Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nakažen poslední verzí TeslaCryptu (přípony .vvv)

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#1 Příspěvek od mav3r!ck »

Zdravím, jeden z počítačů o které se přiležitostně starám byl předevčírem (8.12.) nakažen TeslaCryptem otevřením zazipované přílohy z mailu a asi spuštěním jejího obsahu. Mně to bylo řečeno až večer, když byly všechny soubory zašifrované a s příponou .vvv. Nainstaloval jsem tedy trialovou verzi antiviru od Kasperských, který našel Trojan-Ransom.Win32.Bitman.afe a odstranil ho. Pokud se dobře pamatuju, nebyly po odstranění viru ve složkách sdílených v síti na jiných počítačích soubory zašifrované, byly tam jen html s informací o placení útočníkovi. Říkal jsem si, že alespoň něco nestihl, ale možná si to pamatuju špatně. Protože mi dnes ráno (10.12.) volali, že právě nefunguje nějaký soubor ze sdílené složky na jednom z počítačů. Tak jsem vypnul počítač, který byl nakažen, protože jsem se bál, že šifruje soubory dál. Ale čas změny zašifrovaných souborů je z doby před odstraněním viru a od té doby soubory nikdo jiný nepouštěl, takže jsem se asi bál neprávem. Už včera (9.12.) jsem pustil stejný test i na ostatních počítačích a vše bylo čisté. Myslíte si, že můžu věřit Kasperským, že už není počítač nebezpečný a můžu ho nechat zapnout a připadně sem pak ještě hodit log?
Zde je docela podrobné info o viru:
http://www.bleepingcomputer.com/virus-r ... nformation
Dešifrování zdarma podle všeho zatím možné není. Myslíte, že má cenu čekat, jestli někdo přijde na způsob, jak to provést?
Jinak bych chtěl udělat bitovou kopii celého disku a pokusit se různými způsoby obnovit soubory - ze smazaných kopií, přes Obnovu systému, apod. Zaplatit jim by bylo určitě jednodušší řešení a pro dotyčnou osobu akceptovatelné, ale to bych nechal opravdu jako krajní možnost, abychom autory viru nepodporovali v jejich konání a nedávali jim prostředky na pokračování v jejich práci. Taky bych v tom případě chtěl nejdřív zkusit najít někoho, kdo zaplatil a klíč na dešifrování opravdu dostal.

Předem děkuji za jakékoliv rady.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#2 Příspěvek od Rudy »

Zdravím!
Dekryptování neprovádíme, to dělají naši kolegové: http://www.neslape.cz/?utm_campaign=nes ... ium=banner . PC je ale třeba vyčistit. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#3 Příspěvek od mav3r!ck »

Jasne, dekryptovani zatim neresim, jen se chci ujistit, ze neni pocitac hrozbou pro ostatni zarizeni v siti. Zde je log:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Jana (administrator) on JANE (11-12-2015 14:22:20)
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Jana)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TimoCom Soft- und Hardware GmbH) C:\TCCARGO\tccargo.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
(Mega Limited) C:\Users\Jana\AppData\Local\MEGAsync\MEGAsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [TC Login] => c:\tccargo\tccargo.exe [1215488 2011-06-20] (TimoCom Soft- und Hardware GmbH)
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [Acronis] => C:\Users\Jana\AppData\Roaming\kopmy-bc.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ntp.html [2015-12-08] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ntp.txt [2015-12-08] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.0.lnk [2013-06-08]
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2014-09-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Jana\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D3EC2BE4-15A7-4B7C-9C0F-B726CEC5CFAC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3905742735-3845636316-1598526865-1001 -> {F82F3C4D-213D-4262-ACD6-76B102968E8D} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5ECZ&gct=&itbv=12.7.0.15&apn_uid=3C626607-C857-4DD6-956E-123CC2B0730B&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=ie_10.0.9200.16537&doi=2014-01-23&trgb=IE&q={searchTerms}&psv=
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-07] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-07] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
IE Session Restore: HKU\S-1-5-21-3905742735-3845636316-1598526865-1001 -> is enabled.

