Facebook - photo.ex

Zpráva

apolo · #1 Příspěvek od **apolo** » 26 črc 2014 20:34

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by ROSTA (administrator) on ROSTA-PC on 26-07-2014 21:27:35
Running from C:\Users\ROSTA\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-09] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\Run: [Facebook Update] => C:\Users\ROSTA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-18] (Facebook Inc.)
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fba-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fe3-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKCU - 58FD44C7463C5076A4791F6AFDADA6EE URL = http://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKCU - 60A16B1645A1832D0634CAF81670A3EE URL = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
SearchScopes: HKCU - 616E727AEDBD1BE76245B59064425928 URL = http://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKCU - FFEB24149A95E0D4FCD843F728A27F56 URL = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{A4231BE1-EF9D-4569-9E44-C9AED4AB01E4}: [NameServer]62.84.128.6,62.84.132.6

FireFox:
========
FF ProfilePath: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: Seznam
FF SelectedSearchEngine: Seznam
FF Homepage: hxxp://www.seznam.cz/?clid=6826
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\ROSTA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\firmy.cz-211858.xml
FF SearchPlugin: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mapy.cz-211858.xml
FF SearchPlugin: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\seznam.cz-211858.xml
FF SearchPlugin: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\videa.seznam.cz-211858.xml
FF SearchPlugin: C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\zbozi.cz-211858.xml
FF Extension: No Name - C:\Users\ROSTA\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2014-07-09]
FF HKLM\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF Extension: Free Games (4357) - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2013-10-28]
FF HKLM\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-10-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-08]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=6826
CHR StartupUrls: "hxxp://www.seznam.cz/?clid=6826"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\ROSTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Vyhledávání Google) - C:\Users\ROSTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (No Name) - C:\Users\ROSTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-14]
CHR Extension: (Peněženka Google) - C:\Users\ROSTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (Gmail) - C:\Users\ROSTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]
CHR HKLM\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-16] (AVAST Software)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-11-01] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S1 prodrv04; C:\Windows\System32\drivers\prodrv04.sys [114496 2014-01-29] (Protection Technology Co.) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [254720 2010-11-12] (Vimicro Corporation)
R3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 21:18 - 2014-07-26 21:21 - 00174690 _____ () C:\Users\ROSTA\Desktop\Addition.txt
2014-07-26 21:14 - 2014-07-26 21:28 - 00013235 _____ () C:\Users\ROSTA\Desktop\FRST.txt
2014-07-26 21:14 - 2014-07-26 21:27 - 00000000 ____D () C:\FRST
2014-07-26 21:09 - 2014-07-26 21:12 - 01084416 _____ (Farbar) C:\Users\ROSTA\Desktop\FRST.exe
2014-07-26 20:49 - 2014-07-26 20:50 - 00408520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 20:49 - 2014-07-26 20:49 - 00000056 _____ () C:\Windows\setupact.log
2014-07-26 20:49 - 2014-07-26 20:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-25 19:55 - 2006-08-01 10:59 - 00050166 _____ () C:\Users\ROSTA\Documents\výbuch 9.bmp
2014-07-25 19:55 - 2006-08-01 10:59 - 00030546 _____ () C:\Users\ROSTA\Documents\výbuch 10.bmp
2014-07-25 19:55 - 2006-08-01 10:58 - 00066654 _____ () C:\Users\ROSTA\Documents\výbuch 7.bmp
2014-07-25 19:55 - 2006-08-01 10:58 - 00055174 _____ () C:\Users\ROSTA\Documents\výbuch 8.bmp
2014-07-25 19:55 - 2006-08-01 10:57 - 00064294 _____ () C:\Users\ROSTA\Documents\výbuch 5.bmp
2014-07-25 19:55 - 2006-08-01 10:57 - 00063786 _____ () C:\Users\ROSTA\Documents\výbuch 6.bmp
2014-07-25 19:55 - 2006-08-01 10:56 - 00067446 _____ () C:\Users\ROSTA\Documents\výbuch 4.bmp
2014-07-25 19:55 - 2006-08-01 10:56 - 00062970 _____ () C:\Users\ROSTA\Documents\výbuch 3.bmp
2014-07-25 19:55 - 2006-08-01 10:55 - 00061254 _____ () C:\Users\ROSTA\Documents\výbuch 2.bmp
2014-07-25 19:55 - 2006-08-01 10:54 - 00043478 _____ () C:\Users\ROSTA\Documents\výbuch 1.bmp
2014-07-25 19:23 - 2014-07-25 19:23 - 00017474 _____ () C:\Users\ROSTA\Documents\siga.bmp
2014-07-25 19:23 - 2014-07-25 19:23 - 00014310 _____ () C:\Users\ROSTA\Documents\Pallone.bmp
2014-07-25 19:23 - 2014-07-25 19:23 - 00012934 _____ () C:\Users\ROSTA\Documents\nail.bmp
2014-07-25 16:14 - 2014-07-25 19:57 - 00000000 ____D () C:\Program Files\Pivot Animator
