Locky files
Napsal: 15 bře 2016 11:53
Dobrý den, prosím o pomoc se zavirovaným počítačem. Kolegyně byla velmi čilá a otevřela co neměla. V počítači má nyní locky soubory, se kterými se již rozloučila, ale já potřebuji mít jistotu, že je počítač čistý a můžu ho zpět vrátit.
Log z FRST :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by vesna (administrator) on CKTAGPC4 (15-03-2016 11:42:47)
Running from G:\
Loaded Profiles: vesna (Available Profiles: vesna & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [14396416 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => D:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WinVNC] => D:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group)
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ESDUSBMon.exe] => D:\WINDOWS\system32\ESDUSBMon.exe [188416 2005-05-26] (SEIKO EPSON Corp.)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3159744 2013-10-07] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [InstallerLauncher] => D:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [500328 2016-03-15] (Bitdefender)
HKLM\...\Run: [SpyHunter Security Suite] => D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7252864 2016-03-15] (Enigma Software Group USA, LLC.)
Startup: D:\Documents and Settings\vesna\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk [2015-07-09]
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B6A86341-B7FE-448A-A41F-B91A192A3210}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-1935655697-343818398-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
FireFox:
========
FF ProfilePath: D:\Documents and Settings\vesna\Data aplikací\Mozilla\Firefox\Profiles\rz2ynknj.default
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-21] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: Default - D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-19] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - D:\Program Files\Hewlett-Packard\SmartPrint\QPExtension => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 EhttpSrv; D:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [34296 2013-10-07] (ESET)
S2 ekrn; D:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1025584 2013-10-07] (ESET)
S2 EPSON ESCPOS Status Service; D:\WINDOWS\system32\EpStsSrv.exe [77824 2006-05-17] (SEIKO EPSON Corp.) [File not signed]
S3 ESHASRV; D:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [185104 2013-10-07] (ESET)
S4 gzserv; D:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-15] (Bitdefender)
S3 HP Port Resolver; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S2 MDM; D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] () [File not signed]
S2 SpyHunter 4 Service; D:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-03-15] (Enigma Software Group USA, LLC.)
S2 winvnc; D:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 avc3; D:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; D:\WINDOWS\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; D:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S3 Axtmvflt; D:\WINDOWS\System32\DRIVERS\Axtmvflt.sys [3456 2007-09-20] (Axesstel) [File not signed]
S3 Axtmvmdm; D:\WINDOWS\System32\DRIVERS\Axtmvmdm.sys [40064 2007-09-20] (Axesstel) [File not signed]
S3 Axtmvprt; D:\WINDOWS\System32\Drivers\Axtmvprt.sys [38784 2007-09-20] (Axesstel) [File not signed]
S1 bdftdif; D:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
S4 bdselfpr; D:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 cmpci; D:\WINDOWS\System32\drivers\cmaudio.sys [373518 2002-03-01] (C-Media Inc) [File not signed]
S1 eamon; D:\WINDOWS\System32\DRIVERS\eamon.sys [166672 2013-10-25] (ESET)
S1 ehdrv; D:\WINDOWS\System32\DRIVERS\ehdrv.sys [128056 2013-09-09] (ESET)
S4 epfwtdir; D:\WINDOWS\System32\DRIVERS\epfwtdir.sys [110552 2013-09-09] (ESET)
S2 Esdpdx01; D:\WINDOWS\system32\Drivers\ESDPDX01.SYS [95485 2003-12-25] (MK Systems CO., LTD.) [File not signed]
S3 EsgScanner; D:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-03-15] ()
S3 gameenum; D:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S4 gzflt; D:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 Rcphook; D:\WINDOWS\System32\DRIVERS\rcpmini.sys [3264 2005-02-25] (Alchemy Lab) [File not signed]
R3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project) [File not signed]
S3 TMUSB; D:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [47616 2007-01-19] (SEIKO EPSON Corp.)
