RUDY! - Kontrola logu určite tam niečo je...

Zpráva

Lako101 · #1 Příspěvek od **Lako101** » 02 črc 2016 13:28

Zdravím ťa prosím o pozretie logu norton internet security 2016 detekoval niečo v D:/2a7638ff4ebf9aed1decdf/Setup.exe a omnoho viac a hned po preisntalci bol pridany 127.0.0.0/255.0.0.0 IP
Rudy ak ti niekto bude písať že nech môj log neriešíš tak su to ty hackeri....
Obrázek

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by L4k0 (administrator) on L4K0-PC (02-07-2016 14:10:13)
Running from C:\Users\L4k0\Desktop
Loaded Profiles: L4k0 (Available Profiles: L4k0)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Tray Informer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2015-04-10] (Softros Systems, inc.)
HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2015-04-10] (Softros Systems, inc.)
Startup: C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Norton Internet Security.lnk [2016-07-02]
ShortcutTarget: Norton Internet Security.lnk -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.0.0.100\uiStub.exe (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 4.2.2.1 4.2.2.2
Tcpip\..\Interfaces\{021C0871-D141-4C07-8E02-BDC2CE799FB0}: [DhcpNameServer] 4.2.2.1 4.2.2.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\coIEPlg.dll [2013-08-15] (Symantec Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\IPS\IPSBHO.DLL [2013-08-06] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\coIEPlg.dll [2013-08-15] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn [2016-07-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2016-07-02] [not signed]

Chrome:
=======
CHR Profile: C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Hľadať v Google) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-02]
CHR Extension: (Norton Identity Protection) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-07-02]
CHR Extension: (Gmail) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\Exts\Chrome.crx [2016-07-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe [275696 2013-08-16] (Symantec Corporation)
R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2219344 2015-04-10] (Softros Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [1525336 2013-08-13] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1500000.064\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-07-02] (Symantec Corporation)
U3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-07-02] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20130805.011\IDSVia64.sys [520280 2013-08-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20160701.036\ENG64.SYS [138456 2016-07-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20160701.036\EX64.SYS [2148056 2016-07-02] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSP64.SYS [854616 2013-07-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1500000.064\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1500000.064\SYMEFA64.SYS [1147480 2013-08-05] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2016-07-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1500000.064\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1500000.064\SYMNETS.SYS [590424 2013-07-31] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 14:10 - 2016-07-02 14:10 - 00010913 _____ C:\Users\L4k0\Desktop\FRST.txt
2016-07-02 14:10 - 2016-07-02 14:10 - 00000000 ____D C:\FRST
2016-07-02 14:09 - 2016-07-02 14:09 - 02390016 _____ (Farbar) C:\Users\L4k0\Desktop\FRST64.exe
2016-07-02 14:07 - 2016-07-02 14:07 - 00001296 _____ C:\Users\L4k0\Desktop\fgdf.txt
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Blocker
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Program Files\Softros Systems
2016-07-02 13:52 - 2016-07-02 13:52 - 00000000 ____D C:\Users\L4k0\AppData\Local\AMD
2016-07-02 13:51 - 2016-07-02 13:51 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-02 13:50 - 2016-02-16 01:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-02 13:50 - 2016-02-16 01:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-07-02 13:50 - 2016-02-16 01:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-02 13:50 - 2016-02-16 01:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-02 13:49 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-02 13:49 - 2016-07-02 13:49 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-07-02 13:47 - 2016-07-02 13:47 - 00749404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-02 13:45 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files\AMD
2016-07-02 13:43 - 2016-07-02 13:43 - 00000043 _____ C:\Users\L4k0\Desktop\Nový textový dokument.txt
2016-07-02 13:13 - 2016-07-02 12:19 - 00000000 ____D C:\Windows\Panther
2016-07-02 13:10 - 2016-07-02 13:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-02 13:10 - 2016-07-02 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-07-02 13:09 - 2016-07-02 13:52 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 13:09 - 2016-07-02 13:14 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 13:09 - 2016-07-02 13:10 - 00000000 ____D C:\Users\L4k0\AppData\Local\Google
2016-07-02 13:09 - 2016-07-02 13:09 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-02 13:09 - 2016-07-02 13:09 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-02 13:09 - 2016-07-02 13:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-02 12:34 - 2016-07-02 12:34 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-07-02 12:30 - 2016-07-02 12:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-07-02 12:30 - 2016-07-02 12:30 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-07-02 12:30 - 2016-07-02 12:30 - 00003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-07-02 12:30 - 2016-07-02 12:30 - 00002584 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-07-02 12:30 - 2016-07-02 12:30 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-07-02 12:29 - 2016-07-02 12:31 - 00000000 ____D C:\ProgramData\Norton
2016-07-02 12:29 - 2016-07-02 12:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-07-02 12:21 - 2016-07-02 12:21 - 00057560 _____ C:\Users\L4k0\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-02 12:19 - 2016-07-02 12:19 - 00000020 ___SH C:\Users\L4k0\ntuser.ini
2016-07-02 12:19 - 2016-07-02 12:19 - 00000000 ____D C:\Users\L4k0\AppData\Local\VirtualStore
2016-07-02 12:19 - 2016-07-02 12:19 - 00000000 ____D C:\Users\L4k0
2016-07-02 12:19 - 2010-11-21 17:10 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Media Center Programs
2016-07-02 12:17 - 2016-07-02 12:17 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-02 12:17 - 2016-07-02 12:17 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-02 12:15 - 2016-07-02 12:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 13:56 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-02 13:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-02 13:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-02 13:51 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-02 13:51 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-02 13:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-02 13:12 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-07-02 13:03 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-02 13:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-02 12:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-02 12:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-02 12:14 - 2009-07-14 06:45 - 00274736 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\L4k0\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\L4k0\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\L4k0\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-02 12:14