2014-07-23 17:44 - 2014-07-23 17:45 - 20166856 _____ (Gameforge ) C:\Users\ROSTA\Desktop\Metin2_GameforgeLiveSetup.exe
2014-07-21 16:49 - 2014-07-21 16:49 - 00001562 _____ () C:\Users\ROSTA\Desktop\Counter-Strike 1.6.lnk
2014-07-21 16:49 - 2014-07-21 16:49 - 00001508 _____ () C:\Users\ROSTA\Desktop\Half-Life.lnk
2014-07-21 16:49 - 2014-07-21 16:49 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-07-21 16:34 - 2014-07-21 16:40 - 283740531 _____ (Valve ) C:\Users\ROSTA\Desktop\cs16full_v42h_cskocz.exe
2014-07-18 21:12 - 2014-07-26 21:17 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000UA.job
2014-07-18 21:12 - 2014-07-26 21:17 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000Core.job
2014-07-17 16:53 - 2014-07-17 16:54 - 01057672 _____ (Adobe) C:\Users\ROSTA\Desktop\install_reader11_cz_mssa_aaa_aih.exe
2014-07-16 13:51 - 2014-07-16 13:51 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-16 13:51 - 2014-07-16 13:51 - 00002053 _____ () C:\ProgramData\Desktop\avast! Internet Security.lnk
2014-07-16 13:49 - 2014-07-16 13:48 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-16 13:49 - 2014-07-16 13:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 13:48 - 2014-07-16 13:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 13:47 - 2014-07-16 13:47 - 00270752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-16 06:40 - 2014-07-16 06:40 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-16 06:40 - 2014-07-16 06:40 - 00000965 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-07-16 06:40 - 2014-07-16 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 06:40 - 2014-07-16 06:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 06:38 - 2014-07-16 06:39 - 04812672 _____ (Piriform Ltd) C:\Users\ROSTA\Desktop\ccsetup415.exe
2014-07-16 06:29 - 2014-07-16 06:29 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\QuickScan
2014-07-16 06:25 - 2014-07-16 06:26 - 05618208 _____ (Speedchecker Limited ) C:\Users\ROSTA\Desktop\zrychlenipocitace_eb30694cdfb742ff9e20d753b569cdde_.exe
2014-07-15 21:27 - 2014-07-15 21:27 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-15 21:27 - 2014-07-15 21:27 - 00001230 _____ () C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\VS Revo Group
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-15 21:27 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-07-15 21:24 - 2014-07-15 21:25 - 10619688 _____ (VS Revo Group ) C:\Users\ROSTA\Desktop\RevoUninProSetup.exe
2014-07-15 21:05 - 2014-07-15 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-15 21:04 - 2014-07-15 21:04 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-15 21:04 - 2014-07-09 19:56 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 21:03 - 2014-07-09 20:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-15 21:03 - 2014-07-09 19:56 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-15 21:03 - 2014-07-09 19:55 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-15 20:56 - 2014-07-15 20:56 - 00918952 _____ (Oracle Corporation) C:\Users\ROSTA\Desktop\chromeinstall-7u65.exe
2014-07-15 12:46 - 2014-07-15 12:46 - 00000000 __SHD () C:\Users\ROSTA\AppData\Local\EmieUserList
2014-07-15 12:46 - 2014-07-15 12:46 - 00000000 __SHD () C:\Users\ROSTA\AppData\Local\EmieSiteList
2014-07-14 10:42 - 2014-07-14 10:42 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-13 10:59 - 2014-07-13 10:59 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Razer_Inc
2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Users\ROSTA\Documents\Razer
2014-07-13 10:44 - 2014-07-26 09:31 - 00000000 ___RD () C:\Users\ROSTA\Desktop\MINECRAFT
2014-07-13 10:44 - 2014-07-15 12:44 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Razer
2014-07-13 10:43 - 2014-07-15 12:44 - 00000000 ____D () C:\ProgramData\Razer
2014-07-13 10:43 - 2014-07-15 12:44 - 00000000 ____D () C:\Program Files\Razer
2014-07-12 10:17 - 2014-07-12 10:20 - 00000082 _____ () C:\Users\ROSTA\Desktop\MOL_Properties.properties
2014-07-12 10:14 - 2014-07-12 10:14 - 00000000 ____D () C:\Users\ROSTA\minecraft
2014-07-11 06:18 - 2014-07-11 06:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:06 - 2014-07-10 23:06 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-10 05:40 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-07-10 05:39 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-07-10 05:39 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-10 05:39 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-07-10 05:39 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-07-10 05:39 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-07-10 05:38 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 05:38 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 05:38 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 05:38 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 05:38 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 05:38 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 05:38 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 05:38 