VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus v PC

https://forum.viry.cz:443/viewtopic.php?t=147205

Stránka 1 z 1

Virus v PC

Napsal: 14 pro 2015 11:09
od Saturas
Zdravím,

poprosil bych o kontrolu logu. Známé se podařilo stáhnout nějaký pěkný bordel. Jde pravděpodobně o položku setup na ploše.
Přikládám přiložený log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by Hana (administrator) on PC-HANKA (14-12-2015 11:05:04)
Running from C:\Users\Hana\Desktop
Loaded Profiles: Hana (Available Profiles: Hana & Administrator)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe
() C:\Program Files\WindowsApps\34908JigsawPuzzlephotosud.FlappyBird8_1.0.2.22_neutral__2ty3rvq1c6b9m\flappybird.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(forum.viry.cz) C:\Users\Hana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.30.94.1
Tcpip\..\Interfaces\{0FC2DDEF-6946-4414-A89D-C9498C5D70C0}: [DhcpNameServer] 172.30.94.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-1620656838-4117863892-1635583639-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1620656838-4117863892-1635583639-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-1620656838-4117863892-1635583639-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {0B83348E-3923-494F-A1C4-DE3B61FE6B1D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {0B83348E-3923-494F-A1C4-DE3B61FE6B1D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-1620656838-4117863892-1635583639-1002 -> {0B83348E-3923-494F-A1C4-DE3B61FE6B1D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-14] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-14]
CHR Extension: (Dokumenty Google) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-14]
CHR Extension: (Disk Google) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-14]
CHR Extension: (YouTube) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-14]
CHR Extension: (Tabulky Google) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14]
CHR Extension: (Gmail) - C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0321061450085327mcinstcleanup; C:\WINDOWS\TEMP\032106~1.EXE [834664 2013-07-31] (McAfee, Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-04] (Microsoft Corporation)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-08-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-08-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S0 cfwids; system32\drivers\cfwids.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
U3 mfecore; no ImagePath
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 19:13 - 2015-12-14 19:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-12-14 19:13 - 2015-12-14 19:13 - 00000000 ____D C:\Windows.old
2015-12-14 18:48 - 2015-12-14 18:48 - 00000000 ____D C:\$WINDOWS.~BT
2015-12-14 18:46 - 2015-12-14 18:47 - 00000000 ___HD C:\$SysReset
2015-12-14 11:05 - 2015-12-14 11:05 - 00015108 _____ C:\Users\Hana\Desktop\FRST.txt
2015-12-14 11:04 - 2015-12-14 11:05 - 00000000 ____D C:\FRST
2015-12-14 11:03 - 2015-12-14 11:03 - 02369536 _____ (Farbar) C:\Users\Hana\Desktop\FRST64.exe
2015-12-14 11:03 - 2015-12-14 11:03 - 00112640 _____ (forum.viry.cz) C:\Users\Hana\Desktop\FRSTLauncher.exe
2015-12-14 11:01 - 2015-12-14 11:01 - 00003094 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1620656838-4117863892-1635583639-1002
2015-12-14 11:01 - 2015-12-14 11:01 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 11:01 - 2015-12-14 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-14 11:00 - 2015-12-14 11:05 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-14 11:00 - 2015-12-14 11:05 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-14 11:00 - 2015-12-14 11:01 - 00000000 ____D C:\Users\Hana\AppData\Local\Google
2015-12-14 11:00 - 2015-12-14 11:01 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-14 11:00 - 2015-12-14 11:00 - 00003938 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-14 11:00 - 2015-12-14 11:00 - 00003702 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-14 11:00 - 2015-12-14 11:00 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-14 11:00 - 2015-07-17 14:51 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:51 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-14 11:00 - 2015-07-17 14:47 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-14 10:59 - 2015-12-14 11:00 - 00000000 ____D C:\Users\Hana\AppData\Local\Deployment
