Zasekaný PC [pro altrok]

Zpráva

melo15 · #1 Příspěvek od **melo15** » 21 kvě 2015 16:34

Logfile of random's system information tool 1.10 (written by random/random)
Run by Adinka at 2015-05-21 17:33:30
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 156 GB (33%) free of 477 GB
Total RAM: 2868 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:50, on 21. 5. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Adinka\Desktop\RSIT.exe
C:\Program Files\trend micro\Adinka.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TimeChecker] C:\Program Files\Microsoft Office\Office14\launch.exe
O4 - HKLM\..\Run: [VideoInformer] C:\Program Files\Java\jre1.8.0_31\bin\jucheck.exe
O4 - HKLM\..\Run: [FolderChecker] C:\Windows\wisptis.exe
O4 - HKLM\..\Run: [NetworkUpdater] C:\Program Files\Adobe\Reader 11.0\Reader\convert.exe
O4 - HKLM\..\Run: [MediaChecker] C:\Program Files\Google\Update\1.3.26.9\unpack.exe
O4 - HKLM\..\Run: [TimeNotifyer] C:\Program Files\Java\jre1.8.0_31\bin\lucoms.exe
O4 - HKLM\..\Run: [ConnectionUpdater] C:\Windows\winlogon.exe
O4 - HKLM\..\Run: [FolderVerifyer] C:\Program Files\MyPC Backup\hkcr.exe
O4 - HKLM\..\Run: [VideoVerifyer] C:\Program Files\Adobe\Reader 11.0\Reader\iexplore.exe
O4 - HKLM\..\Run: [VideoNotifyer] C:\Windows\jucheck.exe
O4 - HKLM\..\Run: [NetworkInformer] C:\Program Files\MyPC Backup\wisptis.exe
O4 - HKLM\..\Run: [MediaSaver] C:\Program Files\Adobe\Reader 11.0\Reader\unpack.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DatabaseChecker] F:\porn.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HELP_DECRYPT.HTML
O4 - Startup: HELP_DECRYPT.PNG
O4 - Startup: HELP_DECRYPT.TXT
O4 - Startup: HELP_DECRYPT.URL
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7880 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Foxtab.job - C:\Users\Adinka\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE /Check
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Adinka\AppData\Roaming\Mozilla\Firefox\Profiles\d6710sxz.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
npFoxitReaderPlugin.dll
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-30 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-20 142616]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-20 177432]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-20 176408]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-09 10082920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"TimeChecker"=C:\Program Files\Microsoft Office\Office14\launch.exe []
"VideoInformer"=C:\Program Files\Java\jre1.8.0_31\bin\jucheck.exe []
"FolderChecker"=C:\Windows\wisptis.exe []
"NetworkUpdater"=C:\Program Files\Adobe\Reader 11.0\Reader\convert.exe []
"MediaChecker"=C:\Program Files\Google\Update\1.3.26.9\unpack.exe []
"TimeNotifyer"=C:\Program Files\Java\jre1.8.0_31\bin\lucoms.exe []
"ConnectionUpdater"=C:\Windows\winlogon.exe []
"FolderVerifyer"=C:\Program Files\MyPC Backup\hkcr.exe []
"VideoVerifyer"=C:\Program Files\Adobe\Reader 11.0\Reader\iexplore.exe []
"VideoNotifyer"=C:\Windows\jucheck.exe []
"NetworkInformer"=C:\Program Files\MyPC Backup\wisptis.exe []
"MediaSaver"=C:\Program Files\Adobe\Reader 11.0\Reader\unpack.exe []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5512912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DatabaseChecker"=F:\porn.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-02-26 31346784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HELP_DECRYPT.HTML