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 05:38 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 05:38 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 05:38 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 05:38 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 05:38 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 05:38 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 05:38 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 05:38 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 05:38 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 05:38 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-10 05:38 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-10 05:38 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-10 05:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-10 05:38 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-10 05:38 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-07-10 05:37 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 05:37 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 05:37 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 05:37 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 05:37 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 05:37 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 05:37 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 05:37 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 05:37 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 05:37 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 05:37 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 05:37 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 05:37 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 05:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-07-10 05:36 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-10 05:36 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-10 05:36 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-10 05:36 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-10 05:35 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 05:35 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 05:35 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-10 05:06 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-10 05:05 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 05:05 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 05:05 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 05:05 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-10 05:05 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-10 05:00 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-10 05:00 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-10 05:00 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-07-10 04:59 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 04:59 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 04:59 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-07-10 04:59 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-07-09 23:40 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-09 23:40 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-09 23:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-09 23:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-09 23:40 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-09 23:40 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-09 23:40 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-09 23:40 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-09 23:40 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-09 23:38 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 23:38 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-09 23:38 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-07-09 23:38 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-07-09 23:38 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-07-09 23:38 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-07-09 23:38 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-07-09 21:40 - 2014-07-15 12:43 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-09 21:19 - 2014-07-15 12:45 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Yandex
2014-07-09 21:18 - 2014-07-09 21:18 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Chromium
2014-07-09 21:15 - 2014-07-09 21:15 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\IsolatedStorage
2014-07-09 21:14 - 2014-07-15 12:51 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Yandex
2014-07-09 21:14 - 2014-07-15 12:43 - 00000000 ____D () C:\ProgramData\Norton
2014-07-09 21:14 - 2014-07-09 21:14 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Opera Software
2014-07-09 21:12 - 2014-07-25 16:29 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-07-09 21:12 - 2014-07-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2014-07-09 21:12 - 2014-07-09 21:12 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-07-09 21:12 - 2014-07-09 21:12 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\ImperiaOnline