2015-12-14 10:59 - 2015-12-14 10:59 - 00000000 ____D C:\Users\Hana\AppData\Local\Apps\2.0
2015-12-14 10:51 - 2015-12-14 10:51 - 00002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-14 10:51 - 2015-12-14 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2015-12-14 10:49 - 2015-12-14 10:49 - 00004022 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2015-12-14 10:44 - 2015-12-14 10:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-14 10:43 - 2015-12-14 10:43 - 00000000 ____D C:\Users\Hana\AppData\Roaming\Macromedia
2015-12-14 10:41 - 2015-12-14 10:41 - 00000000 __SHD C:\Users\Hana\AppData\Local\EmieUserList
2015-12-14 10:41 - 2015-12-14 10:41 - 00000000 __SHD C:\Users\Hana\AppData\Local\EmieSiteList
2015-12-14 10:34 - 2015-12-14 11:05 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1620656838-4117863892-1635583639-1002
2015-12-14 10:30 - 2015-12-14 10:49 - 00000000 ____D C:\Users\Hana\AppData\Roaming\Hewlett-Packard
2015-12-14 10:30 - 2015-12-14 10:30 - 00000000 ____D C:\Users\Hana\AppData\Local\CyberLink
2015-12-14 10:29 - 2015-12-14 10:29 - 00000000 ____D C:\Users\Hana\AppData\Roaming\Synaptics
2015-12-14 10:29 - 2015-12-14 10:29 - 00000000 ____D C:\Users\Hana\AppData\Roaming\hpqlog
2015-12-14 10:29 - 2015-12-14 10:29 - 00000000 ____D C:\Users\Hana\AppData\Local\Hewlett-Packard
2015-12-14 10:29 - 2015-12-14 10:29 - 00000000 ____D C:\ProgramData\Synaptics
2015-12-14 10:28 - 2015-12-14 10:28 - 00000000 ____D C:\Users\Hana\AppData\Local\Power2Go8
2015-12-14 10:25 - 2015-12-14 10:25 - 00015754 _____ C:\Users\Hana\Desktop\Odebrané aplikace.html
2015-12-14 10:25 - 2015-12-14 10:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-12-14 10:24 - 2015-12-14 10:24 - 00001433 _____ C:\Users\Hana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-14 10:24 - 2015-12-14 10:24 - 00000000 ____D C:\Users\Hana\AppData\Roaming\Adobe
2015-12-14 10:24 - 2015-12-14 10:24 - 00000000 ____D C:\Users\Hana\AppData\Local\VirtualStore
2015-12-14 10:23 - 2015-12-14 10:23 - 00000020 ___SH C:\Users\Hana\ntuser.ini
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Šablony
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Poslední
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Okolní síť
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Dokumenty
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\Data aplikací
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Šablony
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Plocha
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Nabídka Start
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Dokumenty
2015-12-14 10:22 - 2015-12-14 10:22 - 00000000 _SHDL C:\ProgramData\Data aplikací
2015-12-14 10:20 - 2015-12-14 10:20 - 00003645 _____ C:\Users\Administrator\AppData\Local\Application.xml
2015-12-14 10:19 - 2015-12-14 10:24 - 00000000 ____D C:\Users\Hana
2015-12-14 10:19 - 2015-12-14 10:20 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2015-12-14 10:19 - 2015-12-14 10:20 - 00024768 _____ C:\WINDOWS\diagerr.xml
2015-12-14 10:19 - 2015-12-14 10:20 - 00000000 ___HD C:\Users\Hana\Documents\hp.system.package.metadata
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Šablony
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Soubory cookie
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Poslední
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Okolní tiskárny
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Okolní síť
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Nabídka Start
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Dokumenty
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Documents\Obrázky
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Documents\Hudba
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Documents\Filmy
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\Data aplikací
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-12-14 10:19 - 2015-12-14 10:19 - 00000000 _SHDL C:\Users\Hana\AppData\Local\Data aplikací