HELP_DECRYPT.PNG
HELP_DECRYPT.TXT
HELP_DECRYPT.URL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 293888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-05-21 17:22:37 ----D---- C:\Program Files\CELOT-Wireless
2015-05-21 17:22:37 ----A---- C:\Windows\system32\drivers\XICTAVSP.sys
2015-05-21 17:22:37 ----A---- C:\Windows\system32\drivers\XICTANmea.sys
2015-05-21 17:22:37 ----A---- C:\Windows\system32\drivers\XICTAMDM.sys
2015-05-21 17:22:33 ----D---- C:\Program Files\3G mobilní internet
2015-05-21 17:18:34 ----D---- C:\rsit
2015-05-21 17:18:34 ----D---- C:\Program Files\trend micro
2015-05-21 17:09:41 ----D---- C:\AdwCleaner
2015-05-21 16:58:08 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2015-05-21 17:33:48 ----SHD---- C:\Windows\Installer
2015-05-21 17:33:43 ----D---- C:\Windows\Prefetch
2015-05-21 17:33:09 ----D---- C:\Windows\System32
2015-05-21 17:32:08 ----D---- C:\Windows\Temp
2015-05-21 17:30:30 ----D---- C:\Windows\inf
2015-05-21 17:30:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-21 17:27:48 ----D---- C:\Users\Adinka\AppData\Roaming\Skype
2015-05-21 17:23:51 ----D---- C:\Windows\system32\drivers
2015-05-21 17:22:41 ----D---- C:\Windows\system32\DriverStore
2015-05-21 17:22:41 ----D---- C:\Windows\system32\catroot
2015-05-21 17:22:37 ----RD---- C:\Program Files
2015-05-21 17:11:28 ----D---- C:\Windows\system32\Tasks
2015-05-21 16:58:08 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-03-30 271248]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-03-30 49904]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-03-30 208024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-03-30 26096]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-03-30 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-03-30 788272]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-03-30 427736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-03-30 24144]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-03-30 73440]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-03-30 106912]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-03-08 220240]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-05-24 2189312]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-06-10 10788352]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-14 3520168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 197224]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 XICTAMDM;CELOT-W USB MODEM Driver; C:\Windows\system32\DRIVERS\XICTAMDM.sys [2010-07-17 168024]
S3 XICTANmea;CELOT-W NMEA Device Driver(WDM); C:\Windows\system32\DRIVERS\XICTANmea.sys [2010-07-17 168024]
S3 XICTAVSP;CELOT-W DM Interface Driver(WDM); C:\Windows\system32\DRIVERS\XICTAVSP.sys [2010-07-17 168024]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-05-01 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-03-30 343336]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-03-30 107448]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-03-08 3205216]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-02 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-02 107912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-05 148080]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 21 kvě 2015 16:50

Zdravim,

system byl nebo stale je napaden kryptovirem. Pocitac vypnete nebo alespon nabootujte do nouzoveho rezimu, aby nedoslo ke kompletnimu zasifrovani (pokud je opravdu ransomwarem cerstve napaden a soubory prave sifruje).

/e nektere druhy ransomwaru mohou branit ve vypnuti systemu, takze jej prinejhorsim natvrdo vypnete (drzet power button po dobu 5 vterin).

melo15 · #3 Příspěvek od **melo15** » 21 kvě 2015 17:03

Jasně, rozumím.

#4 Příspěvek od **altrok** » 22 kvě 2015 07:41

Vsechny operace delejte v nouzovem rezimu dokud nereknu jinak.

V PM mate intrukce pro zaslani vzorku haveti, jez bych velice rad prozkoumal. Nevime, o ktery konkretni druh se jedna, takze k PC radeji nepripojujte flashky apod.

Dejte log z FRST, prilozte i Addition.txt http://forum.viry.cz/viewtopic.php?f=13&t=133100

melo15 · #5 Příspěvek od **melo15** » 22 kvě 2015 10:39

Beru na vědomí.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2015
Ran by Adinka (administrator) on ADINKA-PC on 22-05-2015 11:36:48
Running from C:\Users\Adinka\Desktop
Loaded Profiles: Adinka (Available profiles: Adinka)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
() C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.51\opera.exe
(forum.viry.cz) C:\Users\Adinka\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [142616 2011-06-20] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [177432 2011-06-20] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [176408 2011-06-20] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TimeChecker] => C:\Program Files\Microsoft Office\Office14\launch.exe [0 2010-01-21] ()
HKLM-x32\...\Run: [VideoInformer] => C:\Program Files\Java\jre1.8.0_31\bin\jucheck.exe [0 2015-01-24] ()
HKLM-x32\...\Run: [FolderChecker] => C:\Windows\wisptis.exe [0 2010-11-20] ()
HKLM-x32\...\Run: [NetworkUpdater] => C:\Program Files\Adobe\Reader 11.0\Reader\convert.exe [0 2014-12-03] ()
HKLM\...\Run: [MediaChecker] => C:\Program Files\Google\Update\1.3.26.9\unpack.exe
HKLM-x32\...\Run: [TimeNotifyer] => C:\Program Files\Java\jre1.8.0_31\bin\lucoms.exe [0 2015-01-24] ()
HKLM-x32\...\Run: [ConnectionUpdater] => C:\Windows\winlogon.exe [0 2010-11-20] ()
HKLM\...\Run: [FolderVerifyer] => C:\Program Files\MyPC Backup\hkcr.exe
HKLM-x32\...\Run: [VideoVerifyer] => C:\Program Files\Adobe\Reader 11.0\Reader\iexplore.exe [0 2014-12-03] ()
HKLM-x32\...\Run: [VideoNotifyer] => C:\Windows\jucheck.exe [0 2010-11-20] ()
HKLM\...\Run: [NetworkInformer] => C:\Program Files\MyPC Backup\wisptis.exe
HKLM-x32\...\Run: [MediaSaver] => C:\Program Files\Adobe\Reader 11.0\Reader\unpack.exe [0 2014-12-03] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.)
HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\Run: [DatabaseChecker] => F:\porn.exe
HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\MountPoints2: {adab019a-ffcd-11e4-b7ab-446d5706e981} - E:\Launcher.exe
HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\MountPoints2: {cca8948f-ffcb-11e4-9166-446d5706e981} - E:\Launcher.exe
Startup: C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-03-08] ()
Startup: C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-03-08] ()
Startup: C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-03-08] ()
InternetURL: C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/10zf66Y
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3127199040-5407237-1098880100-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3127199040-5407237-1098880100-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-30] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 146.102.41.11 146.102.41.12
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Adinka\AppData\Roaming\Mozilla\Firefox\Profiles\d6710sxz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-02] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2015-01-02] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-08]
FF HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 27-319&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 27-319&t=4"
CHR Profile: C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Avast Online Security) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Adinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-21] (Avast Software)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-21] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-21] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-21] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-21] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-21] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-21] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-21] (Avast Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XICTAMDM; system32\DRIVERS\XICTAMDM.sys [X]
S3 XICTANmea; system32\DRIVERS\XICTANmea.sys [X]
S3 XICTAVSP; system32\DRIVERS\XICTAVSP.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 11:36 - 2015-05-22 11:37 - 00017406 _____ () C:\Users\Adinka\Desktop\FRST.txt
2015-05-22 11:36 - 2015-05-22 11:36 - 00000000 ____D () C:\FRST
2015-05-22 11:35 - 2015-05-22 11:35 - 00112640 _____ (forum.viry.cz) C:\Users\Adinka\Downloads\FRSTLauncher.exe
2015-05-22 11:35 - 2015-05-22 11:35 - 00112640 _____ (forum.viry.cz) C:\Users\Adinka\Desktop\FRSTLauncher.exe
2015-05-22 11:22 - 2015-05-22 11:22 - 00000400 _____ () C:\Windows\Tasks\Opera scheduled Autoupdate 1423930740.job
2015-05-22 11:16 - 2015-05-22 11:16 - 01147392 _____ (Farbar) C:\Users\Adinka\Desktop\FRST.exe
2015-05-22 11:11 - 2015-05-22 11:11 - 00046567 _____ () C:\Users\Adinka\Desktop\infekce.rar
2015-05-22 11:09 - 2015-05-22 11:19 - 00018944 ___SH () C:\Users\Adinka\AppData\Thumbs.db
2015-05-22 11:09 - 2015-05-22 11:09 - 00018944 ___SH () C:\Users\Adinka\AppData\Roaming\Thumbs.db
2015-05-22 11:09 - 2015-05-22 11:09 - 00018432 ___SH () C:\Users\Adinka\Thumbs.db
2015-05-22 11:01 - 2015-05-22 11:10 - 00000000 ____D () C:\Users\Adinka\Desktop\infekce
2015-05-21 17:43 - 2015-05-21 17:43 - 00038302 _____ () C:\Windows\system32\XICTAuninst_20150521.log
2015-05-21 17:43 - 2015-05-21 17:43 - 00000961 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-21 17:43 - 2015-05-21 17:43 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-21 17:42 - 2015-05-21 17:42 - 06484352 _____ (Piriform Ltd) C:\Users\Adinka\Desktop\ccsetup505.exe
2015-05-21 17:41 - 2015-05-21 17:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-21 17:41 - 2015-05-21 17:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-05-21 17:39 - 2015-05-21 17:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-21 17:39 - 2015-05-21 17:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-21 17:22 - 2015-05-21 17:23 - 00070571 _____ () C:\Windows\system32\XICTAsetup_20150521.log
2015-05-21 17:18 - 2015-05-21 17:33 - 00000000 ____D () C:\Program Files\trend micro
2015-05-21 17:18 - 2015-05-21 17:18 - 00000000 ____D () C:\rsit
2015-05-21 17:17 - 2015-05-21 17:33 - 01107968 _____ () C:\Users\Adinka\Desktop\RSIT.exe
2015-05-21 17:09 - 2015-05-21 17:11 - 00000000 ____D () C:\AdwCleaner
2015-05-21 17:08 - 2015-05-21 17:06 - 02209792 _____ () C:\Users\Adinka\Desktop\adwcleaner_4.205.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 11:22 - 2015-02-14 18:17 - 00000000 ____D () C:\Program Files\Opera
2015-05-22 11:09 - 2015-01-02 12:06 - 00000000 ____D () C:\Users\Adinka
2015-05-22 10:56 - 2010-11-20 23:01 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 17:53 - 2009-07-14 06:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 17:53 - 2009-07-14 06:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 17:52 - 2015-01-24 22:03 - 00000000 ____D () C:\Program Files\Java
2015-05-21 17:50 - 2015-01-04 13:30 - 00000000 ____D () C:\Users\Adinka\AppData\Roaming\Skype
2015-05-21 17:46 - 2015-01-02 12:23 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 17:46 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 17:46 - 2009-07-14 06:39 - 00039184 _____ () C:\Windows\setupact.log
2015-05-21 17:45 - 2015-03-08 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-21 17:45 - 2010-11-20 23:48 - 00097244 _____ () C:\Windows\PFRO.log
2015-05-21 17:42 - 2015-04-11 11:36 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-05-21 17:42 - 2015-04-11 11:36 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-05-21 17:42 - 2015-04-11 11:36 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-05-21 17:42 - 2015-04-11 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-21 17:42 - 2015-01-02 12:23 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 17:39 - 2015-03-08 15:47 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-21 17:39 - 2015-03-08 15:47 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-21 17:39 - 2015-03-08 15:46 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-21 17:33 - 2015-02-16 21:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-21 16:42 - 2015-02-14 18:17 - 00000292 _____ () C:\Windows\Tasks\Foxtab.job