==================== End of FRST.txt ============================

AUDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by L4k0 (2016-07-02 14:10:36)
Running from C:\Users\L4k0\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-02 10:19:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3446584074-721549401-2035689353-500 - Administrator - Disabled)
Guest (S-1-5-21-3446584074-721549401-2035689353-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3446584074-721549401-2035689353-1002 - Limited - Enabled)
L4k0 (S-1-5-21-3446584074-721549401-2035689353-1000 - Administrator - Enabled) => C:\Users\L4k0

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.40 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.0.0.100 - Symantec Corporation)
Process Blocker 1.0.13.0 (HKLM\...\{FEC52075-E418-400D-A25C-AE7F366A9C2C}) (Version: 1.0.13.0 - Softros Systems, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A850C4-4ADA-4A3C-9145-5B8213738C5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {5485C6C0-51BD-4027-96A7-DA06610F16D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe [2013-08-16] (Symantec Corporation)
Task: {CAD44A45-277A-4837-8D1D-F53384034BE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {D47083C6-EABB-4BF4-8F17-5F9273BA4842} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {DB8507D6-FDD7-4F27-8018-5E24C6C05222} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 00598480 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\libglesv2.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 00124368 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\libegl.dll
2016-07-02 13:10 - 2013-03-20 08:04 - 04050896 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\pdf.dll
2016-07-02 13:10 - 2013-03-20 08:04 - 00390096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ppGoogleNaClPluginChrome.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 01606096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ffmpegsumo.dll
2016-07-02 13:10 - 2013-03-20 08:04 - 12662224 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3446584074-721549401-2035689353-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.2.2.1 - 4.2.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC2EF894-D26C-4A10-B57E-6EF57F7A9036}] => (Allow) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe

==================== Restore Points =========================

02-07-2016 13:03:10 Inštalátor modulov systému Windows
02-07-2016 13:48:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
02-07-2016 13:49:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
02-07-2016 13:50:40 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
02-07-2016 14:00:37 Installed Process Blocker 1.0.13.0

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2016 01:56:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:56:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:53:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:53:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2016 01:50:34 PM) (Source: MsiInstaller) (EventID: 11904) (User: L4k0-PC)
Description: Product: AMD Drag and Drop Transcoding -- Error 1904.Module C:\Program Files (x86)\Common Files\ATI Technologies\Multimedia\AMDMFTVideoDecoder_32.dll failed to register. HRESULT -2147024770. Contact your support personnel.