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-08]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ochrana Kaspersky) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-12-09] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 14:22 - 2015-12-11 14:22 - 00015618 _____ C:\Users\Jana\Desktop\FRST.txt
2015-12-11 14:17 - 2015-12-11 14:21 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2015-12-11 14:16 - 2015-12-11 14:16 - 02369024 _____ (Farbar) C:\Users\Jana\Downloads\FRST64 (1).exe
2015-12-11 14:15 - 2015-12-11 14:22 - 00000000 ____D C:\FRST
2015-12-11 14:15 - 2015-12-11 14:15 - 02369024 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2015-12-09 13:11 - 2015-12-09 15:19 - 00118272 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015-1.xls
2015-12-09 07:24 - 2015-12-09 08:51 - 00002032 _____ C:\CoinVaultDecryptor.1.0.0.4_09.12.2015_07.24.08_log.txt
2015-12-09 07:23 - 2015-12-09 07:23 - 00000000 ____D C:\Users\Jana\Downloads\CoinVaultDecryptor
2015-12-09 07:19 - 2015-12-09 07:19 - 01218912 _____ C:\Users\Jana\Downloads\CoinVaultDecryptor.zip
2015-12-09 03:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 03:19 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 03:19 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 03:19 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 03:19 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 03:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 03:19 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 03:19 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 03:19 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 03:19 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 03:19 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 03:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 03:19 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 03:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 03:19 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 03:19 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 03:19 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 03:19 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 03:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 03:19 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 03:19 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 03:19 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 03:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 03:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 03:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 03:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 03:19 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 03:19 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 03:19 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 03:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 03:19 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 03:19 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 03:19 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 03:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 03:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 03:19 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 03:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 03:19 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 03:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 03:19 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 03:18 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 03:18 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 03:18 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 03:18 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 03:18 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 03:18 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 03:18 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 03:18 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 03:18 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 03:18 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 03:18 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 03:18 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 03:18 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 03:18 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 03:18 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 03:18 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 03:18 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 03:18 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 03:18 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 03:18 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 03:18 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 03:18 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 03:18 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 03:18 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 03:18 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 03:18 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 03:18 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 03:18 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 03:18 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 03:18 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 03:18 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 03:18 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 03:18 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 03:18 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 03:18 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 03:18 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 03:18 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 03:18 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 03:18 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 03:18 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 03:18 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 03:18 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 03:18 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 03:18 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 03:18 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 03:18 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 03:18 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 03:18 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 03:18 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 03:18 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 03:18 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 03:18 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 03:18 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\VDLL.DLL
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\SysWOW64\runouce.exe
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\RUNDL132.EXE
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\logo_1.exe
2015-12-09 00:48 - 2015-12-09 00:53 - 154422000 _____ C:\Users\Jana\Downloads\mwav (1).exe
2015-12-09 00:47 - 2015-12-09 00:52 - 154422000 _____ C:\Users\Jana\Downloads\mwav.exe
2015-12-09 00:42 - 2015-12-09 00:56 - 00000054 _____ C:\WINDOWS\Lic.xxx
2015-12-09 00:40 - 2015-12-09 00:40 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00350160 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-12-09 00:40 - 2015-12-09 00:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2015-12-09 00:40 - 2015-12-09 00:40 - 00001050 _____ C:\Users\Jana\Desktop\MWAVSCAN.lnk
2015-12-09 00:40 - 2015-12-09 00:40 - 00000000 ____D C:\ProgramData\MicroWorld
2015-12-08 22:16 - 2015-12-08 22:16 - 00002387 _____ C:\Users\Jana\Desktop\Safe Money.lnk
2015-12-08 22:11 - 2015-12-08 22:11 - 00002127 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-12-08 22:11 - 2015-12-08 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-12-08 22:10 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-12-08 22:09 - 2015-12-11 14:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-08 22:09 - 2015-12-08 22:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-08 22:08 - 2015-12-08 22:33 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-12-08 22:08 - 2015-12-08 22:33 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-12-08 22:01 - 2015-12-08 22:01 - 01732208 _____ (Kaspersky Lab) C:\Users\Jana\Downloads\kts16.0.0.614en_8207.exe
2015-12-08 21:43 - 2015-12-08 21:43 - 00000000 ____D C:\KVRT_Data
2015-12-08 19:59 - 2015-12-08 19:59 - 03452054 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.bmp
2015-12-08 19:59 - 2015-12-08 19:59 - 00009550 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.html
2015-12-08 19:59 - 2015-12-08 19:59 - 00002755 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.txt
2015-12-08 19:55 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\Desktop\how_recover+ntp.html
2015-12-08 19:55 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\Desktop\how_recover+ntp.txt
2015-12-08 18:26 - 2015-12-08 18:26 - 00009550 _____ C:\WINDOWS\Tasks\how_recover+ntp.html
2015-12-08 18:26 - 2015-12-08 18:26 - 00002755 _____ C:\WINDOWS\Tasks\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Public\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Public\Downloads\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\Downloads\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Public\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Public\Downloads\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\Downloads\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\LocalLow\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\LocalLow\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Local\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Local\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 18:01 - 00009550 _____ C:\ProgramData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 18:01 - 00002755 _____ C:\ProgramData\how_recover+ntp.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Jana\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\ProgramData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Jana\AppData\Local\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Local\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\ProgramData\how_recover+iuu.txt
2015-12-04 12:40 - 2015-12-08 18:25 - 00007182 _____ C:\Users\Jana\Desktop\ŘSD.xlsx.vvv
2015-12-02 11:06 - 2015-12-08 18:01 - 00000000 ____D C:\test
2015-11-27 12:49 - 2015-12-07 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-27 11:28 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Software602
2015-11-27 11:27 - 2015-11-27 11:27 - 00000000 ____D C:\Program Files\Software602
2015-11-27 11:26 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\602XML
2015-11-27 11:26 - 2015-06-18 10:10 - 01753584 _____ C:\WINDOWS\system32\602convert.dll
2015-11-27 11:26 - 2014-02-05 14:51 - 00036864 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localmon.dll
2015-11-27 11:26 - 2014-02-05 14:51 - 00022528 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localui.dll
2015-11-27 11:26 - 2011-01-18 13:49 - 04940800 _____ (NiXPS NV) C:\WINDOWS\system32\NiXPS.dll
2015-11-27 11:25 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\602Installer
2015-11-27 11:25 - 2015-11-27 11:25 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software602 Form Filler.lnk
2015-11-27 11:25 - 2015-11-27 11:25 - 00001127 _____ C:\Users\Public\Desktop\Software602 Form Filler.lnk
2015-11-27 11:25 - 2015-11-27 11:25 - 00000000 ____D C:\Program Files (x86)\Software602
2015-11-26 12:23 - 2015-12-08 18:23 - 00066478 _____ C:\Users\Jana\Desktop\KS.doc.vvv
2015-11-20 09:40 - 2015-12-08 18:22 - 00116654 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015-1.xls.vvv
2015-11-19 13:02 - 2015-12-08 18:22 - 00109486 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015.xls.vvv
2015-11-13 09:43 - 2015-12-08 18:22 - 00008862 _____ C:\Users\Jana\Desktop\Bufet teplý a studený.xlsx.vvv
2015-11-11 13:34 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 13:34 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 13:34 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 13:34 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 13:34 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 13:34 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 13:34 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 13:34 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 13:34 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 13:34 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 13:34 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 13:34 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 13:34 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 13:34 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 13:34 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 13:34 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 13:33 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 13:33 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 13:33 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 13:33 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 13:33 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 13:33 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 13:33 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 13:33 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 13:33 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-11 13:32 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 13:32 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 13:32 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 13:32 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 13:32 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 13:32 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 13:32 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 14:15 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-11 14:13 - 2013-06-08 16:47 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3905742735-3845636316-1598526865-1001
2015-12-11 14:12 - 2014-06-28 19:46 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A25D68E8-C294-490C-BCE9-E8D7344A736C}
2015-12-11 14:08 - 2013-06-08 16:49 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 13:58 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 13:58 - 2013-08-22 15:44 - 00388880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 13:58 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-10 10:25 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-10 09:30 - 2013-06-08 16:49 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 08:37 - 2013-06-08 16:49 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-09 07:38 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 00:43 - 2013-08-22 14:25 - 00000469 _____ C:\WINDOWS\win.ini
2015-12-08 22:38 - 2013-06-08 16:49 - 00000000 ____D C:\Users\Jana\AppData\Local\Google
2015-12-08 22:33 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-12-08 22:33 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-12-08 22:32 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-12-08 22:11 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-08 22:09 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-08 22:09 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2015-12-08 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-12-08 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-12-08 18:25 - 2015-10-21 09:23 - 00025470 _____ C:\Users\Jana\Desktop\Pojištění - sumarizace nabídek-4 - kopie.xlsx.vvv
2015-12-08 18:25 - 2015-09-11 14:30 - 00557838 _____ C:\Users\Jana\Desktop\SKM_C224e15091113520.pdf.vvv
2015-12-08 18:25 - 2015-09-02 10:03 - 00317310 _____ C:\Users\Jana\Desktop\SKM_C224e15090209560.pdf.vvv
2015-12-08 18:25 - 2015-08-25 22:48 - 00001150 _____ C:\Users\Public\nlooud.cer.vvv
2015-12-08 18:25 - 2015-08-25 21:33 - 00001614 _____ C:\Users\Public\ca.crt.vvv
2015-12-08 18:25 - 2015-07-17 12:24 - 00000000 ____D C:\Users\Jana\Desktop\zídky ploty
2015-12-08 18:25 - 2015-06-11 07:59 - 00000000 ____D C:\Users\Public\Podpisy
2015-12-08 18:25 - 2015-06-11 07:59 - 00000000 ____D C:\Users\Public\Logo
2015-12-08 18:25 - 2014-07-14 19:44 - 00340030 _____ C:\Users\Jana\Downloads\chybejici+DLL.docx.vvv
2015-12-08 18:25 - 2014-06-28 18:54 - 00000000 __SHD C:\Users\Jana\IntelGraphicsProfiles
2015-12-08 18:25 - 2014-06-28 17:17 - 00000000 ____D C:\Users\Jana
2015-12-08 18:25 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-08 18:25 - 2013-06-11 11:44 - 00000000 ____D C:\Users\Jana\kbpki
2015-12-08 18:25 - 2013-06-09 19:59 - 00000000 ____D C:\Users\Public\Install
2015-12-08 18:25 - 2013-06-09 19:11 - 00000000 ___HD C:\Users\Jana\InstallAnywhere
2015-12-08 18:25 - 2013-04-11 22:55 - 00000878 _____ C:\Users\Public\nastavení.txt.vvv
2015-12-08 18:25 - 2013-03-19 12:29 - 37767806 _____ C:\Users\Jana\Downloads\Ukázka projektu v programu AutoCad.zip.vvv
2015-12-08 18:25 - 2013-03-19 12:29 - 05277726 _____ C:\Users\Jana\Downloads\Ukázka projektu v programu Sadovnická projekce.zip.vvv
2015-12-08 18:25 - 2013-03-15 12:52 - 00093886 _____ C:\Users\Jana\Downloads\protokol_o_vydani.pdf.vvv
2015-12-08 18:25 - 2013-01-31 13:00 - 00051630 _____ C:\Users\Jana\Downloads\FU_UZP_Seznam.xls.vvv
2015-12-08 18:25 - 2013-01-28 13:26 - 00953054 _____ C:\Users\Jana\Downloads\Technische-Daten-Deluxe013-Inku.zip.vvv
2015-12-08 18:25 - 2012-12-27 14:56 - 00044462 _____ C:\Users\Jana\Downloads\Jindřich Hanzal-Životopis..doc.vvv
2015-12-08 18:25 - 2012-12-27 14:56 - 00044462 _____ C:\Users\Jana\Downloads\Jindřich Hanzal-Životopis. (1).doc.vvv
2015-12-08 18:25 - 2012-12-17 11:03 - 00016862 _____ C:\Users\Jana\Downloads\914456_zivotopis_Jan_Sloup_docx.docx.vvv
2015-12-08 18:25 - 2012-01-24 12:43 - 00000000 ____D C:\Users\Jana\Desktop\NOKIA E75
2015-12-08 18:25 - 2011-07-04 21:22 - 00000000 ____D C:\Users\Public\El. pruvodce
2015-12-08 18:25 - 2011-06-13 15:26 - 00000000 ____D C:\Users\Public\Školení_Helios
2015-12-08 18:25 - 2009-08-31 14:09 - 00001998 _____ C:\Users\Jana\Desktop\postsignum_qca_root.cer.vvv
2015-12-08 18:25 - 2009-07-22 08:28 - 00187310 _____ C:\Users\Jana\reklamace dopravy Fiter.doc.vvv
2015-12-08 18:25 - 2009-07-20 09:24 - 00067502 _____ C:\Users\Jana\návrh smlouvy expedis.doc.vvv
2015-12-08 18:25 - 2008-05-26 11:02 - 00000000 ____D C:\Users\Jana\Desktop\SKENNER
2015-12-08 18:23 - 2015-10-20 13:37 - 00006190 _____ C:\Users\Jana\Desktop\HVP.xlsx.vvv
2015-12-08 18:23 - 2015-09-14 14:37 - 00034638 _____ C:\Users\Jana\Desktop\KÚ Krásný Studenec.pdf.vvv
2015-12-08 18:23 - 2015-08-24 14:46 - 00000000 ____D C:\Users\Jana\Desktop\mobil
2015-12-08 18:23 - 2015-08-24 14:34 - 00000000 ____D C:\Users\Jana\Desktop\fotky mobil
2015-12-08 18:23 - 2014-02-20 16:31 - 00081838 _____ C:\Users\Jana\Desktop\Helios pokladna kč 2012.xls.vvv
2015-12-08 18:23 - 2013-07-08 16:31 - 00166190 _____ C:\Users\Jana\Desktop\KONE 2013 (Automaticky uloženo).xlsx.vvv
2015-12-08 18:23 - 2012-07-13 15:02 - 00000000 ____D C:\Users\Jana\Desktop\Fotky-Lukýsek
2015-12-08 18:23 - 2012-02-21 20:12 - 00000000 ____D C:\Users\Jana\Desktop\KONE
2015-12-08 18:22 - 2015-10-30 13:01 - 00031150 _____ C:\Users\Jana\Desktop\dohoda o rezervaci nemovitosti.doc.vvv
2015-12-08 18:22 - 2015-10-09 08:52 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Sun
2015-12-08 18:22 - 2015-10-09 08:51 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Oracle
2015-12-08 18:22 - 2015-07-20 10:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Neos Eureka S.r.l
2015-12-08 18:22 - 2015-04-06 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-12-08 18:22 - 2015-04-06 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\GHISLER
2015-12-08 18:22 - 2014-11-12 14:19 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieBrowserModeList
2015-12-08 18:22 - 2014-09-19 12:04 - 00299982 _____ C:\Users\Jana\Desktop\Děčín Krásný Studenec RD Mayerovi.pdf.vvv
2015-12-08 18:22 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieUserList
2015-12-08 18:22 - 2014-06-28 19:45 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieSiteList
2015-12-08 18:22 - 2014-04-24 10:38 - 00000000 ____D C:\Users\Jana\AppData\Roaming\TeamViewer
2015-12-08 18:22 - 2014-01-26 22:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-08 18:22 - 2014-01-14 11:25 - 00000000 ___HD C:\Users\Jana\AppData\Roaming\DE48626E
2015-12-08 18:22 - 2013-12-12 16:59 - 00012718 _____ C:\Users\Jana\Desktop\DOO.xls.vvv
2015-12-08 18:22 - 2013-12-10 11:38 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\ntr
2015-12-08 18:22 - 2013-10-02 13:21 - 00000000 ____D C:\Users\Jana\AppData\Roaming\EurekaLab s.a.s
2015-12-08 18:22 - 2013-06-19 10:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Samsung
2015-12-08 18:22 - 2013-06-17 10:30 - 00000000 ____D C:\Users\Jana\AppData\Roaming\pdfforge
2015-12-08 18:22 - 2013-06-17 10:20 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Temp
2015-12-08 18:22 - 2013-06-13 13:15 - 00000000 ____D C:\Users\Jana\AppData\Roaming\WinRAR
2015-12-08 18:22 - 2013-06-13 13:15 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:22 - 2013-06-13 12:44 - 00000000 ____D C:\Users\Jana\AppData\Roaming\NAPS2
2015-12-08 18:22 - 2013-06-13 12:10 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Canon
2015-12-08 18:22 - 2013-06-09 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\IsolatedStorage
2015-12-08 18:22 - 2013-06-09 22:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Encryptomatic, LLC
2015-12-08 18:22 - 2013-06-09 21:42 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TimoCom
2015-12-08 18:22 - 2013-06-09 21:40 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Transporeon
2015-12-08 18:22 - 2013-06-09 21:40 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Transporeon
2015-12-08 18:22 - 2013-06-09 20:09 - 00000000 ____D C:\Users\Jana\AppData\Roaming\vlc
2015-12-08 18:22 - 2013-06-09 20:08 - 00000000 ____D C:\Users\Jana\AppData\Roaming\XnView
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Thunderbird
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Mozilla
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Local\Thunderbird
2015-12-08 18:22 - 2013-06-08 17:48 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Adobe
2015-12-08 18:22 - 2013-06-08 17:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\LibreOffice
2015-12-08 18:22 - 2013-06-08 17:27 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Sun
2015-12-08 18:22 - 2013-06-08 17:20 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Macromedia
2015-12-08 18:22 - 2013-06-08 17:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Intel Corporation
2015-12-08 18:22 - 2013-06-08 16:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\InstallShield
2015-12-08 18:22 - 2013-06-08 16:42 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Adobe
2015-12-08 18:22 - 2013-06-08 16:41 - 00000000 ____D C:\Users\Jana\AppData\Local\VirtualStore
2015-12-08 18:22 - 2011-01-04 23:51 - 00000000 ____D C:\Users\Jana\Desktop\Datová schránka
2015-12-08 18:20 - 2015-04-13 21:26 - 00000000 ____D C:\Users\Jana\AppData\Local\TeamViewer
2015-12-08 18:20 - 2013-07-06 14:46 - 00000000 ____D C:\Users\Jana\AppData\Local\ORPALIS
2015-12-08 18:20 - 2013-06-24 13:13 - 00000000 ____D C:\Users\Jana\AppData\Local\RBuilder
2015-12-08 18:20 - 2013-06-19 10:13 - 00000000 ____D C:\Users\Jana\AppData\Local\Samsung
2015-12-08 18:20 - 2013-06-08 16:41 - 00000000 ____D C:\Users\Jana\AppData\Local\Packages
2015-12-08 18:01 - 2015-10-09 08:52 - 00000000 ____D C:\Users\Jana\.oracle_jre_usage
2015-12-08 18:01 - 2015-06-13 18:30 - 00000000 ____D C:\Users\Jana\AppData\Local\GWX
2015-12-08 18:01 - 2015-01-12 14:19 - 00000000 ____D C:\Users\Jana\AppData\Local\KONICA MINOLTA
2015-12-08 18:01 - 2014-11-12 14:19 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieBrowserModeList
2015-12-08 18:01 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieUserList
2015-12-08 18:01 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieSiteList
2015-12-08 18:01 - 2014-01-31 10:26 - 00000000 ____D C:\Users\Jana\AppData\Local\GForceCmp
2015-12-08 18:01 - 2014-01-26 22:41 - 00000000 ____D C:\Users\Jana\AppData\Local\Mega Limited
2015-12-08 18:01 - 2014-01-26 22:34 - 00000000 ____D C:\Users\Jana\AppData\Local\MEGAsync
2015-12-08 18:01 - 2014-01-23 13:43 - 00000000 ____D C:\ProgramData\APN
2015-12-08 18:01 - 2013-12-10 11:47 - 00000000 ____D C:\Users\Jana\AppData\Local\join.me
2015-12-08 18:01 - 2013-11-09 23:39 - 00000000 ____D C:\ProgramData\Oracle
2015-12-08 18:01 - 2013-06-27 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2015-12-08 18:01 - 2013-06-19 10:11 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations
2015-12-08 18:01 - 2013-06-19 10:11 - 00000000 ____D C:\ProgramData\Samsung
2015-12-08 18:01 - 2013-06-09 22:39 - 00000000 ____D C:\Users\Jana\AppData\Local\Encryptomatic,_LLC
2015-12-08 18:01 - 2013-06-09 22:12 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-12-08 18:01 - 2013-06-09 21:42 - 00000000 ____D C:\TCCARGO
2015-12-08 18:01 - 2013-06-09 21:08 - 00000000 ____D C:\LMSS
2015-12-08 18:01 - 2013-06-08 22:30 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn
2015-12-08 18:01 - 2013-06-08 22:30 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-08 18:01 - 2013-06-08 17:54 - 00000000 ____D C:\Users\Jana\AppData\Local\Apps\2.0
2015-12-08 18:01 - 2013-06-08 17:48 - 00000000 ____D C:\ProgramData\Adobe
2015-12-08 18:01 - 2013-06-08 17:47 - 00000000 ____D C:\Users\Jana\AppData\Local\Adobe
2015-12-08 18:01 - 2013-06-08 17:31 - 00000000 ____D C:\ProgramData\Sun
2015-12-08 18:01 - 2013-06-08 17:12 - 00000000 ____D C:\ProgramData\Intel
2015-12-08 18:01 - 2013-06-08 16:45 - 00000000 ____D C:\Intel
2015-12-08 18:01 - 2013-06-08 16:41 - 00000000 ____D C:\ProgramData\PRICache
2015-12-08 18:01 - 2009-10-16 14:32 - 00000000 ____D C:\Asped backup
2015-12-08 18:01 - 2007-09-27 07:40 - 00000000 ____D C:\KBcertifikat
2015-12-08 17:59 - 2013-06-27 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-08 00:40 - 2014-01-21 23:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-07 09:20 - 2014-11-11 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-07 09:20 - 2013-11-09 23:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-07 09:19 - 2014-11-11 22:07 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-06 12:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-02 11:02 - 2013-04-07 22:34 - 00001585 _____ C:\Users\Jana\Desktop\Helios Orange.lnk
2015-12-01 18:19 - 2015-04-18 10:28 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2015-04-18 10:28 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 07:25 - 2013-06-08 16:49 - 00003938 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-30 07:25 - 2013-06-08 16:49 - 00003702 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-14 14:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 14:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 05:21 - 2014-01-22 19:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 05:18 - 2013-06-08 18:05 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-12-08 18:22 - 2015-12-08 19:55 - 0009550 _____ () C:\Users\Jana\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 0002755 _____ () C:\Users\Jana\AppData\Roaming\how_recover+ntp.txt
2014-01-31 10:27 - 2014-01-31 10:27 - 0000095 _____ () C:\Users\Jana\AppData\Local\GForces4822.hlp
2015-12-08 17:56 - 2015-12-08 17:56 - 0009550 _____ () C:\Users\Jana\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 0002755 _____ () C:\Users\Jana\AppData\Local\how_recover+iuu.txt
2015-12-08 18:01 - 2015-12-08 19:55 - 0009550 _____ () C:\Users\Jana\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:55 - 0002755 _____ () C:\Users\Jana\AppData\Local\how_recover+ntp.txt
2013-06-19 16:42 - 2013-06-19 17:21 - 0007606 _____ () C:\Users\Jana\AppData\Local\resmon.resmoncfg
2015-12-08 17:56 - 2015-12-08 17:56 - 0009550 _____ () C:\ProgramData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 0002755 _____ () C:\ProgramData\how_recover+iuu.txt
2015-12-08 18:01 - 2015-12-08 18:01 - 0009550 _____ () C:\ProgramData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 18:01 - 0002755 _____ () C:\ProgramData\how_recover+ntp.txt