2015-12-14 10:19 - 2014-03-18 10:54 - 00000369 _____ C:\Users\Hana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-12-14 10:19 - 2014-03-18 10:54 - 00000369 _____ C:\Users\Hana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-12-14 10:16 - 2015-12-14 10:16 - 00002310 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1620656838-4117863892-1635583639-500
2015-12-12 20:52 - 2015-12-12 20:53 - 00688776 _____ C:\Users\Hana\Desktop\Setup.exe
2015-12-12 20:49 - 2015-12-12 20:52 - 22168315 _____ C:\Users\Hana\Downloads\vlc-2.2.1-win32 (1).exe
2015-12-10 07:53 - 2015-12-12 20:27 - 00000000 ____D C:\Users\Hana\AppData\LocalLow\uTorrent
2015-12-06 21:32 - 2015-12-06 21:32 - 00566717 _____ C:\Users\Hana\Downloads\2f0fb6440a0f.pdf
2015-12-06 17:37 - 2015-12-06 17:37 - 01558847 _____ C:\Users\Hana\Downloads\BODIPY.pptx
2015-12-06 08:08 - 2015-12-06 08:08 - 00002254 _____ C:\Users\Hana\Desktop\HP Support Assistant.lnk
2015-12-04 18:45 - 2015-12-04 18:45 - 00000000 ____D C:\Users\Hana\Downloads\0000001786-smiletemplates.com (1)
2015-12-04 18:44 - 2015-12-04 18:44 - 01288834 _____ C:\Users\Hana\Downloads\0000001786-smiletemplates.com (1).zip
2015-12-04 18:42 - 2015-12-04 18:42 - 00000000 ____D C:\Users\Hana\Downloads\8
2015-12-04 18:40 - 2015-12-04 18:40 - 00653027 _____ C:\Users\Hana\Downloads\8.zip
2015-12-04 18:39 - 2015-12-04 18:39 - 00639973 _____ C:\Users\Hana\Downloads\10.zip
2015-12-04 18:39 - 2015-12-04 18:39 - 00000000 ____D C:\Users\Hana\Downloads\10
2015-12-04 14:04 - 2015-12-04 14:04 - 01683216 _____ C:\Users\Hana\Downloads\BODIPY Fluorescent Chemosensor for Cu2+ Detection and Its (1).pdf
2015-12-04 07:21 - 2015-12-04 07:21 - 00625848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2015-12-04 07:21 - 2015-12-04 07:21 - 00381128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2015-12-04 07:21 - 2015-12-04 07:21 - 00323792 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2015-12-04 07:21 - 2015-12-04 07:21 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2015-12-04 05:22 - 2015-12-04 05:22 - 00430264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2015-12-04 05:22 - 2015-12-04 05:22 - 00257736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2015-12-04 05:22 - 2015-12-04 05:22 - 00234192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2015-12-04 05:22 - 2015-12-04 05:22 - 00075960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2015-12-01 20:28 - 2015-12-01 20:28 - 01501310 _____ C:\Users\Hana\Downloads\Genotoxicita_Rablova_BP.pdf
2015-12-01 20:28 - 2015-12-01 20:28 - 00691334 _____ C:\Users\Hana\Downloads\Barbora_Tarabova.pdf
2015-12-01 20:22 - 2015-12-01 20:22 - 00015401 _____ C:\Users\Hana\Downloads\TOT.xlsx
2015-12-01 20:22 - 2015-12-01 20:22 - 00015375 _____ C:\Users\Hana\Downloads\ATK.xlsx
2015-12-01 20:22 - 2015-12-01 20:22 - 00015371 _____ C:\Users\Hana\Downloads\DAJA.xlsx
2015-12-01 20:08 - 2015-12-01 21:04 - 00020934 _____ C:\Users\Hana\Downloads\BH+HP+VM (2).xlsx
2015-11-30 17:36 - 2015-11-30 17:36 - 01193704 _____ (Adobe Systems Incorporated) C:\Users\Hana\Downloads\readerdc_cz_ga_install.exe
2015-11-30 17:33 - 2015-11-30 17:33 - 01028377 _____ C:\Users\Hana\Downloads\Coupon (1).pdf
2015-11-28 10:06 - 2015-12-04 21:15 - 00000000 ____D C:\Users\Hana\Desktop\323_2811
2015-11-27 15:57 - 2015-11-27 15:57 - 00200857 _____ C:\Users\Hana\Downloads\11.xps
2015-11-26 19:13 - 2015-11-26 19:13 - 00014861 _____ C:\Users\Hana\Downloads\4835_Kopie - Kopie - obhajoby.xlsx
2015-11-25 21:15 - 2015-11-25 21:15 - 16935207 _____ C:\Users\Hana\Downloads\filmek.wmv
2015-11-23 18:09 - 2015-12-12 17:06 - 00000000 ____D C:\Users\Hana\Desktop\menza prodej
2015-11-21 14:09 - 2015-11-21 14:09 - 00015411 _____ C:\Users\Hana\Downloads\BH+HP+VM (1).xlsx
2015-11-18 21:16 - 2015-11-18 21:16 - 00616232 _____ C:\Users\Hana\Downloads\jancerny_plakat_web.pdf
2015-11-16 11:46 - 2015-11-16 14:14 - 2657808282 _____ C:\Users\Hana\Downloads\Mezi-Vlky---The-Grey-1080p-x264-AC3-5.1-Cz-dab-2011.mkv
2015-11-16 10:57 - 2015-11-16 10:57 - 01683216 _____ C:\Users\Hana\Downloads\BODIPY Fluorescent Chemosensor for Cu2+ Detection and Its.pdf