S0 trufos; D:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S4 IntelIde; no ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 11:07 - 2016-03-15 11:07 - 00000000 ____D D:\sh4ldr
2016-03-15 11:07 - 2016-03-15 11:07 - 00000000 ____D D:\Documents and Settings\vesna\Data aplikací\Enigma Software Group
2016-03-15 11:04 - 2016-03-15 11:04 - 00019984 _____ D:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00000000 ____D D:\Program Files\Enigma Software Group
2016-03-15 10:57 - 2016-03-15 11:03 - 00064444 _____ D:\WINDOWS\ntbtlog.txt
2016-03-15 10:56 - 2016-03-15 10:56 - 00184624 _____ D:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2016-03-15 10:55 - 2016-03-15 10:55 - 00009635 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.3504.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00042015 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.1628.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00002406 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.3208.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00001334 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.2204.bin
2016-03-15 10:54 - 2016-03-15 10:54 - 00037461 _____ D:\Documents and Settings\All Users\Data aplikací\1458035691.bdinstall.bin
2016-03-15 10:52 - 2016-03-15 10:52 - 00218067 _____ D:\Documents and Settings\All Users\Data aplikací\1458035130.bdinstall.bin
2016-03-15 10:52 - 2016-03-15 10:52 - 00000000 ____D D:\Documents and Settings\LocalService\Data aplikací\QuickScan
2016-03-15 10:48 - 2016-03-15 10:48 - 00001872 _____ D:\Documents and Settings\All Users\Plocha\Bitdefender Antivirus Free Edition.lnk
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____H D:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____H D:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____D D:\Documents and Settings\All Users\Nabídka Start\Programy\Antivirus Free Edition
2016-03-15 10:47 - 2016-03-15 10:47 - 00000000 __HDC D:\WINDOWS\$NtUninstallWdf01009$
2016-03-15 10:47 - 2016-03-15 10:47 - 00000000 ____D D:\WINDOWS\LastGood
2016-03-15 10:47 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avc3.sys
2016-03-15 10:47 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avckf.sys
2016-03-15 10:47 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avchv.sys
2016-03-15 10:47 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) D:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-03-15 10:46 - 2016-03-15 10:47 - 00048933 _____ D:\Report 2016-03-15 10.46.05.txt
2016-03-15 10:46 - 2016-03-15 10:46 - 00000000 ____D D:\Documents and Settings\vesna\Data aplikací\QuickScan
2016-03-15 10:45 - 2016-03-15 10:48 - 00000000 ____D D:\Program Files\Bitdefender
2016-03-15 10:45 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) D:\WINDOWS\system32\Drivers\trufos.sys
2016-03-15 10:45 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) D:\WINDOWS\system32\Drivers\gzflt.sys
2016-03-15 10:37 - 2016-03-15 11:42 - 00000000 ____D D:\FRST
2016-03-15 10:34 - 2016-03-15 10:34 - 00188392 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\census.cache
2016-03-15 10:34 - 2016-03-15 10:34 - 00162689 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\ars.cache
2016-03-15 10:15 - 2016-03-15 10:15 - 00000036 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\housecall.guid.cache
2016-03-15 10:02 - 2016-03-15 10:10 - 00000000 ____D D:\Program Files\AdwCleaner
2016-03-15 10:00 - 2016-03-15 10:00 - 00000000 ____D D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-14 16:58 - 2016-03-14 17:09 - 00026340 _____ D:\Documents and Settings\vesna\Plocha\Příjemky ČR.ods
2016-03-14 15:33 - 2016-03-14 15:33 - 00365482 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922BF7F37056900F7A.locky
2016-03-14 15:31 - 2016-03-14 15:31 - 00003780 _____ D:\Documents and Settings\All Users\Data aplikací\8A92DE3DCF92D4921CD205F4ECCB8E98.locky
2016-03-14 15:31 - 2016-03-14 15:31 - 00001073 _____ D:\Documents and Settings\All Users\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:29 - 2016-03-14 15:29 - 00189038 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49228D242B27F441D23.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 05364162 ____N D:\Documents and Settings\vesna\Local Settings\Data aplikací\8A92DE3DCF92D492ED1312A5107A2D0C.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 04837850 _____ D:\Documents and Settings\administrator\Local Settings\Data aplikací\8A92DE3DCF92D4922B8F4BE8A9B5AA69.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 00001073 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:28 - 2016-03-14 15:28 - 00001073 _____ D:\Documents and Settings\administrator\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:27 - 2016-03-14 15:27 - 00597840 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49253E5D1E3B6A77850.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00208468 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4922D9B7E681FC2375D.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00170290 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4924DD4778DF20B51C7.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00139338 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DEC8FD781B5B4262.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00058293 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926F7643D4D2D19D6D.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00044426 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F857ED9941368380.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00026287 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49221E90F7919261029.locky
2016-03-14 15:26 - 2016-03-14 15:26 - 00081246 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DBCC0DF88E685A6B.locky
2016-03-14 15:25 - 2016-03-14 15:25 - 00001073 _____ D:\Documents and Settings\vesna\_Locky_recover_instructions.txt
2016-03-14 15:25 - 2016-03-14 15:25 - 00000917 _____ D:\Documents and Settings\vesna\8A92DE3DCF92D492EBA9BA681ADB06C8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00237654 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492D4DA1EB7E5490679.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00075729 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492240E0361359E06FD.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00049139 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C06C72535FBD27AF.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00049102 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4923E4C3429DA113448.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00028418 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925E19A22D3FD1A598.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00028414 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49246C812D8D73882F9.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00027536 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492853A98E04F0ACA68.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00027530 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C7067B0ED035DA0B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00026845 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DAE679459662C37A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00025554 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4920692B170016A3F64.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00025332 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492CC3CA06645EBE7DD.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024405 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492384F8B662BFBFD5D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EF48A209E4C0451B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4928F2CBF6E5E20DDB5.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49244B97B4A1CD5004B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49242CD54EE7880ADC0.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024363 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492A8959CBDFB184125.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00023627 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922F9D45DACE89EE59.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00022828 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4921997400459838EC2.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00019631 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925687EA5636FB04B2.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00019143 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4926A4A88522CBC3360.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00018882 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49272A24FFBD2E6789D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00018756 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49269F93887DA016716.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00016103 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49250431A8A2B407AF6.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015701 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492627E88E829BD288F.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015649 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4928B58ED342F636E47.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015176 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B09308DB6390B218.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015041 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C16F8D326C038636.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00014768 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F88121D41920AEA8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00014390 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49259EA0B6BAFD2FBFA.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00013239 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4927C8A69C9E11CFE5A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012754 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926274FA23B2796EE8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012631 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C0125A2C334E5636.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012425 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C99890DF7A2F5FB0.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011826 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926B73D9A15657165C.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011624 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926E6AE2EF4F489187.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011573 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EB191C9E811CC24D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00010564 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492E07A8576923EA110.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00009986 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49283E16AF2A947B90B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00009978 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EF6AADDB03969AF4.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008378 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49276CB3074109D8C9E.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F42C0C2235ACAD4A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4921E9B59B6B5C76C46.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49207766D73E8EEA916.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00289604 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C7EBFA33417ACA8A.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00156996 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927B817A07B7E627C2.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C897D51C536F9648.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492ABADAA4F4A0F0E7B.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4925FDCFE3EB8B4AB93.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043332 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492AEA9B3D6F42DF697.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00042820 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492613243B906CC3AAD.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00042308 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49228741F87B2B76B77.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00031044 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492F2543CD9B16BEC36.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00030532 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927D68AEB6F1137738.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00028484 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492F210A795ED74F527.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00024395 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DE5999D6D6127071.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00024363 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492897CA5AEBBD29919.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00023364 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4923C36F528C0694668.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00022820 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922A101E76F271BAAB.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00019273 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492408FBB073B1549A9.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00017144 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B9E2135EEC67C723.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00016708 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492FA71081B7CCC3EA3.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00015817 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492FF922C2ABB872720.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00014700 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4921551BA041062550D.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00013431 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927670D5B8CF7CC7A6.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00013124 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DAFB11A13C31404C.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00012990 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4923562510445962D5A.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00011588 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4922B4AD5A60CFDD1BC.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00010382 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C4490BDCF21C89C5.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00010052 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B531D5B93EE1BA4F.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00007553 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925F2C79D0038B101B.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00001073 _____ D:\Documents and Settings\vesna\Plocha\_Locky_recover_instructions.txt
2016-03-14 15:22 - 2016-03-14 15:22 - 00001073 _____ D:\Documents and Settings\vesna\Dokumenty\_Locky_recover_instructions.txt
2016-03-08 21:12 - 2016-03-09 09:01 - 00000000 ____D D:\Program Files\Mozilla Firefox
2016-02-23 09:07 - 2016-02-25 15:48 - 00000000 ____D D:\Program Files\Mozilla Thunderbird
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 11:43 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna\Local Settings\Temp
2016-03-15 11:22 - 2005-11-28 11:38 - 00001604 ____C D:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 11:20 - 2005-11-30 12:03 - 00001604 ____C D:\Documents and Settings\administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 11:07 - 2013-09-17 09:38 - 00000000 __RHD D:\Documents and Settings\vesna\Data aplikací
2016-03-15 11:07 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna
2016-03-15 11:07 - 2005-11-28 19:21 - 00000000 ___HD D:\WINDOWS\inf
2016-03-15 10:59 - 2004-08-18 13:00 - 00013646 _____ D:\WINDOWS\system32\wpa.dbl
2016-03-15 10:56 - 2013-09-17 09:38 - 00000178 ___SH D:\Documents and Settings\vesna\ntuser.ini
2016-03-15 10:56 - 2005-11-28 11:42 - 00032318 _____ D:\WINDOWS\SchedLgU.Txt
2016-03-15 10:56 - 2005-11-28 11:42 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2016-03-15 10:56 - 2005-11-28 11:42 - 00000000 ___HD D:\Documents and Settings\LocalService\Local Settings\Data aplikací
2016-03-15 10:54 - 2005-11-28 19:28 - 00000000 __RHD D:\Documents and Settings\All Users\Data aplikací
2016-03-15 10:48 - 2005-11-28 19:28 - 00000000 ___RD D:\Documents and Settings\All Users\Nabídka Start\Programy
2016-03-15 10:48 - 2005-11-28 19:28 - 00000000 ____D D:\Documents and Settings\All Users\Plocha
2016-03-15 10:45 - 2013-11-06 16:24 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Stažené soubory
2016-03-15 10:34 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Local Settings\Data aplikací
2016-03-15 10:13 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Nabídka Start\Programy\Po spuštění
2016-03-15 10:12 - 2014-05-06 13:14 - 00000222 _____ D:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-03-15 10:10 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Nabídka Start\Programy
2016-03-15 10:10 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna\Plocha
2016-03-15 09:32 - 2013-09-18 10:13 - 00000466 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{0BBC05CF-1BC5-4D80-A578-27B0F791C627}.job
2016-03-15 09:15 - 2013-09-17 09:38 - 00001604 _____ D:\Documents and Settings\vesna\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 09:15 - 2005-11-28 11:38 - 00001568 _____ D:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2016-03-15 09:13 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Okolní síť
2016-03-14 16:46 - 2015-12-30 13:30 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Leták
2016-03-14 15:33 - 2015-03-02 14:44 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Tesco
2016-03-14 15:33 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Dokumenty
2016-03-14 15:33 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Šablony
2016-03-14 15:33 - 2005-11-30 12:03 - 00000000 ___HD D:\Documents and Settings\administrator\Šablony
2016-03-14 15:33 - 2005-11-28 19:28 - 00000000 ___HD D:\Documents and Settings\Default User\Šablony
2016-03-14 15:33 - 2005-11-28 11:36 - 00000000 ___RD D:\Documents and Settings\All Users\Dokumenty\Obrázky
2016-03-14 15:31 - 2013-12-23 14:25 - 00000000 ____D D:\Podpis
2016-03-14 15:29 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Dokumenty\Obrázky
2016-03-14 15:28 - 2015-12-30 13:29 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\vyřízené
2016-03-14 15:28 - 2014-05-07 08:23 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Radka
2016-03-14 15:28 - 2005-11-30 12:03 - 00000000 ___HD D:\Documents and Settings\administrator\Local Settings\Data aplikací
2016-03-14 15:27 - 2015-12-16 10:52 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Radka plocha
2016-03-14 15:27 - 2015-12-02 12:35 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Petra
2016-03-14 15:27 - 2015-05-27 09:37 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\invoices Mai 2015
2016-03-14 15:27 - 2015-04-07 10:48 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Credit note SK VESNA
2016-03-14 15:27 - 2005-11-28 15:28 - 00000000 ____D D:\WINGED
2016-03-14 15:23 - 2015-09-14 07:28 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\p. PLAČEK
2016-03-14 15:23 - 2015-04-27 12:21 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\AKCE 2015
2016-03-14 15:23 - 2005-11-28 19:28 - 00000000 ___HD D:\Documents and Settings\All Users\Šablony
2016-03-14 15:22 - 2015-06-11 06:29 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\ZALISTOVÁNÍ ZBOŽÍ_2015
2016-03-14 15:22 - 2015-01-20 14:08 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\AKCE 2014
2016-03-14 15:22 - 2013-09-18 07:46 - 00000000 ____D D:\vpn
2016-03-14 15:19 - 2008-07-18 06:44 - 00000000 ____D D:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
2016-03-14 07:06 - 2012-09-27 09:43 - 00000000 ____D D:\Program Files\Mozilla Maintenance Service
2016-03-09 12:03 - 2005-11-28 14:04 - 00000212 _____ D:\WINDOWS\Tasks\Nod32lic.job
2016-03-09 03:05 - 2013-08-15 14:20 - 00000000 ____D D:\WINDOWS\system32\MRT
2016-03-09 03:00 - 2007-06-19 12:04 - 141270216 ____C (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2016-03-08 15:08 - 2014-05-06 13:14 - 00000216 _____ D:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
==================== Files in the root of some directories =======
2013-09-18 07:15 - 2007-09-20 03:45 - 0090112 ____R (Axesstel) D:\Program Files\axesstel.dll
2013-09-18 07:15 - 2007-09-20 03:45 - 0118784 ____R () D:\Program Files\MSP_Uninstall.exe
2016-03-14 15:28 - 2016-03-14 15:28 - 5364162 ____N () D:\Documents and Settings\vesna\Local Settings\Data aplikací\8A92DE3DCF92D492ED1312A5107A2D0C.locky
2016-03-15 10:34 - 2016-03-15 10:34 - 0162689 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\ars.cache
2016-03-15 10:34 - 2016-03-15 10:34 - 0188392 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\census.cache
2016-03-15 10:15 - 2016-03-15 10:15 - 0000036 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\housecall.guid.cache
2016-03-14 15:28 - 2016-03-14 15:28 - 0001073 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2006-03-17 07:51 - 2006-03-17 07:51 - 0185872 ____C () D:\Documents and Settings\All Users\NCCD.log
2016-03-15 10:52 - 2016-03-15 10:52 - 0218067 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035130.bdinstall.bin
2016-03-15 10:54 - 2016-03-15 10:54 - 0037461 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035691.bdinstall.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0042015 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.1628.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0001334 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.2204.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0002406 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.3208.bin
2016-03-15 10:55 - 2016-03-15 10:55 - 0009635 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.3504.bin
2016-03-14 15:31 - 2016-03-14 15:31 - 0003780 _____ () D:\Documents and Settings\All Users\Data aplikací\8A92DE3DCF92D4921CD205F4ECCB8E98.locky
2007-07-25 12:21 - 2013-09-17 09:03 - 0007563 ____C () D:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2015-02-27 09:00 - 2012-07-16 16:28 - 0024772 _____ () D:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
2015-02-27 09:00 - 2012-08-13 20:22 - 0004364 ____R () D:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
2016-03-14 15:31 - 2016-03-14 15:31 - 0001073 _____ () D:\Documents and Settings\All Users\Data aplikací\_Locky_recover_instructions.txt
Some files in TEMP:
====================
D:\Documents and Settings\administrator\Local Settings\Temp\hpzmsi01.exe
D:\Documents and Settings\administrator\Local Settings\Temp\hpzscr01.exe
D:\Documents and Settings\administrator\Local Settings\Temp\Nokia_PC_Suite_683_rel_14_1_cze.exe
D:\Documents and Settings\vesna\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
D:\Documents and Settings\vesna\Local Settings\Temp\jre-8u73-windows-au.exe
D:\Documents and Settings\vesna\Local Settings\Temp\siinst.exe
D:\Documents and Settings\vesna\Local Settings\Temp\sqlite3.dll
D:\Documents and Settings\vesna\Local Settings\Temp\strings.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\dnsapi.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Log z FRST :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by vesna (administrator) on CKTAGPC4 (15-03-2016 11:42:47)
Running from G:\
Loaded Profiles: vesna (Available Profiles: vesna & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [14396416 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => D:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WinVNC] => D:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group)
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ESDUSBMon.exe] => D:\WINDOWS\system32\ESDUSBMon.exe [188416 2005-05-26] (SEIKO EPSON Corp.)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3159744 2013-10-07] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [InstallerLauncher] => D:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe [500328 2016-03-15] (Bitdefender)
HKLM\...\Run: [SpyHunter Security Suite] => D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7252864 2016-03-15] (Enigma Software Group USA, LLC.)