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 21:28 - 2014-07-26 21:14 - 00013235 _____ () C:\Users\ROSTA\Desktop\FRST.txt
2014-07-26 21:27 - 2014-07-26 21:14 - 00000000 ____D () C:\FRST
2014-07-26 21:21 - 2014-07-26 21:18 - 00174690 _____ () C:\Users\ROSTA\Desktop\Addition.txt
2014-07-26 21:17 - 2014-07-18 21:12 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000UA.job
2014-07-26 21:17 - 2014-07-18 21:12 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000Core.job
2014-07-26 21:12 - 2014-07-26 21:09 - 01084416 _____ (Farbar) C:\Users\ROSTA\Desktop\FRST.exe
2014-07-26 20:58 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:58 - 2009-07-14 06:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 20:54 - 2013-10-07 19:10 - 01574538 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 20:50 - 2014-07-26 20:49 - 00408520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 20:50 - 2013-10-08 10:59 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 20:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 20:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-07-26 20:49 - 2014-07-26 20:49 - 00000056 _____ () C:\Windows\setupact.log
2014-07-26 20:49 - 2014-07-26 20:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-26 19:31 - 2013-10-08 10:59 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 09:31 - 2014-07-13 10:44 - 00000000 ___RD () C:\Users\ROSTA\Desktop\MINECRAFT
2014-07-25 19:57 - 2014-07-25 16:14 - 00000000 ____D () C:\Program Files\Pivot Animator
2014-07-25 19:23 - 2014-07-25 19:23 - 00017474 _____ () C:\Users\ROSTA\Documents\siga.bmp
2014-07-25 19:23 - 2014-07-25 19:23 - 00014310 _____ () C:\Users\ROSTA\Documents\Pallone.bmp
2014-07-25 19:23 - 2014-07-25 19:23 - 00012934 _____ () C:\Users\ROSTA\Documents\nail.bmp
2014-07-25 16:29 - 2014-07-09 21:12 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-07-25 16:15 - 2013-12-24 19:13 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Skype
2014-07-25 16:15 - 2013-10-07 19:57 - 01582264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 16:14 - 2014-07-09 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator
2014-07-25 05:58 - 2013-10-18 21:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 23:40 - 2013-10-18 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 17:45 - 2014-07-23 17:44 - 20166856 _____ (Gameforge ) C:\Users\ROSTA\Desktop\Metin2_GameforgeLiveSetup.exe
2014-07-22 22:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-21 19:04 - 2013-12-11 14:49 - 00000000 ____D () C:\Counter-Strike 1.6
2014-07-21 16:49 - 2014-07-21 16:49 - 00001562 _____ () C:\Users\ROSTA\Desktop\Counter-Strike 1.6.lnk
2014-07-21 16:49 - 2014-07-21 16:49 - 00001508 _____ () C:\Users\ROSTA\Desktop\Half-Life.lnk
2014-07-21 16:49 - 2014-07-21 16:49 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2014-07-21 16:40 - 2014-07-21 16:34 - 283740531 _____ (Valve ) C:\Users\ROSTA\Desktop\cs16full_v42h_cskocz.exe
2014-07-20 19:01 - 2014-05-12 17:42 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\.minecraft
2014-07-19 07:48 - 2013-10-08 11:03 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 07:48 - 2013-10-08 11:03 - 00002089 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-07-17 16:54 - 2014-07-17 16:53 - 01057672 _____ (Adobe) C:\Users\ROSTA\Desktop\install_reader11_cz_mssa_aaa_aih.exe
2014-07-17 09:20 - 2013-10-08 10:59 - 00000000 ____D () C:\Program Files\Google
2014-07-17 07:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-17 06:00 - 2014-02-19 13:40 - 00000139 _____ () C:\Windows\system32\ROXECDC6Inst.log
2014-07-17 06:00 - 2014-02-19 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2014-07-17 06:00 - 2014-02-19 13:33 - 00000000 ____D () C:\Program Files\Roxio
2014-07-17 05:58 - 2014-01-27 20:04 - 00000000 ____D () C:\Windows\system32\QuickTime
2014-07-17 05:58 - 2014-01-27 20:04 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-17 05:58 - 2013-11-02 19:58 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Unity
2014-07-17 05:56 - 2014-02-19 13:33 - 00000000 ____D () C:\Program Files\Common Files\Roxio Shared
2014-07-17 05:54 - 2014-02-19 13:38 - 00000000 ____D () C:\ProgramData\Roxio
2014-07-17 05:35 - 2013-10-08 11:00 - 00000000 ____D () C:\ProgramData\Google
2014-07-17 05:35 - 2013-10-07 20:19 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Google
2014-07-16 13:51 - 2014-07-16 13:51 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-16 13:51 - 2014-07-16 13:51 - 00002053 _____ () C:\ProgramData\Desktop\avast! Internet Security.lnk
2014-07-16 13:51 - 2013-11-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 13:50 - 2013-11-08 08:19 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 13:48 - 2014-07-16 13:49 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-16 13:48 - 2014-07-16 13:49 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 13:48 - 2014-07-16 13:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 13:48 - 2013-12-31 00:28 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-16 13:48 - 2013-11-08 08:19 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 13:48 - 2013-11-08 08:19 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 13:48 - 2013-11-08 08:19 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 13:48 - 2013-11-08 08:19 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 13:48 - 2013-11-08 08:19 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 13:48 - 2013-11-08 08:19 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 13:47 - 2014-07-16 13:47 - 00270752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-16 06:42 - 2014-03-17 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MINECRAFT 1.8.2 CZ
2014-07-16 06:42 - 2014-03-17 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MINECRAFT 1.5.2 plna hra zdarma
2014-07-16 06:42 - 2014-02-06 22:41 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MineCraft