Some files in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avcuf32.dll
C:\Users\Jana\AppData\Local\Temp\avcuf64.dll
C:\Users\Jana\AppData\Local\Temp\avxdisk.dll
C:\Users\Jana\AppData\Local\Temp\bdc.exe
C:\Users\Jana\AppData\Local\Temp\bdcore.dll
C:\Users\Jana\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\Jana\AppData\Local\Temp\bdnimbus32.dll
C:\Users\Jana\AppData\Local\Temp\bdnimbus64.dll
C:\Users\Jana\AppData\Local\Temp\bdupdateservice.dll
C:\Users\Jana\AppData\Local\Temp\DEVCON.EXE
C:\Users\Jana\AppData\Local\Temp\eEmpty.exe
C:\Users\Jana\AppData\Local\Temp\encdec.dll
C:\Users\Jana\AppData\Local\Temp\esupdate.exe
C:\Users\Jana\AppData\Local\Temp\FSSync.dll
C:\Users\Jana\AppData\Local\Temp\Getvlist.exe
C:\Users\Jana\AppData\Local\Temp\ikave.dll
C:\Users\Jana\AppData\Local\Temp\ipc.dll
C:\Users\Jana\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\kave.dll
C:\Users\Jana\AppData\Local\Temp\kavvlg.dll
C:\Users\Jana\AppData\Local\Temp\msvclnt.dll
C:\Users\Jana\AppData\Local\Temp\msvcp80.dll
C:\Users\Jana\AppData\Local\Temp\msvcp90.dll
C:\Users\Jana\AppData\Local\Temp\msvcr80.dll
C:\Users\Jana\AppData\Local\Temp\msvcr90.dll
C:\Users\Jana\AppData\Local\Temp\msvl64.dll
C:\Users\Jana\AppData\Local\Temp\msvlclnt.dll
C:\Users\Jana\AppData\Local\Temp\mwavdwnl.exe
C:\Users\Jana\AppData\Local\Temp\MWAVL.exe
C:\Users\Jana\AppData\Local\Temp\mwavscan.exe
C:\Users\Jana\AppData\Local\Temp\mwunzip.dll
C:\Users\Jana\AppData\Local\Temp\prLoader.dll
C:\Users\Jana\AppData\Local\Temp\red32.dll
C:\Users\Jana\AppData\Local\Temp\Reload.exe
C:\Users\Jana\AppData\Local\Temp\scan.dll
C:\Users\Jana\AppData\Local\Temp\ScanningProcess.exe
C:\Users\Jana\AppData\Local\Temp\setpriv.exe
C:\Users\Jana\AppData\Local\Temp\test2.exe
C:\Users\Jana\AppData\Local\Temp\trufos.dll
C:\Users\Jana\AppData\Local\Temp\unregx.exe
C:\Users\Jana\AppData\Local\Temp\UPDLL10.DLL
C:\Users\Jana\AppData\Local\Temp\viewtcp.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 979 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
Přílohy
Addition.zip
(3.25 KiB) Staženo 55 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#4 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#5 Příspěvek od mav3r!ck »

# AdwCleaner v5.024 - Logfile created 11/12/2015 at 18:59:13
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jana - JANE
# Running from : C:\Users\Jana\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****

[-] File Deleted : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TC Login]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F82F3C4D-213D-4262-ACD6-76B102968E8D}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2157 bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#6 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#7 Příspěvek od mav3r!ck »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Jana (administrator) on JANE (11-12-2015 21:45:15)
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Jana)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
(Mega Limited) C:\Users\Jana\AppData\Local\MEGAsync\MEGAsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\...\Run: [Acronis] => C:\Users\Jana\AppData\Roaming\kopmy-bc.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX64.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jana\AppData\Local\MEGAsync\ShellExtX32.dll [2014-09-17] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ntp.html [2015-12-08] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ntp.txt [2015-12-08] ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.0.lnk [2013-06-08]
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe ()
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2014-09-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Jana\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D3EC2BE4-15A7-4B7C-9C0F-B726CEC5CFAC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3905742735-3845636316-1598526865-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-07] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-07] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-08] (AO Kaspersky Lab)
IE Session Restore: HKU\S-1-5-21-3905742735-3845636316-1598526865-1001 -> is enabled.

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ochrana Kaspersky) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-08] (Kaspersky Lab ZAO)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-08] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-12-09] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 21:44 - 2015-12-11 21:44 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2015-12-11 19:05 - 2015-12-11 19:05 - 01738240 _____ C:\Users\Jana\Downloads\adwcleaner_5.024.exe
2015-12-11 18:57 - 2015-12-11 18:59 - 00000000 ____D C:\AdwCleaner
2015-12-11 18:56 - 2015-12-11 18:56 - 01738240 _____ C:\Users\Jana\Desktop\adwcleaner_5.024.exe
2015-12-11 14:27 - 2015-12-11 14:27 - 00003325 _____ C:\Users\Jana\Desktop\Addition.zip
2015-12-11 14:22 - 2015-12-11 21:45 - 00014913 _____ C:\Users\Jana\Desktop\FRST.txt
2015-12-11 14:16 - 2015-12-11 14:16 - 02369024 _____ (Farbar) C:\Users\Jana\Downloads\FRST64 (1).exe
2015-12-11 14:15 - 2015-12-11 21:45 - 00000000 ____D C:\FRST
2015-12-11 14:15 - 2015-12-11 14:15 - 02369024 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2015-12-09 13:11 - 2015-12-09 15:19 - 00118272 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015-1.xls
2015-12-09 07:24 - 2015-12-09 08:51 - 00002032 _____ C:\CoinVaultDecryptor.1.0.0.4_09.12.2015_07.24.08_log.txt
2015-12-09 07:23 - 2015-12-09 07:23 - 00000000 ____D C:\Users\Jana\Downloads\CoinVaultDecryptor
2015-12-09 07:19 - 2015-12-09 07:19 - 01218912 _____ C:\Users\Jana\Downloads\CoinVaultDecryptor.zip
2015-12-09 03:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 03:19 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 03:19 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-09 03:19 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-09 03:19 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 03:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-09 03:19 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 03:19 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-09 03:19 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 03:19 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 03:19 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-09 03:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 03:19 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-09 03:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-09 03:19 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-09 03:19 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-09 03:19 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-09 03:19 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-09 03:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-09 03:19 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-09 03:19 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-09 03:19 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 03:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 03:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 03:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 03:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-09 03:19 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-09 03:19 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-09 03:19 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-09 03:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-09 03:19 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-09 03:19 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-09 03:19 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-09 03:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 03:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-09 03:19 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-09 03:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-09 03:19 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-09 03:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-09 03:19 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 03:18 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-09 03:18 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 03:18 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-09 03:18 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-09 03:18 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-09 03:18 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-09 03:18 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 03:18 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-09 03:18 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-09 03:18 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 03:18 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 03:18 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 03:18 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 03:18 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-09 03:18 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-09 03:18 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-09 03:18 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-09 03:18 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-09 03:18 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-09 03:18 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-09 03:18 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-09 03:18 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-09 03:18 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-09 03:18 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-09 03:18 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-09 03:18 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-09 03:18 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 03:18 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 03:18 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-09 03:18 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-09 03:18 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 03:18 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-09 03:18 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 03:18 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 03:18 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 03:18 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 03:18 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 03:18 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 03:18 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 03:18 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-09 03:18 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 03:18 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-09 03:18 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 03:18 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 03:18 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 03:18 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-09 03:18 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-09 03:18 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-09 03:18 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-09 03:18 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-09 03:18 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-09 03:18 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-09 03:18 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-09 03:18 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 03:18 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-09 03:18 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\VDLL.DLL
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\SysWOW64\runouce.exe
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\RUNDL132.EXE
2015-12-09 00:58 - 2015-12-09 00:58 - 00000000 ____D C:\WINDOWS\logo_1.exe
2015-12-09 00:48 - 2015-12-09 00:53 - 154422000 _____ C:\Users\Jana\Downloads\mwav (1).exe
2015-12-09 00:47 - 2015-12-09 00:52 - 154422000 _____ C:\Users\Jana\Downloads\mwav.exe
2015-12-09 00:42 - 2015-12-09 00:56 - 00000054 _____ C:\WINDOWS\Lic.xxx
2015-12-09 00:40 - 2015-12-09 00:40 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2015-12-09 00:40 - 2015-12-09 00:40 - 00350160 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-12-09 00:40 - 2015-12-09 00:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2015-12-09 00:40 - 2015-12-09 00:40 - 00001050 _____ C:\Users\Jana\Desktop\MWAVSCAN.lnk
2015-12-09 00:40 - 2015-12-09 00:40 - 00000000 ____D C:\ProgramData\MicroWorld
2015-12-08 22:16 - 2015-12-08 22:16 - 00002387 _____ C:\Users\Jana\Desktop\Safe Money.lnk
2015-12-08 22:11 - 2015-12-08 22:11 - 00002127 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-12-08 22:11 - 2015-12-08 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-12-08 22:10 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-12-08 22:09 - 2015-12-11 21:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-08 22:09 - 2015-12-08 22:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-08 22:08 - 2015-12-08 22:33 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-12-08 22:08 - 2015-12-08 22:33 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-12-08 22:01 - 2015-12-08 22:01 - 01732208 _____ (Kaspersky Lab) C:\Users\Jana\Downloads\kts16.0.0.614en_8207.exe
2015-12-08 21:43 - 2015-12-08 21:43 - 00000000 ____D C:\KVRT_Data
2015-12-08 19:59 - 2015-12-08 19:59 - 03452054 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.bmp
2015-12-08 19:59 - 2015-12-08 19:59 - 00009550 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.html
2015-12-08 19:59 - 2015-12-08 19:59 - 00002755 _____ C:\Users\Jana\Desktop\Howto_RESTORE_FILES.txt
2015-12-08 19:55 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\Desktop\how_recover+ntp.html
2015-12-08 19:55 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\Desktop\how_recover+ntp.txt
2015-12-08 18:26 - 2015-12-08 18:26 - 00009550 _____ C:\WINDOWS\Tasks\how_recover+ntp.html
2015-12-08 18:26 - 2015-12-08 18:26 - 00002755 _____ C:\WINDOWS\Tasks\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Public\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Public\Downloads\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\Downloads\how_recover+ntp.html
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Public\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Public\Downloads\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\how_recover+ntp.txt
2015-12-08 18:25 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\Downloads\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\LocalLow\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Roaming\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\LocalLow\how_recover+ntp.txt
2015-12-08 18:22 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:55 - 00009550 _____ C:\Users\Jana\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:55 - 00002755 _____ C:\Users\Jana\AppData\Local\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00009550 _____ C:\Users\Default.migrated\AppData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\Local\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 19:53 - 00002755 _____ C:\Users\Default.migrated\AppData\how_recover+ntp.txt
2015-12-08 18:01 - 2015-12-08 18:01 - 00009550 _____ C:\ProgramData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 18:01 - 00002755 _____ C:\ProgramData\how_recover+ntp.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Jana\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\Users\Default.migrated\AppData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00009550 _____ C:\ProgramData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Jana\AppData\Local\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Jana\AppData\Local\Apps\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Roaming\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\Local\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\Users\Default.migrated\AppData\how_recover+iuu.txt
2015-12-08 17:56 - 2015-12-08 17:56 - 00002755 _____ C:\ProgramData\how_recover+iuu.txt
2015-12-04 12:40 - 2015-12-08 18:25 - 00007182 _____ C:\Users\Jana\Desktop\ŘSD.xlsx.vvv
2015-12-02 11:06 - 2015-12-08 18:01 - 00000000 ____D C:\test
2015-11-27 12:49 - 2015-12-07 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-27 11:28 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Software602
2015-11-27 11:27 - 2015-11-27 11:27 - 00000000 ____D C:\Program Files\Software602
2015-11-27 11:26 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\602XML
2015-11-27 11:26 - 2015-06-18 10:10 - 01753584 _____ C:\WINDOWS\system32\602convert.dll
2015-11-27 11:26 - 2014-02-05 14:51 - 00036864 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localmon.dll
2015-11-27 11:26 - 2014-02-05 14:51 - 00022528 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\602localui.dll
2015-11-27 11:26 - 2011-01-18 13:49 - 04940800 _____ (NiXPS NV) C:\WINDOWS\system32\NiXPS.dll
2015-11-27 11:25 - 2015-12-08 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\602Installer
2015-11-27 11:25 - 2015-11-27 11:25 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software602 Form Filler.lnk
2015-11-27 11:25 - 2015-11-27 11:25 - 00001127 _____ C:\Users\Public\Desktop\Software602 Form Filler.lnk
2015-11-27 11:25 - 2015-11-27 11:25 - 00000000 ____D C:\Program Files (x86)\Software602
2015-11-26 12:23 - 2015-12-08 18:23 - 00066478 _____ C:\Users\Jana\Desktop\KS.doc.vvv
2015-11-20 09:40 - 2015-12-08 18:22 - 00116654 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015-1.xls.vvv
2015-11-19 13:02 - 2015-12-08 18:22 - 00109486 _____ C:\Users\Jana\Desktop\3b Tiskopis 2015.xls.vvv
2015-11-13 09:43 - 2015-12-08 18:22 - 00008862 _____ C:\Users\Jana\Desktop\Bufet teplý a studený.xlsx.vvv
2015-11-11 13:34 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 13:34 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 13:34 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 13:34 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 13:34 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 13:34 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 13:34 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 13:34 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 13:34 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 13:34 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 13:34 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 13:34 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 13:34 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 13:34 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 13:34 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 13:34 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 13:34 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 13:33 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 13:33 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 13:33 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 13:33 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 13:33 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 13:33 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 13:33 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 13:33 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 13:33 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-11 13:32 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 13:32 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 13:32 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 13:32 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 13:32 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 13:32 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 13:32 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 21:30 - 2013-06-08 16:49 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 20:37 - 2014-06-28 19:46 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A25D68E8-C294-490C-BCE9-E8D7344A736C}
2015-12-11 19:02 - 2013-06-08 16:49 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 19:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 15:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 14:46 - 2013-06-08 16:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3905742735-3845636316-1598526865-1001
2015-12-11 14:23 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-11 13:58 - 2013-08-22 15:44 - 00388880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 13:58 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-10 10:25 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-10 08:37 - 2013-06-08 16:49 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-09 07:38 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 00:43 - 2013-08-22 14:25 - 00000469 _____ C:\WINDOWS\win.ini
2015-12-08 22:38 - 2013-06-08 16:49 - 00000000 ____D C:\Users\Jana\AppData\Local\Google
2015-12-08 22:33 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-12-08 22:33 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-12-08 22:32 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-12-08 22:11 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-08 22:09 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-08 22:09 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2015-12-08 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-12-08 18:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-12-08 18:25 - 2015-10-21 09:23 - 00025470 _____ C:\Users\Jana\Desktop\Pojištění - sumarizace nabídek-4 - kopie.xlsx.vvv
2015-12-08 18:25 - 2015-09-11 14:30 - 00557838 _____ C:\Users\Jana\Desktop\SKM_C224e15091113520.pdf.vvv
2015-12-08 18:25 - 2015-09-02 10:03 - 00317310 _____ C:\Users\Jana\Desktop\SKM_C224e15090209560.pdf.vvv
2015-12-08 18:25 - 2015-08-25 22:48 - 00001150 _____ C:\Users\Public\nlooud.cer.vvv
2015-12-08 18:25 - 2015-08-25 21:33 - 00001614 _____ C:\Users\Public\ca.crt.vvv
2015-12-08 18:25 - 2015-07-17 12:24 - 00000000 ____D C:\Users\Jana\Desktop\zídky ploty
2015-12-08 18:25 - 2015-06-11 07:59 - 00000000 ____D C:\Users\Public\Podpisy
2015-12-08 18:25 - 2015-06-11 07:59 - 00000000 ____D C:\Users\Public\Logo
2015-12-08 18:25 - 2014-07-14 19:44 - 00340030 _____ C:\Users\Jana\Downloads\chybejici+DLL.docx.vvv
2015-12-08 18:25 - 2014-06-28 18:54 - 00000000 __SHD C:\Users\Jana\IntelGraphicsProfiles
2015-12-08 18:25 - 2014-06-28 17:17 - 00000000 ____D C:\Users\Jana
2015-12-08 18:25 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-08 18:25 - 2013-06-11 11:44 - 00000000 ____D C:\Users\Jana\kbpki
2015-12-08 18:25 - 2013-06-09 19:59 - 00000000 ____D C:\Users\Public\Install
2015-12-08 18:25 - 2013-06-09 19:11 - 00000000 ___HD C:\Users\Jana\InstallAnywhere
2015-12-08 18:25 - 2013-04-11 22:55 - 00000878 _____ C:\Users\Public\nastavení.txt.vvv
2015-12-08 18:25 - 2013-03-19 12:29 - 37767806 _____ C:\Users\Jana\Downloads\Ukázka projektu v programu AutoCad.zip.vvv
2015-12-08 18:25 - 2013-03-19 12:29 - 05277726 _____ C:\Users\Jana\Downloads\Ukázka projektu v programu Sadovnická projekce.zip.vvv
2015-12-08 18:25 - 2013-03-15 12:52 - 00093886 _____ C:\Users\Jana\Downloads\protokol_o_vydani.pdf.vvv
2015-12-08 18:25 - 2013-01-31 13:00 - 00051630 _____ C:\Users\Jana\Downloads\FU_UZP_Seznam.xls.vvv
2015-12-08 18:25 - 2013-01-28 13:26 - 00953054 _____ C:\Users\Jana\Downloads\Technische-Daten-Deluxe013-Inku.zip.vvv
2015-12-08 18:25 - 2012-12-27 14:56 - 00044462 _____ C:\Users\Jana\Downloads\Jindřich Hanzal-Životopis..doc.vvv
2015-12-08 18:25 - 2012-12-27 14:56 - 00044462 _____ C:\Users\Jana\Downloads\Jindřich Hanzal-Životopis. (1).doc.vvv
2015-12-08 18:25 - 2012-12-17 11:03 - 00016862 _____ C:\Users\Jana\Downloads\914456_zivotopis_Jan_Sloup_docx.docx.vvv
2015-12-08 18:25 - 2012-01-24 12:43 - 00000000 ____D C:\Users\Jana\Desktop\NOKIA E75
2015-12-08 18:25 - 2011-07-04 21:22 - 00000000 ____D C:\Users\Public\El. pruvodce
2015-12-08 18:25 - 2011-06-13 15:26 - 00000000 ____D C:\Users\Public\Školení_Helios
2015-12-08 18:25 - 2009-08-31 14:09 - 00001998 _____ C:\Users\Jana\Desktop\postsignum_qca_root.cer.vvv
2015-12-08 18:25 - 2009-07-22 08:28 - 00187310 _____ C:\Users\Jana\reklamace dopravy Fiter.doc.vvv
2015-12-08 18:25 - 2009-07-20 09:24 - 00067502 _____ C:\Users\Jana\návrh smlouvy expedis.doc.vvv
2015-12-08 18:25 - 2008-05-26 11:02 - 00000000 ____D C:\Users\Jana\Desktop\SKENNER
2015-12-08 18:23 - 2015-10-20 13:37 - 00006190 _____ C:\Users\Jana\Desktop\HVP.xlsx.vvv
2015-12-08 18:23 - 2015-09-14 14:37 - 00034638 _____ C:\Users\Jana\Desktop\KÚ Krásný Studenec.pdf.vvv
2015-12-08 18:23 - 2015-08-24 14:46 - 00000000 ____D C:\Users\Jana\Desktop\mobil
2015-12-08 18:23 - 2015-08-24 14:34 - 00000000 ____D C:\Users\Jana\Desktop\fotky mobil
2015-12-08 18:23 - 2014-02-20 16:31 - 00081838 _____ C:\Users\Jana\Desktop\Helios pokladna kč 2012.xls.vvv
2015-12-08 18:23 - 2013-07-08 16:31 - 00166190 _____ C:\Users\Jana\Desktop\KONE 2013 (Automaticky uloženo).xlsx.vvv
2015-12-08 18:23 - 2012-07-13 15:02 - 00000000 ____D C:\Users\Jana\Desktop\Fotky-Lukýsek
2015-12-08 18:23 - 2012-02-21 20:12 - 00000000 ____D C:\Users\Jana\Desktop\KONE
2015-12-08 18:22 - 2015-10-30 13:01 - 00031150 _____ C:\Users\Jana\Desktop\dohoda o rezervaci nemovitosti.doc.vvv
2015-12-08 18:22 - 2015-10-09 08:52 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Sun
2015-12-08 18:22 - 2015-10-09 08:51 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Oracle
2015-12-08 18:22 - 2015-07-20 10:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Neos Eureka S.r.l
2015-12-08 18:22 - 2015-04-06 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-12-08 18:22 - 2015-04-06 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\GHISLER
2015-12-08 18:22 - 2014-11-12 14:19 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieBrowserModeList
2015-12-08 18:22 - 2014-09-19 12:04 - 00299982 _____ C:\Users\Jana\Desktop\Děčín Krásný Studenec RD Mayerovi.pdf.vvv
2015-12-08 18:22 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieUserList
2015-12-08 18:22 - 2014-06-28 19:45 - 00000000 __SHD C:\Users\Jana\AppData\LocalLow\EmieSiteList
2015-12-08 18:22 - 2014-04-24 10:38 - 00000000 ____D C:\Users\Jana\AppData\Roaming\TeamViewer
2015-12-08 18:22 - 2014-01-26 22:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-08 18:22 - 2014-01-14 11:25 - 00000000 ___HD C:\Users\Jana\AppData\Roaming\DE48626E
2015-12-08 18:22 - 2013-12-12 16:59 - 00012718 _____ C:\Users\Jana\Desktop\DOO.xls.vvv
2015-12-08 18:22 - 2013-12-10 11:38 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\ntr
2015-12-08 18:22 - 2013-10-02 13:21 - 00000000 ____D C:\Users\Jana\AppData\Roaming\EurekaLab s.a.s
2015-12-08 18:22 - 2013-06-19 10:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Samsung
2015-12-08 18:22 - 2013-06-17 10:30 - 00000000 ____D C:\Users\Jana\AppData\Roaming\pdfforge
2015-12-08 18:22 - 2013-06-17 10:20 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Temp
2015-12-08 18:22 - 2013-06-13 13:15 - 00000000 ____D C:\Users\Jana\AppData\Roaming\WinRAR
2015-12-08 18:22 - 2013-06-13 13:15 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:22 - 2013-06-13 12:44 - 00000000 ____D C:\Users\Jana\AppData\Roaming\NAPS2
2015-12-08 18:22 - 2013-06-13 12:10 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Canon
2015-12-08 18:22 - 2013-06-09 22:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\IsolatedStorage
2015-12-08 18:22 - 2013-06-09 22:11 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Encryptomatic, LLC
2015-12-08 18:22 - 2013-06-09 21:42 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TimoCom
2015-12-08 18:22 - 2013-06-09 21:40 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Transporeon
2015-12-08 18:22 - 2013-06-09 21:40 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Transporeon
2015-12-08 18:22 - 2013-06-09 20:09 - 00000000 ____D C:\Users\Jana\AppData\Roaming\vlc
2015-12-08 18:22 - 2013-06-09 20:08 - 00000000 ____D C:\Users\Jana\AppData\Roaming\XnView
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Thunderbird
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Mozilla
2015-12-08 18:22 - 2013-06-08 18:12 - 00000000 ____D C:\Users\Jana\AppData\Local\Thunderbird
2015-12-08 18:22 - 2013-06-08 17:48 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Adobe
2015-12-08 18:22 - 2013-06-08 17:37 - 00000000 ____D C:\Users\Jana\AppData\Roaming\LibreOffice
2015-12-08 18:22 - 2013-06-08 17:27 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Sun
2015-12-08 18:22 - 2013-06-08 17:20 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Macromedia
2015-12-08 18:22 - 2013-06-08 17:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Intel Corporation
2015-12-08 18:22 - 2013-06-08 16:58 - 00000000 ____D C:\Users\Jana\AppData\Roaming\InstallShield
2015-12-08 18:22 - 2013-06-08 16:42 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Adobe
2015-12-08 18:22 - 2013-06-08 16:41 - 00000000 ____D C:\Users\Jana\AppData\Local\VirtualStore
2015-12-08 18:22 - 2011-01-04 23:51 - 00000000 ____D C:\Users\Jana\Desktop\Datová schránka
2015-12-08 18:20 - 2015-04-13 21:26 - 00000000 ____D C:\Users\Jana\AppData\Local\TeamViewer
2015-12-08 18:20 - 2013-07-06 14:46 - 00000000 ____D C:\Users\Jana\AppData\Local\ORPALIS
2015-12-08 18:20 - 2013-06-24 13:13 - 00000000 ____D C:\Users\Jana\AppData\Local\RBuilder
2015-12-08 18:20 - 2013-06-19 10:13 - 00000000 ____D C:\Users\Jana\AppData\Local\Samsung
2015-12-08 18:20 - 2013-06-08 16:41 - 00000000 ____D C:\Users\Jana\AppData\Local\Packages
2015-12-08 18:01 - 2015-10-09 08:52 - 00000000 ____D C:\Users\Jana\.oracle_jre_usage
2015-12-08 18:01 - 2015-06-13 18:30 - 00000000 ____D C:\Users\Jana\AppData\Local\GWX
2015-12-08 18:01 - 2015-01-12 14:19 - 00000000 ____D C:\Users\Jana\AppData\Local\KONICA MINOLTA
2015-12-08 18:01 - 2014-11-12 14:19 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieBrowserModeList
2015-12-08 18:01 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieUserList
2015-12-08 18:01 - 2014-06-28 19:46 - 00000000 __SHD C:\Users\Jana\AppData\Local\EmieSiteList
2015-12-08 18:01 - 2014-01-31 10:26 - 00000000 ____D C:\Users\Jana\AppData\Local\GForceCmp
2015-12-08 18:01 - 2014-01-26 22:41 - 00000000 ____D C:\Users\Jana\AppData\Local\Mega Limited
2015-12-08 18:01 - 2014-01-26 22:34 - 00000000 ____D C:\Users\Jana\AppData\Local\MEGAsync
2015-12-08 18:01 - 2013-12-10 11:47 - 00000000 ____D C:\Users\Jana\AppData\Local\join.me
2015-12-08 18:01 - 2013-11-09 23:39 - 00000000 ____D C:\ProgramData\Oracle
2015-12-08 18:01 - 2013-06-27 09:18 - 00000000 ____D C:\ProgramData\Mozilla
2015-12-08 18:01 - 2013-06-19 10:11 - 00000000 ____D C:\Users\Jana\AppData\Local\Downloaded Installations
2015-12-08 18:01 - 2013-06-19 10:11 - 00000000 ____D C:\ProgramData\Samsung
2015-12-08 18:01 - 2013-06-09 22:39 - 00000000 ____D C:\Users\Jana\AppData\Local\Encryptomatic,_LLC
2015-12-08 18:01 - 2013-06-09 22:12 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-12-08 18:01 - 2013-06-09 21:42 - 00000000 ____D C:\TCCARGO
2015-12-08 18:01 - 2013-06-09 21:08 - 00000000 ____D C:\LMSS
2015-12-08 18:01 - 2013-06-08 22:30 - 00000000 ____D C:\Users\Jana\AppData\Local\LogMeIn
2015-12-08 18:01 - 2013-06-08 22:30 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-08 18:01 - 2013-06-08 17:54 - 00000000 ____D C:\Users\Jana\AppData\Local\Apps\2.0
2015-12-08 18:01 - 2013-06-08 17:48 - 00000000 ____D C:\ProgramData\Adobe
2015-12-08 18:01 - 2013-06-08 17:47 - 00000000 ____D C:\Users\Jana\AppData\Local\Adobe
2015-12-08 18:01 - 2013-06-08 17:31 - 00000000 ____D C:\ProgramData\Sun
2015-12-08 18:01 - 2013-06-08 17:12 - 00000000 ____D C:\ProgramData\Intel
2015-12-08 18:01 - 2013-06-08 16:45 - 00000000 ____D C:\Intel
2015-12-08 18:01 - 2013-06-08 16:41 - 00000000 ____D C:\ProgramData\PRICache
2015-12-08 18:01 - 2009-10-16 14:32 - 00000000 ____D C:\Asped backup
2015-12-08 18:01 - 2007-09-27 07:40 - 00000000 ____D C:\KBcertifikat
2015-12-08 17:59 - 2013-06-27 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-08 00:40 - 2014-01-21 23:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-07 09:20 - 2014-11-11 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-07 09:20 - 2013-11-09 23:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-07 09:19 - 2014-11-11 22:07 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-06 12:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-02 11:02 - 2013-04-07 22:34 - 00001585 _____ C:\Users\Jana\Desktop\Helios Orange.lnk
2015-12-01 18:19 - 2015-04-18 10:28 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2015-04-18 10:28 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 07:25 - 2013-06-08 16:49 - 00003938 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-30 07:25 - 2013-06-08 16:49 - 00003702 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-14 14:09 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 05:21 - 2014-01-22 19:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 05:18 - 2013-06-08 18:05 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-12-08 18:22 - 2015-12-08 19:55 - 0009550 _____ () C:\Users\Jana\AppData\Roaming\how_recover+ntp.html
2015-12-08 18:22 - 2015-12-08 19:55 - 0002755 _____ () C:\Users\Jana\AppData\Roaming\how_recover+ntp.txt
2014-01-31 10:27 - 2014-01-31 10:27 - 0000095 _____ () C:\Users\Jana\AppData\Local\GForces4822.hlp
2015-12-08 17:56 - 2015-12-08 17:56 - 0009550 _____ () C:\Users\Jana\AppData\Local\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 0002755 _____ () C:\Users\Jana\AppData\Local\how_recover+iuu.txt
2015-12-08 18:01 - 2015-12-08 19:55 - 0009550 _____ () C:\Users\Jana\AppData\Local\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 19:55 - 0002755 _____ () C:\Users\Jana\AppData\Local\how_recover+ntp.txt
2013-06-19 16:42 - 2013-06-19 17:21 - 0007606 _____ () C:\Users\Jana\AppData\Local\resmon.resmoncfg
2015-12-08 17:56 - 2015-12-08 17:56 - 0009550 _____ () C:\ProgramData\how_recover+iuu.html
2015-12-08 17:56 - 2015-12-08 17:56 - 0002755 _____ () C:\ProgramData\how_recover+iuu.txt
2015-12-08 18:01 - 2015-12-08 18:01 - 0009550 _____ () C:\ProgramData\how_recover+ntp.html
2015-12-08 18:01 - 2015-12-08 18:01 - 0002755 _____ () C:\ProgramData\how_recover+ntp.txt

Some files in TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avcuf32.dll
C:\Users\Jana\AppData\Local\Temp\avcuf64.dll
C:\Users\Jana\AppData\Local\Temp\avxdisk.dll
C:\Users\Jana\AppData\Local\Temp\bdc.exe
C:\Users\Jana\AppData\Local\Temp\bdcore.dll
C:\Users\Jana\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\Jana\AppData\Local\Temp\bdnimbus32.dll
C:\Users\Jana\AppData\Local\Temp\bdnimbus64.dll
C:\Users\Jana\AppData\Local\Temp\bdupdateservice.dll
C:\Users\Jana\AppData\Local\Temp\DEVCON.EXE
C:\Users\Jana\AppData\Local\Temp\eEmpty.exe
C:\Users\Jana\AppData\Local\Temp\encdec.dll
C:\Users\Jana\AppData\Local\Temp\esupdate.exe
C:\Users\Jana\AppData\Local\Temp\FSSync.dll
C:\Users\Jana\AppData\Local\Temp\Getvlist.exe
C:\Users\Jana\AppData\Local\Temp\ikave.dll
C:\Users\Jana\AppData\Local\Temp\ipc.dll
C:\Users\Jana\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Jana\AppData\Local\Temp\kave.dll
C:\Users\Jana\AppData\Local\Temp\kavvlg.dll
C:\Users\Jana\AppData\Local\Temp\msvclnt.dll
C:\Users\Jana\AppData\Local\Temp\msvcp80.dll
C:\Users\Jana\AppData\Local\Temp\msvcp90.dll
C:\Users\Jana\AppData\Local\Temp\msvcr80.dll
C:\Users\Jana\AppData\Local\Temp\msvcr90.dll
C:\Users\Jana\AppData\Local\Temp\msvl64.dll
C:\Users\Jana\AppData\Local\Temp\msvlclnt.dll
C:\Users\Jana\AppData\Local\Temp\mwavdwnl.exe
C:\Users\Jana\AppData\Local\Temp\MWAVL.exe
C:\Users\Jana\AppData\Local\Temp\mwavscan.exe
C:\Users\Jana\AppData\Local\Temp\mwunzip.dll
C:\Users\Jana\AppData\Local\Temp\prLoader.dll
C:\Users\Jana\AppData\Local\Temp\red32.dll
C:\Users\Jana\AppData\Local\Temp\Reload.exe
C:\Users\Jana\AppData\Local\Temp\scan.dll
C:\Users\Jana\AppData\Local\Temp\ScanningProcess.exe
C:\Users\Jana\AppData\Local\Temp\setpriv.exe
C:\Users\Jana\AppData\Local\Temp\sqlite3.dll
C:\Users\Jana\AppData\Local\Temp\test2.exe
C:\Users\Jana\AppData\Local\Temp\trufos.dll
C:\Users\Jana\AppData\Local\Temp\unregx.exe
C:\Users\Jana\AppData\Local\Temp\UPDLL10.DLL
C:\Users\Jana\AppData\Local\Temp\viewtcp.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-11 19:12

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:78.13 GB) (Free:33.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Místní disk) (Fixed) (Total:154.75 GB) (Free:31.9 GB) NTFS

Available physical RAM: 2106.02 MB
Total physical RAM: 3783.32 MB
Percentage of memory in use: 44%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EBBAEBBA)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=154.7 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 981 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(6.26 KiB) Staženo 45 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Jana\AppData\Local\Temp
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#9 Příspěvek od mav3r!ck »

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Jana (2015-12-12 00:03:38) Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available Profiles: Jana)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Jana\AppData\Local\Temp
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

"C:\Users\Jana\AppData\Local\Temp" folder move:

Could not move "C:\Users\Jana\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\SysWOW64\runouce.exe => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-12 00:20:06)

C:\Users\Jana\AppData\Local\Temp => moved successfully

==== End of Fixlog 00:20:06 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#10 Příspěvek od Rudy »

Smazáno, log je již OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#11 Příspěvek od mav3r!ck »

Moc dekuji a muzu mit jeste dotaz?
Chapu to spravne, ze ted java nebude sama nabizet aktualizace? Videl jsem, ze to tu nastavujete pravidelne. To proto, ze ten updater zbytecne zere systemove prostredky na to, ze jen kontroluje aktualizace nebo jsou s nim i jine problemy? Nevim, co je na tom pravdy, ale nekde jsem cetl, ze nejvetsi pocet nakaz se do pocitace dostava kvuli neaktualni Jave, Flashi a Adobe Readeru. Proto me trochu prekvapuje, ze aktualizace nechavate na uzivateli zrovna na tomto foru. Ale vim o tom prd a sam dobre vim, ze se vsude pise spousta blbosti. Kazdopadne vam plne duveruji, jen v tom chci mit jasno.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#12 Příspěvek od Rudy »

Pokud myslíte jusched, je to plánovač, který i po vypnutí nebrání Javu aktualizovat. Pokud je v PC neaktuální verze, upozorní na to na to sama po každém startu a aktuaslizace se stáhne. Plánovač jen plánuje čas detekování nových verzí. Jusched je tedy zbytečnost, která jen brzdí chod systému a standardně ji mažeme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mav3r!ck
Návštěvník
Návštěvník
Příspěvky: 46
Registrován: 23 bře 2009 13:10

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#13 Příspěvek od mav3r!ck »

Ok, pak uz to chapu, kdyz to nema vliv na funkci. Dekuji.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažen poslední verzí TeslaCryptu (přípony .vvv)

#14 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“