2015-11-16 08:05 - 2015-11-16 08:41 - 00000000 ____D C:\Users\Hana\Desktop\Nová složka (3)
2015-11-14 15:10 - 2015-11-14 15:10 - 01353751 _____ C:\Users\Hana\Downloads\Coupon.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 19:13 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-14 11:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-14 11:01 - 2014-12-25 07:30 - 00000000 __RDO C:\Users\Hana\OneDrive
2015-12-14 11:00 - 2014-05-07 05:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-14 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-14 11:00 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-14 10:59 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-14 10:44 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-14 10:41 - 2014-12-25 07:38 - 00000000 __SHD C:\Users\Hana\AppData\LocalLow\EmieUserList
2015-12-14 10:41 - 2014-12-25 07:38 - 00000000 __SHD C:\Users\Hana\AppData\LocalLow\EmieSiteList
2015-12-14 10:41 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-14 10:39 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-14 10:34 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-14 10:32 - 2014-08-03 22:34 - 00000000 ____D C:\ProgramData\McAfee
2015-12-14 10:30 - 2014-12-25 07:27 - 00000000 ____D C:\Users\Hana\Documents\Youcam
2015-12-14 10:26 - 2014-05-07 14:42 - 00768392 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-14 10:26 - 2014-05-07 14:42 - 00166490 _____ C:\WINDOWS\system32\perfc005.dat
2015-12-14 10:26 - 2014-03-18 10:53 - 01882976 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-14 10:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-14 10:24 - 2014-12-25 07:24 - 00000000 ____D C:\Users\Hana\AppData\Local\Packages
2015-12-14 10:24 - 2014-08-03 22:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-12-14 10:24 - 2014-05-07 06:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-14 10:24 - 2014-05-07 06:22 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-12-14 10:24 - 2014-05-07 05:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-12-14 10:24 - 2014-05-07 05:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-12-14 10:24 - 2014-05-07 05:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-12-14 10:23 - 2014-04-01 02:07 - 00000000 ___HD C:\SYSTEM.SAV
2015-12-14 10:22 - 2014-04-02 11:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-14 10:22 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows NT
2015-12-14 10:20 - 2014-08-03 23:07 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-12-14 10:20 - 2014-08-03 22:34 - 00134313 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2015-12-14 10:20 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-14 10:19 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-14 10:18 - 2013-08-22 15:44 - 00336528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 10:17 - 2014-08-03 22:23 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-14 10:17 - 2014-04-01 02:07 - 00000000 ____D C:\SWSetup
2015-12-14 10:17 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 17:07 - 2014-12-25 08:27 - 00000000 ____D C:\Hanka
2015-12-10 21:27 - 2015-01-09 11:44 - 00751616 ___SH C:\Users\Hana\Downloads\Thumbs.db
2015-12-10 21:17 - 2015-06-18 20:39 - 02249216 ___SH C:\Users\Hana\Desktop\Thumbs.db
2015-12-10 20:36 - 2015-10-18 12:39 - 00000000 ____D C:\Users\Hana\Desktop\deer
2015-12-04 21:15 - 2015-11-07 11:44 - 00000000 ____D C:\Users\Hana\Desktop\318_0711
2015-12-04 08:41 - 2015-05-25 08:53 - 00000000 ____D C:\Users\Hana\AppData\LocalLow\Adobe

==================== Files in the root of some directories =======


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Hana\Desktop" je 2199 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================


Addition log http://leteckaposta.cz/609983572

Re: Virus v PC

Napsal: 14 pro 2015 17:19
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Virus v PC

Napsal: 14 pro 2015 18:01
od Saturas
Log z ADWcl nenašel žádné potíže, nicméně poté známá přeinstalovala win a zformátovala HDD, takže je problém zřejmě vyřešen a můžeme téma zamknout.
I tak děkuji za poskytnutou radu ;)

Re: Virus v PC

Napsal: 14 pro 2015 18:18
od Rudy
OK, také řešení. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz