Utoky na moje PC prosim pomoc

[altrok]

Pocitac poradne prohledneme


Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• aktualizujte virovou databazi klikem na Update a pokracujte na Next
• vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 20 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

[L4k0]

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.06.26.02
rootkit: v2016.05.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Lako100 :: LAKO100-PC [administrator]

26. 6. 2016 9:16:54
mbar-log-2016-06-26 (09-16-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272000
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[altrok]

Doinstalujte chybejici dulezite aktualizace operacniho systemu - start -> windows update -> vyhledat aktualizace. Ty dulezite doinstalujte, pozor at si omylem nenainstalujete Win10.

Nabootujte do nouzoveho rezimu a vytvorte logy pomoci FRST v nouzovem rezimu (FRST.txt i Addition.txt).

[L4k0]

Nejde update stale vyhladava ale nenajde nič nechal som to 30+min a stále nič....A potom mám dať nudzovy rezim z internetom ?

[altrok]

Ano, s internetem.

[L4k0]

Bol v núdzovom s internetom poslaní bol v normálnom režime,niesu tam update lebo to nechce ísť...
Dal som ten Minidump do raru moja chyba neotvoril som Winrar ako správca.

Kód: Vybrat vše

http://leteckaposta.cz/921754185

Kód: Vybrat vše

http://leteckaposta.cz/895048560

Mne príde ako keby ty hackeri vytvoria BSOD.

Kód: Vybrat vše

http://leteckaposta.cz/992824143

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 01
Ran by Lako100 (2016-06-26 16:50:48)
Running from C:\Users\Lako100\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2016-06-25 16:32:42)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2683702932-4166246277-530691839-500 - Administrator - Disabled)
Guest (S-1-5-21-2683702932-4166246277-530691839-501 - Limited - Disabled)
Lako100 (S-1-5-21-2683702932-4166246277-530691839-1000 - Administrator - Enabled) => C:\Users\Lako100

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
COMODO Firewall (HKLM\...\{37AD632E-994D-4944-B57D-A80852BCB96D}) (Version: 8.4.0.5068 - COMODO Security Solutions Inc.)
GeekBuddy (HKLM\...\{4CDCBF2D-8EF8-41C1-9438-B53E4007BF9C}) (Version: 4.27.174 - Comodo Security Solutions Inc)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Opera Stable 38.0.2220.31 (HKU\S-1-5-21-2683702932-4166246277-530691839-1000\...\Opera 38.0.2220.31) (Version: 38.0.2220.31 - Opera Software)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.31 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {577CE1A8-6302-4CFA-9C8A-F6B54D810964} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-15] (COMODO)
Task: {64AFA65E-017F-414B-91E7-B884A6C61564} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-25] (AVAST Software)
Task: {C1563EF0-55E1-4295-AC63-87294B742914} - System32\Tasks\Opera scheduled Autoupdate 1466877204 => C:\Users\Lako100\AppData\Local\Programs\Opera\launcher.exe [2016-06-25] (Opera Software)
Task: {C4049150-6919-4DCA-91BD-DA46B34C5BBE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-15] (COMODO)
Task: {D8344CCE-4BA6-4BAE-9620-4D64B39E5E25} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-25] (AVAST Software)
Task: {F65AC88E-9272-48F3-8117-CA4D8A2CEBA0} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-06-15] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\amdgfxinfo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdlvr64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdmantle64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdmmcl6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdocl12cl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdpcom64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amdvlk64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aswBoot.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalcl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticaldd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticalrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidemgy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atidxx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieah64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atieclxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiesrxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimpc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atimuixx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atio6axx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atitmm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiumd6a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\coinst_16.15.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DelayAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\detoured.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dgtrayicon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GameManager64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hsa-thunk64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mantle64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mantleaxl64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-3-1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdgfxinfo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdlvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdmantle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdmmcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\amdocl12cl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdpcom32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amdvlk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiadlxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalcl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticaldd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticalrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atidxx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atieah32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atimpc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiumdva.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\detoured.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GameManager32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hsa-thunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mantle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mantleaxl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-3-1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\aswHwid.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswMonFlt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswRdr2.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswRvrt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswSnx.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswSP.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswStm.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\aswVmm.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AtihdW76.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmdag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Lako100\Desktop\adwcleaner_5.200.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Lako100\Desktop\adwcleaner_5.200.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Lako100\Desktop\FRST64.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Lako100\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Lako100\Desktop\mbar-1.09.3.1001.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Lako100\Desktop\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Lako100\Downloads\Veci.rar:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2683702932-4166246277-530691839-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lako100\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.26.56.26 - 8.20.247.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-06-2016 18:52:36 Installing COMODO Firewall
25-06-2016 18:53:06 Inštalácia balíka ovládačov zariadenia: COMODO Sieťová služba
25-06-2016 20:11:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
25-06-2016 20:11:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
25-06-2016 20:13:44 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
26-06-2016 10:53:05 Re-Loader by R@1n
26-06-2016 11:54:14 Windows Update

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2016 03:36:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 03:36:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 03:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2016 02:05:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 02:05:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 02:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2016 11:58:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 11:58:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/26/2016 11:52:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2016 10:50:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/26/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
%%1068 = Závislú službu alebo skupinu sa nepodarilo spustiť.


Error: (06/26/2016 04:50:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2016-06-26 15:31:57.437
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 15:31:57.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 15:31:52.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 15:31:52.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 14:01:14.549
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 14:01:14.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 14:01:12.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 14:01:11.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 11:51:45.549
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-26 11:51:45.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 8%
Total physical RAM: 8191.11 MB
Available physical RAM: 7506.94 MB
Total Virtual: 16380.43 MB
Available Virtual: 15704.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:86.99 GB) NTFS
Drive d: () (Fixed) (Total:348.47 GB) (Free:348.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4D154D14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 01
Ran by Lako100 (administrator) on LAKO100-PC (26-06-2016 16:50:22)
Running from C:\Users\Lako100\Desktop
Loaded Profiles: Lako100 (Available Profiles: Lako100)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-06-15] (COMODO)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-06-25] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-06-25] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2016-06-25]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.26.56.26 8.20.247.20
Tcpip\..\Interfaces\{604E8B16-0816-4D5C-8AE4-38FA007E48EF}: [DhcpNameServer] 8.26.56.26 8.20.247.20

Internet Explorer:
==================
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-25] (AVAST Software)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-25] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-25]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Lako100\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-06-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-25] (AVAST Software)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-06-25] (Comodo Security Solutions, Inc.)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817712 2016-06-15] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-06-15] (COMODO)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-06-25] (Comodo Security Solutions, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-25] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-06-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-25] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-25] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-06-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-06-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-06-25] (AVAST Software)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-12-25] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-06-15] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829600 2016-06-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-06-15] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-06-15] (COMODO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 16:50 - 2016-06-26 16:50 - 00007742 _____ C:\Users\Lako100\Desktop\FRST.txt
2016-06-26 16:48 - 2016-06-26 16:48 - 02388992 _____ (Farbar) C:\Users\Lako100\Desktop\FRST64.exe
2016-06-26 16:48 - 2016-06-26 16:48 - 00000000 ____D C:\Windows\pss
2016-06-26 14:18 - 2016-06-26 14:18 - 00000013 _____ C:\Users\Lako100\Desktop\Nový textový dokument.txt
2016-06-26 11:54 - 2016-06-26 11:54 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-26 11:54 - 2016-06-26 11:54 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-26 11:54 - 2016-06-26 11:54 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-26 11:54 - 2016-06-26 11:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-26 10:47 - 2016-06-26 10:47 - 00000000 ____D C:\Users\Lako100\AppData\Local\mpress
2016-06-26 09:16 - 2016-06-26 09:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-26 09:16 - 2016-06-26 09:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-26 09:16 - 2016-06-26 09:16 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-26 09:16 - 2016-06-26 09:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-26 09:15 - 2016-06-26 09:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lako100\Desktop\mbar-1.09.3.1001.exe
2016-06-26 09:06 - 2016-06-26 09:06 - 00000000 ____D C:\AdwCleaner
2016-06-26 09:05 - 2016-06-26 09:05 - 03703360 _____ C:\Users\Lako100\Desktop\adwcleaner_5.200.exe
2016-06-26 08:09 - 2016-06-26 11:53 - 00000000 ____D C:\Program Files (x86)\NirSoft
2016-06-26 07:19 - 2016-06-26 07:19 - 00275480 _____ C:\Users\Lako100\Desktop\062616-17674-01.dmp
2016-06-26 07:18 - 2016-06-26 08:51 - 00000000 ____D C:\Windows\Minidump
2016-06-26 07:18 - 2016-06-26 07:19 - 325827865 _____ C:\Windows\MEMORY.DMP
2016-06-26 07:18 - 2016-06-26 07:18 - 00275480 _____ C:\Users\Lako100\Desktop\062616-17472-01.dmp
2016-06-26 07:05 - 2016-06-26 16:50 - 00000000 ____D C:\FRST
2016-06-25 23:18 - 2016-06-25 23:18 - 00000000 ____D C:\Users\Lako100\AppData\Roaming\WinRAR
2016-06-25 23:08 - 2016-06-25 23:11 - 1223874743 _____ C:\Users\Lako100\Downloads\Veci.rar
2016-06-25 23:04 - 2016-06-25 23:04 - 00000991 _____ C:\Users\Lako100\Desktop\WinRAR.lnk
2016-06-25 23:04 - 2016-06-25 23:04 - 00000000 ____D C:\Users\Lako100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-25 23:04 - 2016-06-25 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-25 23:04 - 2016-06-25 23:04 - 00000000 ____D C:\Program Files\WinRAR
2016-06-25 22:17 - 2016-06-25 22:17 - 00000000 ____D C:\Users\Lako100\AppData\Local\CEF
2016-06-25 22:12 - 2016-06-25 22:12 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-06-25 22:12 - 2016-06-25 22:12 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-06-25 22:12 - 2016-06-25 22:12 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-25 22:12 - 2016-06-25 22:12 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-25 22:12 - 2016-06-25 22:12 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-25 22:12 - 2016-06-25 22:12 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-25 22:12 - 2016-06-25 22:12 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-06-25 22:12 - 2016-06-25 22:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-06-25 22:12 - 2016-06-25 22:12 - 00000000 ____D C:\Users\Lako100\AppData\Roaming\AVAST Software
2016-06-25 22:12 - 2016-06-25 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-06-25 22:12 - 2016-06-25 22:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-25 22:11 - 2016-06-25 22:11 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-25 22:09 - 2016-06-25 22:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-25 20:15 - 2016-06-25 20:15 - 00000000 ____D C:\Users\Lako100\AppData\Local\AMD