==================== Files in the root of some directories =======

2015-03-07 07:54 - 2015-03-07 07:54 - 0008706 _____ () C:\Users\Adinka\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-07 07:54 - 2015-03-07 07:54 - 0045831 _____ () C:\Users\Adinka\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-07 07:54 - 2015-03-07 07:54 - 0004296 _____ () C:\Users\Adinka\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-07 07:54 - 2015-03-07 07:54 - 0000304 _____ () C:\Users\Adinka\AppData\Roaming\HELP_DECRYPT.URL
2015-05-22 11:09 - 2015-05-22 11:09 - 0018944 ___SH () C:\Users\Adinka\AppData\Roaming\Thumbs.db
2015-02-14 19:17 - 2015-02-17 01:17 - 0000061 _____ () C:\Users\Adinka\AppData\Roaming\WB.CFG
2015-03-07 07:53 - 2015-03-07 07:53 - 0008706 _____ () C:\Users\Adinka\AppData\Local\HELP_DECRYPT.HTML
2015-03-07 07:53 - 2015-03-07 07:53 - 0045831 _____ () C:\Users\Adinka\AppData\Local\HELP_DECRYPT.PNG
2015-03-07 07:53 - 2015-03-07 07:53 - 0004296 _____ () C:\Users\Adinka\AppData\Local\HELP_DECRYPT.TXT
2015-03-07 07:53 - 2015-03-07 07:53 - 0000304 _____ () C:\Users\Adinka\AppData\Local\HELP_DECRYPT.URL
2015-03-07 07:53 - 2015-03-07 07:53 - 0008706 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-07 07:53 - 2015-03-07 07:53 - 0045831 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-07 07:53 - 2015-03-07 07:53 - 0004296 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-07 07:53 - 2015-03-07 07:53 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL

Some files in TEMP:
====================
C:\Users\Adinka\AppData\Local\Temp\cct.dll
C:\Users\Adinka\AppData\Local\Temp\CloudBackup9661.exe
C:\Users\Adinka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpienirs.dll
C:\Users\Adinka\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Adinka\AppData\Local\Temp\JavaIC.dll
C:\Users\Adinka\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Adinka\AppData\Local\Temp\jucheck.exe
C:\Users\Adinka\AppData\Local\Temp\msscct32.dll
C:\Users\Adinka\AppData\Local\Temp\Quarantine.exe
C:\Users\Adinka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Adinka\AppData\Local\Temp\sqlite3.dll
C:\Users\Adinka\AppData\Local\Temp\vcredist_x86.exe

Some zero byte size files/folders:
==========================
C:\Windows\jucheck.exe
C:\Windows\winlogon.exe
C:\Windows\wisptis.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 23:29] - [2010-11-20 23:29] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-06 08:59

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:156.75 GB) NTFS

Available physical RAM: 1183.79 MB
Total physical RAM: 2868.36 MB
Percentage of memory in use: 58%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0005EFF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Foxtab.job => C:\Users\Adinka\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1423930740.job => C:\Program Files\Opera\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Adinka\Desktop" je 227395 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

melo15 · #6 Příspěvek od **melo15** » 22 kvě 2015 10:40

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by Adinka at 2015-05-22 11:37:45
Running from C:\Users\Adinka\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Adinka (S-1-5-21-3127199040-5407237-1098880100-1000 - Administrator - Enabled) => C:\Users\Adinka
Administrator (S-1-5-21-3127199040-5407237-1098880100-500 - Administrator - Disabled)
Guest (S-1-5-21-3127199040-5407237-1098880100-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3127199040-5407237-1098880100-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Dropbox (HKU\S-1-5-21-3127199040-5407237-1098880100-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
Foxtab (HKLM\...\Foxtab) (Version: - Foxtab) <==== ATTENTION
Google Drive (HKLM\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Spoločnosť Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 36.0.1 (x86 cs)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nero 7 Lite 7.7.5.1 (HKLM\...\Nero7Lite_is1) (Version: 7.7.5.1 - Updatepack.nl)
Opera Stable 29.0.1795.60 (HKLM\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3127199040-5407237-1098880100-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adinka\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-01-02 12:33 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087F0710-DCF2-485E-BFB3-02E54CFF92A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {70A6C0EF-FBCB-474B-8FB9-6D3EAFAA670C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {A422B5FF-D148-4AB4-B236-FB787342B489} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {A967963F-8694-4A7B-8F6C-9B00EA61BF0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-21] (Avast Software s.r.o.)
Task: {BE6FFC97-F336-457D-99CC-B92E716D5C3C} - System32\Tasks\Opera scheduled Autoupdate 1423930740 => C:\Program Files\Opera\launcher.exe [2015-05-18] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Foxtab.job => C:\Users\Adinka\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1423930740.job => C:\Program Files\Opera\launcher.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-08 18:33 - 2015-04-08 18:32 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.51\opera_crashreporter.exe
2015-04-08 18:33 - 2015-04-08 18:32 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.51\pdf.dll
2015-01-02 20:12 - 2015-01-02 20:12 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3127199040-5407237-1098880100-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adinka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 146.102.41.11 - 146.102.41.12

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{758BE42E-6EA9-4B9A-8924-DB368992776F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{52E9B375-35E9-44FE-A63B-C626A7F213DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DC6D65A-54BF-47CC-9768-324BBF28653A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6361A94F-E4D6-42CC-A84D-47F44B736024}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE606165-F059-4BEC-9BCD-34BA20D8DCD9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{21B2DAAC-E871-4D67-97F5-38EFE9A6FF89}] => (Allow) C:\Program Files\MyPC Backup\winlogon.exe
FirewallRules: [{C0B8540C-D6F2-4309-865D-F5EB3802F7C8}] => (Allow) C:\Program Files\MyPC Backup\winlogon.exe
FirewallRules: [{ACD26747-E123-4C84-A1AB-12D30BBE0222}] => (Allow) LPort=80
FirewallRules: [{DFE845D5-63DA-4C77-BE40-03C95F85803C}] => (Allow) LPort=53
FirewallRules: [{B73F6CE8-47D9-4317-B206-7FFC0260442C}] => (Allow) C:\Users\Adinka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9568C525-5ADC-4E24-A017-AEB37E79A8EE}] => (Allow) C:\Users\Adinka\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB0CA10B-0F9A-4EEA-A01A-173662EFA7B3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D760E59-AFE6-4FAA-BD3A-178947341108}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D475F43D-4A2F-4485-8B91-C0D82C1A0D3A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 10:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/22/2015 10:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/22/2015 10:55:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office Professional Plus 2010; Chyba = 0x8007043c).

Error: (05/22/2015 10:55:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office Professional Plus 2010; Chyba = 0x8007043c).

Error: (05/22/2015 10:55:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 10:53:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivácia licencie systému Windows zlyhala. Chyba: 0x00000000.

Error: (05/22/2015 10:53:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (05/21/2015 06:05:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office Professional Plus 2010; Chyba = 0x8007043c).

Error: (05/21/2015 06:05:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office Professional Plus 2010; Chyba = 0x8007043c).

Error: (05/21/2015 05:59:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Popis = Configured Microsoft Office Professional Plus 2010; Chyba = 0x8007043c).

System errors:
=============
Error: (05/22/2015 10:55:50 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (05/22/2015 10:53:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/22/2015 10:53:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/22/2015 10:53:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/22/2015 10:53:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athihvs.dll
Kód chyby: 21

Error: (05/22/2015 10:53:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/22/2015 10:53:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6

Error: (05/21/2015 06:05:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (05/21/2015 05:54:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Network Location Awareness, od ktorej závisí služba Network List Service, zlyhalo kvôli nasledujúcej chybe:
%%1068

Error: (05/21/2015 05:54:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Network Location Awareness, od ktorej závisí služba Network List Service, zlyhalo kvôli nasledujúcej chybe:
%%1068

Microsoft Office:
=========================
Error: (05/22/2015 10:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (05/22/2015 10:56:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (05/22/2015 10:55:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (05/22/2015 10:55:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (05/22/2015 10:55:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 10:53:33 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (05/22/2015 10:53:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x800401F9

Error: (05/21/2015 06:05:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (05/21/2015 06:05:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (05/21/2015 05:59:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 58%
Total physical RAM: 2868.36 MB
Available physical RAM: 1183.79 MB
Total Pagefile: 5732.95 MB
Available Pagefile: 3990.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:156.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0005EFF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

VIRY.CZ

Zasekaný PC [pro altrok]

Zasekaný PC [pro altrok]

Re: Zasekaný PC [pro altrok]

Re: Zasekaný PC [pro altrok]

Re: Zasekaný PC [pro altrok]

Re: Zasekaný PC [pro altrok]

Re: Zasekaný PC [pro altrok]