCDLM.exe"="C:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\\Ksoft\\KOSYS\\KOSYS.EXE"="C:\\Ksoft\\KOSYS\\KOSYS.EXE:*:Enabled:KOSYS"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"\\\\192.168.1.99\\other\\Instalacky\\Microsoft Toolkit 2.5.0.exe"="\\\\192.168.1.99\\other\\Instalacky\\Microsoft Toolkit 2.5.0.exe:*:Enabled:Microsoft Toolkit 2.5.0.exe"
"C:\\Program Files\\KMSpico\\KMSELDI.exe"="C:\\Program Files\\KMSpico\\KMSELDI.exe:*:Enabled:KMS Emulator: KMSELDI.exe"
"C:\\Program Files\\KMSpico\\AutoPico.exe"="C:\\Program Files\\KMSpico\\AutoPico.exe:*:Enabled:KMS Emulator: AutoPico.exe"
"C:\\Program Files\\TightVNC\\tvnserver.exe"="C:\\Program Files\\TightVNC\\tvnserver.exe:*:Enabled:TightVNC"
"C:\\Program Files\\TightVNC\\tvnviewer.exe"="C:\\Program Files\\TightVNC\\tvnviewer.exe:*:Enabled:TightVNC"
"C:\\Program Files\\Samsung\\Easy Printer Manager\\uninstall.exe"="C:\\Program Files\\Samsung\\Easy Printer Manager\\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\\Program Files\\ViewPower2.10\\jre\\bin\\javaw.exe"="C:\\Program Files\\ViewPower2.10\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\Synology Data Replicator 3\\Backup.exe"="C:\\Program Files\\Synology Data Replicator 3\\Backup.exe:*:Enabled:Data Replicator"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe:*:Disabled:EaseUS Todo Backup Agent Application"
"C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe"="C:\\Program Files\\Common Files\\Acronis\\SyncAgent\\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service"
"C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe"="C:\\Program Files\\Common Files\\Acronis\\Infrastructure\\mms_mini.exe:*:Enabled:Acronis Managed Machine Service Mini"
"C:\\Program Files\\TeamViewer\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"53:UDP"="53:UDP:*:Enabled:Promo"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"54925:UDP"="54925:UDP:*:Enabled:BrotherNetwork Scanner"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-01-2017
Ran by T (26-01-2017 23:04:49)
Running from C:\Documents and Settings\T\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2007-06-30 10:26:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1390067357-1454471165-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1390067357-1454471165-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-1454471165-725345543-1000 - Limited - Disabled)
MH (S-1-5-21-1390067357-1454471165-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MH
Milan Lipavský (S-1-5-21-1390067357-1454471165-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Milan Lipavský
SUPPORT_388945a0 (S-1-5-21-1390067357-1454471165-725345543-1002 - Limited - Disabled)
T (S-1-5-21-1390067357-1454471165-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\T

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2016 (HKLM\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
Aktualizace systému Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace systému Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace systému Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2) (Version: 2 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455) (Version: 1 - Microsoft Corporation) Hidden
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017) (HKLM\...\KB2482017-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640) (HKLM\...\KB2497640-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455) (HKLM\...\KB974455-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325) (HKLM\...\KB976325-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB978207) (HKLM\...\KB978207-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Brother MFL-Pro Suite DCP-1610W series (HKLM\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.2.3 - Foolish IT LLC)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Enterra Icon Keeper 1.0.0.2 (HKLM\...\Enterra Icon Keeper_is1) (Version: - Enterra, Inc.)
ESET Smart Security (HKLM\...\{1365F53E-4615-4252-AE38-B33CF5DE3664}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Ext2 IFS 1.11a for Windows XP (HKLM\...\Ext2Ifs_for_NT501) (Version: - )
ffdshow [rev 3299] [2010-03-03] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune 2.50 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
IDES-CZ (HKLM\...\{15EDA964-9FA7-43BC-8DC2-033306253D12}) (Version: 8.0 - Werum Software & Systems, AG)
InstatDesk-CZ (HKLM\...\{FF60EF48-4C83-4E3B-BCE2-421110FC4D15}) (Version: 1.0.41 - XPIS)
J2SE Runtime Environment 5.0 Update 10 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150040}) (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Java(TM) 6 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
KOSYS verze 26-35-2 (HKLM\...\KOSYS®_is1) (Version: - )
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY (HKLM\...\{A2C9CD1B-2551-3AED-B244-6698FB929FA6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY (HKLM\...\{546C143E-68DC-314D-97BC-1E454E3BA429}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Migrace profilu uživatele pro systém Windows 7 (HKLM\...\WET7Cable) (Version: - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
Nvidia Omega Drivers Setup Files (HKLM\...\Nvidia Omega Drivers for Windows 2k-XPv1.6693) (Version: - )
NVIDIA Ovladače grafiky 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
ODIR (HKLM\...\ODIR_is1) (Version: - Vaita)
Ovládací panel NVIDIA 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Platform (Version: 1.24 - VIA Technologies, Inc.) Hidden
Poradce pro upgrade na systém Windows 7 (HKLM\...\{C3A13A35-63AC-427a-92E6-960C1D01FABB}) (Version: 2.0.5000.0 - Microsoft Corporation)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7513 - Realtek Semiconductor Corp.)
sala's Terminal Server Patch 2.1 (HKLM\...\sala-termserv) (Version: - )
Samsung SCX-3200 Series (HKLM\...\Samsung SCX-3200 Series) (Version: __VERSION__ - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.850.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Software602 Form Filler (HKLM\...\{00A58FD6-1A11-412C-8297-66D793771758}) (Version: 4.54 - Software602 a.s.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.3663 - Analog Devices)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
VIA Integrated Setup Wizard (HKLM\...\InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}) (Version: 0.99 - VIA Technologies, Inc.)
VIA Integrated Setup Wizard (Version: 0.99 - VIA Technologies, Inc.) Hidden
VIA Platforma Ovladače zařízení (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
ViewPower2.10 (HKLM\...\ViewPower2.10) (Version: 1.0.0.0 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031517 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1003_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Documents and Settings\Milan Lipavský\Data aplikací\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1004_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Documents and Settings\T\Data aplikací\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-1390067357-1454471165-725345543-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{526B7424-400E-4A5F-A451-969C6C71A20B}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\T\Okolní síť\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\IDES-CZ\ Informace o aktuálním stavu systému - chyby a poruchy.lnk -> hxxp://www.celnisprava.cz/cz/dalsi-kompetence/ ... astatu.asp
Shortcut: C:\Documents and Settings\All Users\Nabídka Start\Programy\IDES-CZ\Informace helpdesku.lnk -> hxxp://www.celnisprava.cz/cz/dalsi-kompetence/ ... efault.asp

==================== Loaded Modules (Whitelisted) ==============

#4 Příspěvek od **altrok** » 28 led 2017 11:51

Krasny den Vam preju

Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.

V logach popisovanou nakazu nevidim - pouzivate stary ESET (aktualne je verze 10, ale tu na XP nedostanete), prehistorickou a deravou Javu. Zalohovani je dle meho jediny duvod, proc je Vas pocitac relativne bez viru (alespon podle techto logu a meho oka).

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Clean (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

Tomas.11 · #5 Příspěvek od **Tomas.11** » 28 led 2017 17:14

Hezký den, omlouvám se, je mi to s délkou již jasné.

Děkuji za obsáhlé posouzení stavu, přikládám log.

# AdwCleaner v6.043 - Log vytvořen 28/01/2017 v 17:07:52
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-01-28.1 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Milan Lipavský - SELI-KANCELAR1
# Spuštěno z : C:\Documents and Settings\Milan Lipavský\Plocha\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [853 Bajty] - [28/01/2017 17:07:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [1424 Bajty] - [28/01/2017 17:07:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [998 Bajty] ##########

#6 Příspěvek od **altrok** » 29 led 2017 01:33

Návod pro MBAM 1.75

Stáhněte a nainstalujte MBAM 1.75 http://www.bleepingcomputer.com/downloa ... i-malware/
na konci instalace zrušte zatržítko u položky Povolit bezplatnou zkušební verzi Malwarebytes Anti-Malware PRO
teď je důležitý krok - stahuje se aktualizace celého programu a na konci vyskočí hláška - zvolte Cancel, případně Storno/Zrušit
jako další se sama stáhla aktualizace virové databáze a dává Vám jedinou možnost -> OK
opět je Vám nabízena aktualizace celého programu -> zvolte opět Cancel
v záložce Kontrolor vyberte možnost Kompletní kontrola a klikněte na Prohledat
po dokončení skenování, které se může protáhnout až na několik hodin, na Vás vyskočí log, který zkopírujte do příští odpovědi... případně jej najdete v kartě Složka protokolu

Tomas.11 · #7 Příspěvek od **Tomas.11** » 29 led 2017 21:53

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2017.01.24.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Milan Lipavský :: SELI-KANCELAR1 [administrátor]

29.1.2017 21:21:53
mbam-log-2017-01-29 (21-21-53).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 547873
Uplynulý čas: 20 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#8 Příspěvek od **altrok** » 30 led 2017 00:57

Zaloha vypada cista. Dejte jeste prosim logy FRST.txt a Addition.txt (bez pouziti FRSTLauncheru). Aby byly cele, tak je pro jistotu muzete zabalit (rar/zip) a nahrat jako prilohu.

Tomas.11 · #9 Příspěvek od **Tomas.11** » 31 led 2017 18:13

Připojuji logy v zipu.

Asi se stejně v brzké budoucnosti nevyhnu upgrade na Windows 7. Ale dost se mi nechce z důvodu reinstalace. Zvažuji zkusit upgradnout nejdříve na Vistu a pak Sedmičky, třeba bych se vyhnul nutnosti úplně čisté instalace. Co myslíte?

#10 Příspěvek od **altrok** » 03 úno 2017 06:14

Nelibi se mi cracknute Officy, ale jinak je PC bez malwaru (alespon dle logu).

Co se tyce upgradu - lze upgradovat pouze 32 bit -> 32 bit nebo 64 -> 64. Kdyz mam moznost, tak volim cistou instalaci (Win7 ma garantovanou podporu do ledna 2020, coz je za chvili). Urcite pred upgradem vytvorte bitovou kopii, protoze Murphyho zakony.

A jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Tomas.11 · #11 Příspěvek od **Tomas.11** » 03 úno 2017 09:02

Děkuji za kontrolu a dobré zprávy. Udělal jsem bitovou kopii a na ní zkusil upgrade až k Win 7, tento hardware už něco pamatuje a desítky by asi nepobral, takže přichází v úvahu asi jenom ta Win7 32 bit verze. Snad na 3 roky by mohl být nyní klid. Systém se tváří stabilně, jediný Acronis launcher to nebpobral, přeinstalujeme.

Ty office překlápím na 365, protože mám multilicenci.

#12 Příspěvek od **altrok** » 03 úno 2017 09:52

Nemate zac. Pokud upgrade nerozdejchal jediny Acronis Launcher, tak muzete slavit

VIRY.CZ

Preventivní kontrola logu

Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu

Re: Preventivní kontrola logu