2014-07-16 06:42 - 2014-02-06 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MineCraft
2014-07-16 06:42 - 2014-02-05 19:25 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Hive
2014-07-16 06:42 - 2014-02-05 19:21 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bridging the Gap
2014-07-16 06:42 - 2014-02-04 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kouzelné dárky
2014-07-16 06:42 - 2014-01-28 16:23 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brad and Roxy's Amazing Downhill
2014-07-16 06:42 - 2014-01-27 20:00 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lemonade Incorporated 2 Sour Lemons
2014-07-16 06:42 - 2014-01-27 19:59 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Luigi World
2014-07-16 06:42 - 2014-01-27 19:58 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acid Arena Monster Blast
2014-07-16 06:42 - 2013-10-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-07-16 06:42 - 2013-10-07 20:06 - 00000000 ____D () C:\Windows\Panther
2014-07-16 06:40 - 2014-07-16 06:40 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-16 06:40 - 2014-07-16 06:40 - 00000965 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-07-16 06:40 - 2014-07-16 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 06:40 - 2014-07-16 06:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 06:39 - 2014-07-16 06:38 - 04812672 _____ (Piriform Ltd) C:\Users\ROSTA\Desktop\ccsetup415.exe
2014-07-16 06:29 - 2014-07-16 06:29 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\QuickScan
2014-07-16 06:26 - 2014-07-16 06:25 - 05618208 _____ (Speedchecker Limited ) C:\Users\ROSTA\Desktop\zrychlenipocitace_eb30694cdfb742ff9e20d753b569cdde_.exe
2014-07-15 23:53 - 2013-10-09 07:05 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-07-15 21:35 - 2014-01-04 21:05 - 00000000 ____D () C:\Windows\Minidump
2014-07-15 21:27 - 2014-07-15 21:27 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-15 21:27 - 2014-07-15 21:27 - 00001230 _____ () C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\VS Revo Group
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-15 21:27 - 2014-07-15 21:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-15 21:25 - 2014-07-15 21:24 - 10619688 _____ (VS Revo Group ) C:\Users\ROSTA\Desktop\RevoUninProSetup.exe
2014-07-15 21:05 - 2014-07-15 21:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-15 21:04 - 2014-07-15 21:04 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 21:03 - 2014-02-23 10:49 - 00000000 ____D () C:\Program Files\Java
2014-07-15 20:56 - 2014-07-15 20:56 - 00918952 _____ (Oracle Corporation) C:\Users\ROSTA\Desktop\chromeinstall-7u65.exe
2014-07-15 13:00 - 2013-10-07 19:15 - 00000000 ____D () C:\Users\ROSTA
2014-07-15 12:51 - 2014-07-09 21:14 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Yandex
2014-07-15 12:46 - 2014-07-15 12:46 - 00000000 __SHD () C:\Users\ROSTA\AppData\Local\EmieUserList
2014-07-15 12:46 - 2014-07-15 12:46 - 00000000 __SHD () C:\Users\ROSTA\AppData\Local\EmieSiteList
2014-07-15 12:45 - 2014-07-09 21:19 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Yandex
2014-07-15 12:44 - 2014-07-13 10:44 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Razer
2014-07-15 12:44 - 2014-07-13 10:43 - 00000000 ____D () C:\ProgramData\Razer
2014-07-15 12:44 - 2014-07-13 10:43 - 00000000 ____D () C:\Program Files\Razer
2014-07-15 12:43 - 2014-07-09 21:40 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-15 12:43 - 2014-07-09 21:14 - 00000000 ____D () C:\ProgramData\Norton
2014-07-15 11:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-14 10:42 - 2014-07-14 10:42 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-13 10:59 - 2014-07-13 10:59 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Razer_Inc
2014-07-13 10:57 - 2014-07-13 10:57 - 00000000 ____D () C:\Users\ROSTA\Documents\Razer
2014-07-12 10:20 - 2014-07-12 10:17 - 00000082 _____ () C:\Users\ROSTA\Desktop\MOL_Properties.properties
2014-07-12 10:14 - 2014-07-12 10:14 - 00000000 ____D () C:\Users\ROSTA\minecraft
2014-07-12 09:47 - 2013-10-07 20:02 - 00000000 ____D () C:\Hry
2014-07-11 06:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 06:18 - 2014-07-11 06:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:18 - 2013-11-03 07:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 23:06 - 2014-07-10 23:06 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-10 04:12 - 2009-07-14 04:04 - 00000793 _____ () C:\Windows\win.ini
2014-07-10 04:02 - 2013-10-09 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 21:18 - 2014-07-09 21:18 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\Chromium
2014-07-09 21:15 - 2014-07-09 21:15 - 00000000 ____D () C:\Users\ROSTA\AppData\Local\IsolatedStorage
2014-07-09 21:14 - 2014-07-09 21:14 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Opera Software
2014-07-09 21:14 - 2013-10-28 20:00 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Mozilla
2014-07-09 21:12 - 2014-07-09 21:12 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2014-07-09 21:12 - 2014-07-09 21:12 - 00000000 ____D () C:\Users\ROSTA\AppData\Roaming\ImperiaOnline
2014-07-09 20:03 - 2014-07-15 21:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-09 19:56 - 2014-07-15 21:04 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-09 19:56 - 2014-07-15 21:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-09 19:55 - 2014-07-15 21:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-09 17:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-09 17:32 - 2014-03-18 07:21 - 00000479 _____ () C:\Users\ROSTA\rgut
2014-06-30 03:40 - 2014-07-10 04:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-10 04:59 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:38 - 2013-10-09 22:16 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\ROSTA\pjsieq.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 08:41

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 26 črc 2014 21:42

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\Run: [Facebook Update] => C:\Users\ROSTA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-18] (Facebook Inc.)
c:\Users\ROSTA\AppData\Local\Facebook\Update
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fba-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fe3-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\ROSTA\AppData\Roaming\Yandex
C:\Users\ROSTA\pjsieq.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

apolo · #3 Příspěvek od **apolo** » 27 črc 2014 05:56

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by ROSTA at 2014-07-27 06:54:02 Run:1
Running from C:\Users\ROSTA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\Run: [Facebook Update] => C:\Users\ROSTA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-18] (Facebook Inc.)
c:\Users\ROSTA\AppData\Local\Facebook\Update
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fba-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
HKU\S-1-5-21-3674871790-465409129-2159410804-1000\...\MountPoints2: {d18c7fe3-b26d-11e3-beaf-001e0baa8e65} - F:\Autorun.exe
BHO: ?????????? ???????? -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\ROSTA\AppData\Roaming\Yandex
C:\Users\ROSTA\pjsieq.exe
End
*****************

HKU\S-1-5-21-3674871790-465409129-2159410804-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
c:\Users\ROSTA\AppData\Local\Facebook\Update => Moved successfully.
"HKU\S-1-5-21-3674871790-465409129-2159410804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d18c7fba-b26d-11e3-beaf-001e0baa8e65}" => Key deleted successfully.
"HKCR\CLSID\{d18c7fba-b26d-11e3-beaf-001e0baa8e65}" => Key not found.
"HKU\S-1-5-21-3674871790-465409129-2159410804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d18c7fe3-b26d-11e3-beaf-001e0baa8e65}" => Key deleted successfully.
"HKCR\CLSID\{d18c7fe3-b26d-11e3-beaf-001e0baa8e65}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}" => Key deleted successfully.
"HKCR\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674871790-465409129-2159410804-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\ROSTA\AppData\Roaming\Yandex => Moved successfully.
C:\Users\ROSTA\pjsieq.exe => Moved successfully.

==== End of Fixlog ====

#4 Příspěvek od **Rudy** » 27 črc 2014 10:44

Nastala nějaká změna?

apolo · #5 Příspěvek od **apolo** » 27 črc 2014 16:57

#6 Příspěvek od **Rudy** » 27 črc 2014 17:09

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

apolo · #7 Příspěvek od **apolo** » 28 črc 2014 11:28

Dobry den, mám to asi už oskenované skončilo to u 3 fáze a dále se už níc nedělo asi 4 hodiny.Poté sem Combofix vypl a zapnul štíty u avastu a restartoval sem PC. A zdá se mi že internet a (možná) i system je pomalší. Byl sem i na FB a pořád se vír odesíla mím přátelum. A log mi to žadny nedalo

#8 Příspěvek od **Rudy** » 28 črc 2014 17:20

Zkuste spustit CF v nouz. režimu.

apolo · #9 Příspěvek od **apolo** » 28 črc 2014 17:22

A jak to mám udělat ?