Error: (07/02/2016 01:49:22 PM) (Source: MsiInstaller) (EventID: 11723) (User: L4k0-PC)
Description: Product: AMD Install Manager -- Error 1723.There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action SetInstallDir, entry: SetInstallDir, library: C:\Windows\Installer\MSI3110.tmp

Error: (07/02/2016 01:47:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: L4k0-PC)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:47:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: L4k0-PC)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 01:47:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: L4k0-PC)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

System errors:
=============

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 27%
Total physical RAM: 8191.11 MB
Available physical RAM: 5940.08 MB
Total Virtual: 16380.43 MB
Available Virtual: 13758.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:91.91 GB) NTFS
Drive d: () (Fixed) (Total:348.47 GB) (Free:348.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4D154D14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2 Příspěvek od **Rudy** » 02 črc 2016 16:50

Zdravím!
Proč zakládáte duplicitní účet? Toto: http://forum.viry.cz/memberlist.php?mod ... le&u=59665 jste také vy. Čtete vůbec pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod 10)?

Lako101 · #3 Příspěvek od **Lako101** » 02 črc 2016 16:56

Hackeri my ho ukradli...musel som preinštalovať aj windows a zase sú v PC

#4 Příspěvek od **Rudy** » 02 črc 2016 17:50

Já si zase myslím, že jste paranoidní. Použijte váš původní nick a heslo a přihlaste se. Tento profil bude zrušen, neboť váš profil (L4k0) je plně funkční.

#5 Příspěvek od **Pavuk29** » 02 črc 2016 20:16

Lako101 píše:Hackeri my ho ukradli...musel som preinštalovať aj windows a zase sú v PC

mám dojem, že niekomu asi prší do veže.

Lako101 · #6 Příspěvek od **Lako101** » 03 črc 2016 09:38

Nechápeťe že zmenili heslo ? na tom učte vymaž ten L4k0 účet aj Email budeme tu riešiť log alebo budeme sa hadať že som paranoidni heslo je zmenene na 100% aj na emaile...

Ja to asi nebudem!
Obrázek

#7 Příspěvek od **Rudy** » 03 črc 2016 10:02

Mám možnost si přístup vyzkoušet, a ten funguje. Heslo se sice nedovím, ale chcete-li, mohu vám ho změnit a oznámit mailem. To že vás napadli hackeři je pouze vaše pohádka, na kterou nevěřím. Dosud se nestalo, aby někdo zcela cizí změnil na tomto fóru uživateli heslo. Profil Lako101 ještě dnes deaktivuji. Navíc to blokování je OK, program dělá, co má.

Lako101 · #8 Příspěvek od **Lako101** » 03 črc 2016 10:22

V poriadku zmen heslo pošli my sukromnu spravu prosím ťa na tomto učet a potom ho zmaž lebo neviem aký bol email kedže neviem ani heslo

#9 Příspěvek od **Rudy** » 03 črc 2016 11:19

Máte v tom pěkný bordel, když ani nevíte z jakého mailu jste se registroval. V SZ budete mít všechny údaje. Jinak jsem myslel, že mi napíšete na můj mail (mám ho v podpisu) žádost o změnu hesla.

L4k0 · #10 Příspěvek od **L4k0** » 03 črc 2016 11:32

Dam novy log do novej temy tuto zmaž vyčistil som trochu pc

#11 Příspěvek od **Rudy** » 03 črc 2016 15:55

Pokračujte zde, prosím.

L4k0 · #12 Příspěvek od **L4k0** » 03 črc 2016 16:21

Riadťe sa podla tohoto nového logu prosím...

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by L4k0 (administrator) on L4K0-PC (03-07-2016 17:17:27)
Running from C:\Users\L4k0\Desktop
Loaded Profiles: L4k0 (Available Profiles: L4k0)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Tray Informer.exe
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Henry++) C:\Program Files\Mem Reduct\memreduct64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
() C:\Users\L4k0\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2015-04-10] (Softros Systems, inc.)
HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2015-04-10] (Softros Systems, inc.)
Startup: C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mem Reduct.lnk [2016-07-02]
ShortcutTarget: Mem Reduct.lnk -> C:\Program Files\Mem Reduct\memreduct64.exe (Henry++)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 199.85.126.10 199.85.127.10
Tcpip\..\Interfaces\{021C0871-D141-4C07-8E02-BDC2CE799FB0}: [DhcpNameServer] 199.85.126.10 199.85.127.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2016-07-03] [not signed]