2016-06-25 20:14 - 2016-06-25 20:14 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-06-25 20:13 - 2016-06-25 20:13 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-25 20:13 - 2016-06-25 20:13 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-25 20:13 - 2016-06-25 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-06-25 20:13 - 2016-06-25 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-06-25 20:13 - 2016-06-25 20:13 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-25 20:13 - 2016-06-25 20:13 - 00000000 ____D C:\Program Files (x86)\AMD
2016-06-25 20:13 - 2016-02-16 01:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-25 20:13 - 2016-02-16 01:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-06-25 20:12 - 2016-06-25 20:12 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-06-25 20:11 - 2016-06-25 20:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-25 20:09 - 2016-06-25 20:09 - 00749586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-25 20:08 - 2016-06-25 20:13 - 00000000 ____D C:\Program Files\AMD
2016-06-25 19:53 - 2016-06-25 20:16 - 00001450 _____ C:\Users\Lako100\Desktop\Opera.lnk
2016-06-25 19:53 - 2016-06-25 19:53 - 00004098 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1466877204
2016-06-25 19:53 - 2016-06-25 19:53 - 00001239 _____ C:\Users\Lako100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-06-25 19:53 - 2016-06-25 19:53 - 00000000 ____D C:\Users\Lako100\AppData\Roaming\Opera Software
2016-06-25 19:53 - 2016-06-25 19:53 - 00000000 ____D C:\Users\Lako100\AppData\Local\Opera Software
2016-06-25 19:50 - 2016-06-25 19:51 - 00000000 ____D C:\Users\Lako100\AppData\Local\Deployment
2016-06-25 19:50 - 2016-06-25 19:50 - 00000000 ____D C:\Users\Lako100\AppData\Local\Apps\2.0
2016-06-25 19:27 - 2016-06-25 18:32 - 00000000 ____D C:\Windows\Panther
2016-06-25 18:53 - 2016-06-25 18:53 - 00732488 _____ C:\Windows\system32\perfh041.dat
2016-06-25 18:53 - 2016-06-25 18:53 - 00143082 _____ C:\Windows\system32\perfc041.dat
2016-06-25 18:53 - 2016-06-25 18:53 - 00057560 _____ C:\Users\Lako100\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-25 18:53 - 2016-06-25 18:53 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-06-25 18:53 - 2016-06-25 18:53 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-06-25 18:52 - 2016-06-25 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-06-25 18:52 - 2016-06-25 18:52 - 00000000 ____D C:\Program Files\COMODO
2016-06-25 18:51 - 2016-06-25 18:52 - 00000000 ____D C:\ProgramData\Comodo
2016-06-25 18:51 - 2016-06-25 18:51 - 00000000 ____D C:\ProgramData\Shared Space
2016-06-25 18:38 - 2016-06-25 22:22 - 00000000 ____D C:\ProgramData\Norton
2016-06-25 18:37 - 2016-06-25 18:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-06-25 18:35 - 2016-06-25 18:35 - 00024952 _____ C:\Windows\Ascd_tmp.ini
2016-06-25 18:35 - 2016-06-25 18:35 - 00001746 _____ C:\Windows\Language_trs.ini
2016-06-25 18:33 - 2016-06-25 18:33 - 00001443 _____ C:\Users\Lako100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-25 18:33 - 2016-06-25 18:33 - 00001409 _____ C:\Users\Lako100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-06-25 18:32 - 2016-06-25 18:33 - 00000000 ____D C:\Users\Lako100
2016-06-25 18:32 - 2016-06-25 18:32 - 00000020 ___SH C:\Users\Lako100\ntuser.ini
2016-06-25 18:32 - 2016-06-25 18:32 - 00000000 ____D C:\Users\Lako100\AppData\Local\VirtualStore
2016-06-25 18:29 - 2016-06-25 18:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-06-15 07:12 - 2016-06-15 07:12 - 00829600 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-06-15 07:12 - 2016-06-15 07:12 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-06-15 07:12 - 2016-06-15 07:12 - 00056472 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-06-15 07:12 - 2016-06-15 07:12 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-06-15 07:08 - 2016-06-15 07:08 - 00793104 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-06-15 07:08 - 2016-06-15 07:08 - 00626288 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-06-15 07:08 - 2016-06-15 07:08 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-06-15 07:04 - 2016-06-15 07:04 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-06-15 07:02 - 2016-06-15 07:02 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-06-15 06:58 - 2016-06-15 06:58 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-06-15 06:57 - 2016-06-15 06:57 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 15:39 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-26 15:39 - 2009-07-14 06:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-26 15:36 - 2009-07-14 07:13 - 00781544 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-26 15:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-26 15:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-25 20:13 - 2016-02-16 01:25 - 00045848 _____ C:\Windows\system32\vulkaninfo-1-1-0-3-1.exe
2016-06-25 20:13 - 2016-02-16 01:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-3-1.exe
2016-06-25 20:12 - 2016-03-21 16:45 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00110880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-06-25 20:12 - 2016-03-21 16:45 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-06-25 20:12 - 2016-03-21 16:44 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 11625272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 09583272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 01517360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 01245416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 00133528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-06-25 20:12 - 2016-03-21 16:43 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-06-25 20:12 - 2016-03-21 16:42 - 09526616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-06-25 20:12 - 2016-03-21 16:42 - 08843208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-06-25 20:12 - 2016-03-21 16:42 - 08585696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-06-25 20:12 - 2016-03-21 16:42 - 07392480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-06-25 20:12 - 2016-03-21 16:39 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-06-25 20:12 - 2016-03-21 16:36 - 26345472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-06-25 20:12 - 2016-03-21 16:29 - 06956032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-06-25 20:12 - 2016-03-21 16:27 - 40126976 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-06-25 20:12 - 2016-03-21 16:26 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-25 20:12 - 2016-03-21 16:26 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-25 20:12 - 2016-03-21 16:25 - 05420032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-06-25 20:12 - 2016-03-21 16:24 - 26887168 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-06-25 20:12 - 2016-03-21 16:24 - 21730304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-06-25 20:12 - 2016-03-21 16:02 - 00701440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-06-25 20:12 - 2016-03-21 16:02 - 00580096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-06-25 20:12 - 2016-03-21 16:01 - 30377984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-06-25 20:12 - 2016-03-21 16:01 - 06884864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-06-25 20:12 - 2016-03-21 16:01 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-06-25 20:12 - 2016-03-21 16:01 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-06-25 20:12 - 2016-03-21 15:59 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.15.dll
2016-06-25 20:12 - 2016-03-21 15:57 - 05398016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-06-25 20:12 - 2016-03-21 15:57 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-06-25 20:12 - 2016-03-21 15:57 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-06-25 20:12 - 2016-03-21 15:55 - 25069056 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-06-25 20:12 - 2016-03-21 15:54 - 00097280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00089600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-06-25 20:12 - 2016-03-21 15:54 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-06-25 20:12 - 2016-03-21 15:53 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-06-25 20:12 - 2016-03-21 15:53 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00564736 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-06-25 20:12 - 2016-03-21 15:49 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00251392 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-06-25 20:12 - 2016-03-21 15:49 - 00224256 _____ C:\Windows\system32\dgtrayicon.exe
2016-06-25 20:12 - 2016-03-21 15:49 - 00209920 _____ C:\Windows\system32\GameManager64.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00186368 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-06-25 20:12 - 2016-03-21 15:49 - 00162304 _____ C:\Windows\system32\atieah64.exe
2016-06-25 20:12 - 2016-03-21 15:49 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2016-06-25 20:12 - 2016-03-21 15:49 - 00078336 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-06-25 20:12 - 2016-03-21 15:46 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-06-25 20:12 - 2016-03-21 15:46 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 01276416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00944640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00944640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00676864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-06-25 20:12 - 2016-03-21 15:45 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-06-25 20:12 - 2016-03-21 15:45 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-06-25 20:12 - 2016-03-21 15:44 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2016-06-25 20:12 - 2016-03-21 15:44 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-06-25 20:12 - 2016-02-24 09:58 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-06-25 20:12 - 2016-02-24 09:57 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-06-25 20:12 - 2014-09-03 14:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-06-25 20:12 - 2014-09-03 14:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-06-25 20:12 - 2013-04-10 17:34 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-06-25 20:12 - 2013-04-10 17:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-06-25 20:06 - 2016-03-21 16:28 - 00235008 _____ C:\Windows\system32\clinfo.exe
2016-06-25 19:27 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-06-25 18:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-25 18:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-06-25 18:28 - 2009-07-14 06:45 - 00266264 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Lako100\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Lako100\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-25 18:28

==================== End of FRST.txt ============================

[altrok]

Je tento operacni system legalni?


Ulozte na plochu RogueKiller - http://www.bleepingcomputer.com/download/roguekiller/

• spustte jako spravce
• nahore prejdete na zalozku Scan
• vpravo dole kliknete na Start Scan (potrva az nekolik desitek minut)
• vlevo dole vyberte Open Report
• vpravo dole Export TXT
• report ulozte na plochu a jeho obsah vlozte do pristi odpovedi

[L4k0]

Dal som Remove Selected.
A naskočila táto stranka

Kód: Vybrat vše

http://www.adlice.com/pum-removal/

RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lako100 [Administrator]
Started from : C:\Users\Lako100\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/27/2016 19:34:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2683702932-4166246277-530691839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2683702932-4166246277-530691839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2683702932-4166246277-530691839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2683702932-4166246277-530691839-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5001AALS-00J7B1 ATA Device +++++
--- User ---
[MBR] 7cf5c8a5e000fee36f718b291cd3283e
[BSP] 1f6a8dfb95803633ca4ff7eb0228ee69 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 120000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 245966848 | Size: 356838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[altrok]

Remove jste davat nemusel, ale nicemu to nevadi. Stranka adlice.com je v poradku (tvurce RogueKillera). Je tento operacni system legalni?


Ulozte na plochu aswMBR - http://files.avast.com/files/rootkit-scanner/aswmbr.exe

• spustte jako spravce (v pripade XP obycejne dvojklikem)
• souhlaste s aktualizaci virove databaze Yes - bude se stahovat cca 215 MB a nasledne se chvili bude instalovat
• vse ponechte, jak je a kliknete na Scan - vezme cca 30 min
• kliknete na Save log a ulozte vysledek skenu - obsah tohoto logu vlozte do sve pristi odpovedi

[L4k0]

Z legalizáciou som si neni istý
Upadte som nenašiel ani nenaskočil je možné že používam AVAST Internet Security ?

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-06-27 20:11:02
-----------------------------
20:11:02.453 OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:02.453 Number of processors: 4 586 0x402
20:11:02.453 ComputerName: LAKO100-PC UserName: Lako100
20:11:03.447 Initialize success
20:11:03.447 VM: initialized successfully
20:11:03.447 VM: Amd CPU supported virtualized
20:11:11.280 AVAST engine defs: 16062700
20:11:32.850 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:11:32.850 Disk 0 Vendor: Size: 0MB BusType: 0
20:11:32.940 Disk 0 MBR read successfully
20:11:32.940 Disk 0 MBR scan
20:11:32.940 Disk 0 Windows 7 default MBR code
20:11:32.940 Disk 0 MBR hidden
20:11:32.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:11:32.950 Disk 0 Boot: NTFS code=1
20:11:32.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 120000 MB offset 206848
20:11:32.960 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 356838 MB offset 245966848
20:11:32.970 Disk 0 scanning C:\Windows\system32\drivers
20:11:36.320 Service scanning
20:11:45.723 Modules scanning
20:11:45.724 Disk 0 trace - called modules:
20:11:45.732 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:11:45.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a24060]
20:11:45.732 3 CLASSPNP.SYS[fffff8800166c43f] -> nt!IofCallDriver -> [0xfffffa8006b10520]
20:11:45.733 5 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006af7060]
20:11:46.143 AVAST engine scan C:\Windows
20:11:46.733 AVAST engine scan C:\Windows\system32
20:12:42.045 AVAST engine scan C:\Windows\system32\drivers
20:12:46.785 AVAST engine scan C:\Users\Lako100
20:13:18.629 AVAST engine scan C:\ProgramData
20:13:24.807 Disk 0 statistics 2824792/0/0 @ 24,00 MB/s
20:13:24.807 Scan finished successfully
20:13:39.377 Disk 0 MBR has been saved successfully to "C:\Users\Lako100\Desktop\MBR.dat"
20:13:39.393 The log file has been saved successfully to "C:\Users\Lako100\Desktop\aswMBR.txt"

[altrok]

Ano, je to mozne.

Otestujte na virustotal.com C:\Users\Lako100\Desktop\MBR.dat - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

V zadnem logu zadny malware nevidim. Dle logu modre smrti zacaly po nainstalovani Avastu (i screenshot v uvodnim prispevku oznacuje jako puvodce utoku Avast) - odinstalujte alespon docasne avast pomoci oficialniho odinstalatoru a pozorujte, zda modre smrti pretrvavaji https://www.avast.com/cs-cz/uninstall-utility

[L4k0]

DO PRILOHY PRIKLADAM LOG Z ROUGEKILLER JE V RARE NASLO NOVE A TIE CO SOM VYMAZAL SA BUD OBNOVILI ALEBO NEODSTRANILI
Tento link čo napíšem do leteckposta bol skenovaný z blokovanou všetkou komunikaciou na modeme je tam niečo že PUM DNS a niečo v opere

Kód: Vybrat vše

http://leteckaposta.cz/622547674

A čo tak log sken RSIT ? Ospravedlňujem sa za šírku screenshotu vopred...
Už my ide Update som to opravil tak dám tie aktualizácie zabezpečenia aj ostatné hned ako som ich dal napadli FRST64 rootkitom
Nemohli napadnúť AVAST ?A aký antivirus by si odporučil ?
Temp je teraz plnší...a ešte sa chcem spýtať čo je vírus T4 v PC?

Kód: Vybrat vše

https://www.virustotal.com/sk/file/dabd1309f98959fd3cc6cc2d0f06e3902198573206c6665a97dbd21a6e544229/analysis/1467084211/

Ešte som zabudol dodať že COMODO Firewall zablokoval.

Comodo Firewall : Zablokované prúniky. RAM 5.04GB zatáž z 8.00GB a nič som neinštaloval ani hry nemám iba to čo si posielal....



Comodo Firewall : Síťové prúniky:

[caRrrnifex.]

<<< omlouvám se altrokovi za vstup >>>

zdravím,

o žádného hackera se nejedná, používáte najednou více bezpečnostních programů se zapnutými rezidentními štíty, jeden antivir pak označuje chování druhého jako nebezpečnou aktivitu viz úvodní obrázek, kdy Avast skenuje síťové nastavení včetně výchozí brány (kontrola routeru) a produkt Symantecu označuje tento sken za "útok"

zvolte si jeden bezpečnostní balík a zbytek odinstalujte

[L4k0]

<<< omlouvám se altrokovi za vstup >>>

zdravím,

o žádného hackera se nejedná, používáte najednou více bezpečnostních programů se zapnutými rezidentními štíty, jeden antivir pak označuje chování druhého jako nebezpečnou aktivitu viz úvodní obrázek, kdy Avast skenuje síťové nastavení včetně výchozí brány (kontrola routeru) a produkt Symantecu označuje tento sken za "útok"

zvolte si jeden bezpečnostní balík a zbytek odinstalujte

Ja to mám to tak že používam COMODO Firewall a na sken vírusov používam AVAST Internet Security aký by si my odporučil ? chcem ten firewall ponechať ale niečo na sken alebo Kaspersky Antivírus ?
prosím pozri ešte tento screen.odvtedy čo to zachytáva som nema BSOD.

[caRrrnifex.]

Avast Internet Security i Comodo Internet Security, které teď používáte, jsou placené programy, to jste oba koupil nebo je zatím používáte ve zkušební době?

pokud nemáte nic koupeno, oba programy odinstalujte, nainstalujte si Avast Free Antivirus --> po spuštění instalace v úvodním okně zrušte dole zatržení u položky "Ano, nainstalovat Google Toolbar spolu s programem Avast" --> pokračujte kliknutím na možnost Přizpůsobit (v horní části okna) --> v seznamu komponent nechte zatržené pouze první dvě: Souborový štít a Webový štít, zrušte zaškrnutí u všech ostatních položek --> kliknutím na tl. Instalovat zahájíte instalaci

jako firewall si nainstalujte Comodo Free Firewall

pozn. tím že neustále měníte antivirové programy v průběhu řešení problému, altrokovi jen ztěžujete práci