#10 Příspěvek od **Rudy** » 28 črc 2014 17:35

Během úvodních postů tiskněte >F8<. Objeví se menu, v němž se budete pohybovat kurzorovými šipkami. Zvýrazněte "Stav nouze s prací v síti" a odentrujte.

apolo · #11 Příspěvek od **apolo** » 28 črc 2014 18:22

Tak sem se dostal do nouzoveho režimu a zapl sem ComboFix a zase to same skončilo to u 3 faze a zase se níc nedělo skener byl zapnuty něco přes 25 minut ( více času sem neměl ) ( 3. fáze se mi ukazala něco do 3-4 minut )

PS: měnil sem i antivirus z avastu na eset a z esetu na Microsoft Security Essentials .. Zkusím ještě přes noc zapnout uplnou kontrolu pc (To sem ještě u microsoftu nezkoušel jen rychlou kontrolu)

#12 Příspěvek od **Rudy** » 28 črc 2014 19:22

Zkuste tedy kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

apolo · #13 Příspěvek od **apolo** » 29 črc 2014 05:35

Tak sem byl včera na FB a už se víry neodesílají nevím jakto použíl sem eset online scener ten tam našel 3 trojske koně ty sem vymazal (zda se mi že ten eset níc nevymazal bylo to take divne ) a ještě jsem změnil heslo na FB což si myslím že to pomohlo protože jak sem šel na FB začal se mi tak sekat pak sem vypl chat a už se víry neposílaly a hned sem šel změnit heslo.. Tak nevím co mám dělat jestli stahnout MBAM a poslat vám log aby se třeba vír nevratíl ?

#14 Příspěvek od **Rudy** » 29 črc 2014 15:48

Pro sichr určitě nebude ten sken MBAM od věci.

apolo · #15 Příspěvek od **apolo** » 29 črc 2014 17:19

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 29.7.2014
Scan Time: 17:44:08
Logfile: mbam-scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.29.04
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ROSTA

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319735
Time Elapsed: 32 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.Agent.CR, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\godimpbmfohihoaikgfknnnmlncabkkp, , [f65230755229b284794c5a75ee14d52b],

Registry Values: 2
PUP.Optional.SpeedTest, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, , [b197bbea0279a78f3f384a8206fc11ef]
PUP.Optional.SpeedTest, HKU\S-1-5-21-3674871790-465409129-2159410804-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, , [0840aff689f2290d076ff7d5c33fd828]

Registry Data: 0
(No malicious items detected)

Folders: 13
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams, , [341454515a219f97deb8575517eb04fc],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\mz, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\mz, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin, , [2f19386d7dfe83b32aa321a1887acd33],
Trojan.Agent.CR, C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp, , [dd6b584dc6b51e18b34d685c46bce917],

Files: 82
PUP.BitCoinMiner, C:\Windows\System32\lcpmncrwcku.exe, , [3414990c55269f97e82d100768993bc5],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\diablo130302.cl, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\diakgcn121016.cl, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\libcurl.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\libeay32.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\libidn-11.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\librtmp.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\libssh2.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\libusb-1.0.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\phatk121016.cl, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\poclbm130302.cl, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\scrypt130511.cl, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\ssleay32.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\zlib1.dll, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15b1.bit, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15d1.bit, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15d3.bit, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15d4.bin, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15d4.bit, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15y1.bin, , [341454515a219f97deb8575517eb04fc],
Trojan.Agent.BCM, C:\Windows\inf\mncnofunv\bitstreams\ztex_ufm1_15y1.bit, , [341454515a219f97deb8575517eb04fc],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\bg.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\mz\background.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\mz\content.js, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.SpeedTest.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, , [7bcd5f4694e73204804b319117eba060],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome.manifest, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\icon.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\install.rdf, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\background.html, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\bg.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.xml, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\config.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\content.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.xul, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.ico, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.png, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\options.xul, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\settings.json, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\mz\background.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\mz\content.js, , [2f19386d7dfe83b32aa321a1887acd33],
PUP.Optional.FreeGames.A, C:\Users\ROSTA\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin\framework.css, , [2f19386d7dfe83b32aa321a1887acd33],

Physical Sectors: 0
(No malicious items detected)

(end)

VIRY.CZ

Facebook - photo.ex

Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex

Re: Facebook - photo.ex