Chrome:
=======
CHR Profile: C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Hľadať v Google) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-07-03]
CHR Extension: (Gmail) - C:\Users\L4k0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2016-07-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2016-07-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2219344 2015-04-10] (Softros Systems, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-07-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-07-02] (Symantec Corporation)
U3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-07-02] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20160701.001\IDSvia64.sys [876248 2016-07-01] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20160702.006\ENG64.SYS [138456 2016-07-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20160702.006\EX64.SYS [2148056 2016-07-02] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2016-07-02] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-03] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
U3 aswMBR; \??\C:\Users\L4k0\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\L4k0\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 17:17 - 2016-07-03 17:17 - 00012146 _____ C:\Users\L4k0\Desktop\FRST.txt
2016-07-03 17:17 - 2016-07-03 17:17 - 00000000 ____D C:\FRST
2016-07-03 17:16 - 2016-07-03 17:16 - 02390016 _____ (Farbar) C:\Users\L4k0\Desktop\FRST64.exe
2016-07-03 15:42 - 2016-07-03 15:42 - 00000000 ____D C:\AdwCleaner
2016-07-03 15:32 - 2016-07-03 15:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-03 15:32 - 2016-07-03 15:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 15:32 - 2016-07-03 15:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-03 15:31 - 2016-07-03 15:31 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-03 15:24 - 2016-07-03 16:05 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-07-03 15:24 - 2016-07-03 15:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-03 13:19 - 2016-07-03 13:19 - 00001611 _____ C:\Users\L4k0\Desktop\APU-Engine.lnk
2016-07-03 13:16 - 2016-07-03 13:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-07-03 13:07 - 2016-07-03 13:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-03 13:07 - 2016-07-03 13:07 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2016-07-03 13:07 - 2016-07-03 13:07 - 00000000 ____D C:\Users\L4k0\AppData\Local\CrashDumps
2016-07-03 13:07 - 2016-07-03 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-07-03 13:07 - 2016-07-03 13:07 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-07-03 13:07 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2016-07-03 13:07 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2016-07-03 13:07 - 2007-12-17 11:14 - 00014392 ____R C:\Windows\SysWOW64\Drivers\AsIO.sys
2016-07-03 13:07 - 2006-01-10 10:50 - 00024576 ____R () C:\Windows\SysWOW64\AsIO.dll
2016-07-03 13:04 - 2016-07-03 13:04 - 00024956 _____ C:\Windows\Ascd_tmp.ini
2016-07-03 13:04 - 2016-07-03 13:04 - 00001746 _____ C:\Windows\Language_trs.ini
2016-07-03 12:43 - 2016-07-03 12:43 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-07-03 12:43 - 2016-07-03 12:43 - 00002248 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-07-03 12:43 - 2016-07-03 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-07-03 12:43 - 2016-06-01 15:12 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-07-03 12:43 - 2016-06-01 15:05 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-07-03 12:43 - 2016-06-01 15:05 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-07-03 12:42 - 2016-07-03 12:43 - 00000000 ____D C:\Program Files (x86)\AVG
2016-07-03 12:41 - 2016-07-03 12:43 - 00000000 ____D C:\Users\L4k0\AppData\Local\Avg
2016-07-03 12:41 - 2016-07-03 12:43 - 00000000 ____D C:\ProgramData\Avg
2016-07-03 12:41 - 2016-07-03 12:42 - 00000000 ____D C:\Users\L4k0\AppData\Local\AvgSetupLog
2016-07-03 12:12 - 2016-07-03 15:08 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-03 12:12 - 2016-07-03 12:12 - 19927624 _____ C:\Users\L4k0\Desktop\RogueKiller.exe
2016-07-03 12:12 - 2016-07-03 12:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-03 10:43 - 2016-07-03 10:43 - 00001242 _____ C:\Users\L4k0\Desktop\Paint.lnk
2016-07-02 18:29 - 2016-07-02 18:29 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-02 18:29 - 2016-07-02 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-02 18:29 - 2016-07-02 18:29 - 00000000 ____D C:\Program Files\WinRAR
2016-07-02 15:55 - 2016-07-02 15:57 - 00000000 ____D C:\Users\L4k0\AppData\Local\NPE
2016-07-02 15:42 - 2016-07-02 15:43 - 00000000 ____D C:\Windows\Minidump
2016-07-02 15:42 - 2016-07-02 15:42 - 415886817 _____ C:\Windows\MEMORY.DMP
2016-07-02 15:31 - 2013-08-07 07:08 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2016-07-02 15:11 - 2016-07-02 17:47 - 00000885 _____ C:\Users\L4k0\Desktop\Mem Reduct.lnk
2016-07-02 15:11 - 2016-07-02 15:11 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mem Reduct
2016-07-02 15:11 - 2016-07-02 15:11 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Henry++
2016-07-02 15:11 - 2016-07-02 15:11 - 00000000 ____D C:\Program Files\Mem Reduct
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Blocker
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Program Files\Softros Systems
2016-07-02 13:52 - 2016-07-02 13:52 - 00000000 ____D C:\Users\L4k0\AppData\Local\AMD
2016-07-02 13:51 - 2016-07-02 13:51 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-02 13:50 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-02 13:50 - 2016-02-16 01:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-02 13:50 - 2016-02-16 01:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-07-02 13:50 - 2016-02-16 01:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-02 13:50 - 2016-02-16 01:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-02 13:49 - 2016-07-02 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-02 13:49 - 2016-07-02 13:49 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-07-02 13:47 - 2016-07-02 13:47 - 00749404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-02 13:45 - 2016-07-02 13:50 - 00000000 ____D C:\Program Files\AMD
2016-07-02 13:43 - 2016-07-02 13:43 - 00000043 _____ C:\Users\L4k0\Desktop\Nový textový dokument.txt
2016-07-02 13:13 - 2016-07-02 12:19 - 00000000 ____D C:\Windows\Panther
2016-07-02 13:10 - 2016-07-02 13:10 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-02 13:10 - 2016-07-02 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-07-02 13:09 - 2016-07-03 17:14 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 13:09 - 2016-07-03 14:47 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 13:09 - 2016-07-02 13:10 - 00000000 ____D C:\Users\L4k0\AppData\Local\Google
2016-07-02 13:09 - 2016-07-02 13:09 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-02 13:09 - 2016-07-02 13:09 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-02 13:09 - 2016-07-02 13:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-02 12:30 - 2016-07-03 13:10 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-07-02 12:30 - 2016-07-03 13:10 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-07-02 12:30 - 2016-07-02 12:30 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-07-02 12:30 - 2016-07-02 12:30 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-07-02 12:30 - 2016-07-02 12:30 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-07-02 12:29 - 2016-07-03 13:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-07-02 12:29 - 2016-07-03 13:10 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-07-02 12:29 - 2016-07-02 15:55 - 00000000 ____D C:\ProgramData\Norton
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-07-02 12:29 - 2016-07-02 12:29 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-07-02 12:21 - 2016-07-02 12:21 - 00057560 _____ C:\Users\L4k0\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-02 12:19 - 2016-07-02 12:19 - 00000020 ___SH C:\Users\L4k0\ntuser.ini
2016-07-02 12:19 - 2016-07-02 12:19 - 00000000 ____D C:\Users\L4k0\AppData\Local\VirtualStore
2016-07-02 12:19 - 2016-07-02 12:19 - 00000000 ____D C:\Users\L4k0
2016-07-02 12:19 - 2010-11-21 17:10 - 00000000 ____D C:\Users\L4k0\AppData\Roaming\Media Center Programs
2016-07-02 12:17 - 2016-07-02 12:17 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-02 12:17 - 2016-07-02 12:17 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-02 12:15 - 2016-07-02 12:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 16:19 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 16:19 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 14:51 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 14:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-03 14:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-02 17:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-02 13:27 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-02 13:12 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-07-02 13:03 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-02 13:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-02 12:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-02 12:14 - 2009-07-14 06:45 - 00274736 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\L4k0\AppData\Local\Temp\dllnt_dump.dll
C:\Users\L4k0\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\L4k0\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\L4k0\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-03 13:54

==================== End of FRST.txt ============================

ADDTION Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by L4k0 (2016-07-03 17:17:42)
Running from C:\Users\L4k0\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-02 10:19:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3446584074-721549401-2035689353-500 - Administrator - Disabled)
Guest (S-1-5-21-3446584074-721549401-2035689353-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3446584074-721549401-2035689353-1002 - Limited - Enabled)
L4k0 (S-1-5-21-3446584074-721549401-2035689353-1000 - Administrator - Enabled) => C:\Users\L4k0

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.25 - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 26.0.1410.40 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Mem Reduct (HKLM-x32\...\memreduct) (Version: 3.0.436 - Henry++)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Process Blocker 1.0.13.0 (HKLM\...\{FEC52075-E418-400D-A25C-AE7F366A9C2C}) (Version: 1.0.13.0 - Softros Systems, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.31 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {207A8348-C848-4A59-9980-5687B80D5C02} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {26A850C4-4ADA-4A3C-9145-5B8213738C5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {547882E9-A1B8-4CA3-AAD6-5C8E7F771F22} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {846A2378-04F3-4DF5-9D5A-C278CFB72535} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-06-04] ()
Task: {DB8507D6-FDD7-4F27-8018-5E24C6C05222} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-02] (Google Inc.)
Task: {E32FF4EE-2059-43B3-8A61-95E5B1A3F170} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {F8ABECC2-5E0C-4FC5-9724-F01D7C404D93} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-03 13:07 - 2009-06-04 15:10 - 05777408 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-07-03 12:12 - 2016-07-03 12:12 - 19927624 _____ () C:\Users\L4k0\Desktop\RogueKiller.exe
2016-07-03 13:07 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2016-07-03 13:07 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2016-07-03 12:42 - 2016-07-03 12:41 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 00598480 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\libglesv2.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 00124368 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\libegl.dll
2016-07-02 13:10 - 2013-03-20 08:04 - 04050896 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\pdf.dll
2016-07-02 13:10 - 2013-03-20 08:04 - 00390096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ppGoogleNaClPluginChrome.dll
2016-07-02 13:10 - 2013-03-20 08:03 - 01606096 _____ () C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.40\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3446584074-721549401-2035689353-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\L4k0\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.85.126.10 - 199.85.127.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC2EF894-D26C-4A10-B57E-6EF57F7A9036}] => (Allow) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 02:51:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2016 02:51:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2016 02:49:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2016 01:14:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2016 01:14:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/03/2016 01:11:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2016 01:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: Explorer.EXE, verzia: 6.1.7601.17514, časová značka: 0x4ce7a144
Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000005
Odstup chyby: 0x000003fefc046790
Identifikácia chybného procesu: 0x49c
Čas spustenia chybnej aplikácie: 0xExplorer.EXE0
Cesta chybnej aplikácie: Explorer.EXE1
Cesta chybného modulu: Explorer.EXE2
Identifikácia hlásenia: Explorer.EXE3

Error: (07/02/2016 06:53:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 06:53:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/02/2016 06:50:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/03/2016 05:13:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Secure Socket Tunneling Protocol Service, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
%%1058 = Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.

Error: (07/03/2016 05:13:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Secure Socket Tunneling Protocol Service, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
%%1058 = Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.

Error: (07/03/2016 04:05:41 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}5{76D0CB12-7604-4048-B83C-1005C7DDC503}

Error: (07/03/2016 03:08:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/03/2016 02:57:36 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}5{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

Error: (07/03/2016 02:57:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Secure Socket Tunneling Protocol Service, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
%%1058 = Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.

Error: (07/03/2016 02:57:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Secure Socket Tunneling Protocol Service, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
%%1058 = Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.

Error: (07/03/2016 02:48:47 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/03/2016 02:47:33 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}5{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (07/03/2016 02:47:33 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}5{56EA1054-1959-467F-BE3B-A2A787C4B6EA}

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 20%
Total physical RAM: 8191.11 MB
Available physical RAM: 6508.82 MB
Total Virtual: 16380.43 MB
Available Virtual: 13809.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:86.66 GB) NTFS
Drive d: () (Fixed) (Total:348.47 GB) (Free:347.87 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#13 Příspěvek od **Rudy** » 03 črc 2016 17:46

Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

L4k0 · #14 Příspěvek od **L4k0** » 03 črc 2016 18:08

# AdwCleaner v5.201 - Log vytvorený 03/07/2016 v 19:05:17
# Aktualizované 30/06/2016 by ToolsLib
# Databáza : 2016-07-01.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : L4k0 - L4K0-PC
# Spustené z : C:\Users\L4k0\Desktop\adwcleaner_5.201.exe
# Nastavenie : Skenovať
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Priečinky ] *****

***** [ Súbory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupcovia ] *****

***** [ Naplánované úlohy ] *****

***** [ Registre ] *****

***** [ Webové prehliadače ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [692 bajtov] - [03/07/2016 19:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [765 bajtov] ##########

#15 Příspěvek od **Rudy** » 03 črc 2016 18:41

Toto je OK.

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
U3 aswMBR; \??\C:\Users\L4k0\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\L4k0\AppData\Local\Temp\aswVmm.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\L4k0\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VIRY.CZ

RUDY! - Kontrola logu určite tam niečo je...

RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...

Re: RUDY! - Kontrola logu určite tam niečo je...