Startup: D:\Documents and Settings\vesna\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk [2015-07-09]
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B6A86341-B7FE-448A-A41F-B91A192A3210}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-1935655697-343818398-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
FireFox:
========
FF ProfilePath: D:\Documents and Settings\vesna\Data aplikací\Mozilla\Firefox\Profiles\rz2ynknj.default
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-21] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-10-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Extension: Default - D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-19] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - D:\Program Files\Hewlett-Packard\SmartPrint\QPExtension => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 EhttpSrv; D:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [34296 2013-10-07] (ESET)
S2 ekrn; D:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1025584 2013-10-07] (ESET)
S2 EPSON ESCPOS Status Service; D:\WINDOWS\system32\EpStsSrv.exe [77824 2006-05-17] (SEIKO EPSON Corp.) [File not signed]
S3 ESHASRV; D:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [185104 2013-10-07] (ESET)
S4 gzserv; D:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-15] (Bitdefender)
S3 HP Port Resolver; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S2 JavaQuickStarterService; D:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S2 MDM; D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-04-26] () [File not signed]
S2 SpyHunter 4 Service; D:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-03-15] (Enigma Software Group USA, LLC.)
S2 winvnc; D:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 avc3; D:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; D:\WINDOWS\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; D:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S3 Axtmvflt; D:\WINDOWS\System32\DRIVERS\Axtmvflt.sys [3456 2007-09-20] (Axesstel) [File not signed]
S3 Axtmvmdm; D:\WINDOWS\System32\DRIVERS\Axtmvmdm.sys [40064 2007-09-20] (Axesstel) [File not signed]
S3 Axtmvprt; D:\WINDOWS\System32\Drivers\Axtmvprt.sys [38784 2007-09-20] (Axesstel) [File not signed]
S1 bdftdif; D:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
S4 bdselfpr; D:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 cmpci; D:\WINDOWS\System32\drivers\cmaudio.sys [373518 2002-03-01] (C-Media Inc) [File not signed]
S1 eamon; D:\WINDOWS\System32\DRIVERS\eamon.sys [166672 2013-10-25] (ESET)
S1 ehdrv; D:\WINDOWS\System32\DRIVERS\ehdrv.sys [128056 2013-09-09] (ESET)
S4 epfwtdir; D:\WINDOWS\System32\DRIVERS\epfwtdir.sys [110552 2013-09-09] (ESET)
S2 Esdpdx01; D:\WINDOWS\system32\Drivers\ESDPDX01.SYS [95485 2003-12-25] (MK Systems CO., LTD.) [File not signed]
S3 EsgScanner; D:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-03-15] ()
S3 gameenum; D:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S4 gzflt; D:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MTsensor; D:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 Rcphook; D:\WINDOWS\System32\DRIVERS\rcpmini.sys [3264 2005-02-25] (Alchemy Lab) [File not signed]
R3 tap0901; D:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-04-26] (The OpenVPN Project) [File not signed]
S3 TMUSB; D:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [47616 2007-01-19] (SEIKO EPSON Corp.)
S0 trufos; D:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S4 IntelIde; no ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 11:07 - 2016-03-15 11:07 - 00000000 ____D D:\sh4ldr
2016-03-15 11:07 - 2016-03-15 11:07 - 00000000 ____D D:\Documents and Settings\vesna\Data aplikací\Enigma Software Group
2016-03-15 11:04 - 2016-03-15 11:04 - 00019984 _____ D:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-15 11:04 - 2016-03-15 11:04 - 00000000 ____D D:\Program Files\Enigma Software Group
2016-03-15 10:57 - 2016-03-15 11:03 - 00064444 _____ D:\WINDOWS\ntbtlog.txt
2016-03-15 10:56 - 2016-03-15 10:56 - 00184624 _____ D:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2016-03-15 10:55 - 2016-03-15 10:55 - 00009635 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.3504.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00042015 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.1628.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00002406 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.3208.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 00001334 _____ D:\Documents and Settings\All Users\Data aplikací\1458035695.2204.bin
2016-03-15 10:54 - 2016-03-15 10:54 - 00037461 _____ D:\Documents and Settings\All Users\Data aplikací\1458035691.bdinstall.bin
2016-03-15 10:52 - 2016-03-15 10:52 - 00218067 _____ D:\Documents and Settings\All Users\Data aplikací\1458035130.bdinstall.bin
2016-03-15 10:52 - 2016-03-15 10:52 - 00000000 ____D D:\Documents and Settings\LocalService\Data aplikací\QuickScan
2016-03-15 10:48 - 2016-03-15 10:48 - 00001872 _____ D:\Documents and Settings\All Users\Plocha\Bitdefender Antivirus Free Edition.lnk
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____H D:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____H D:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-03-15 10:48 - 2016-03-15 10:48 - 00000000 ____D D:\Documents and Settings\All Users\Nabídka Start\Programy\Antivirus Free Edition
2016-03-15 10:47 - 2016-03-15 10:47 - 00000000 __HDC D:\WINDOWS\$NtUninstallWdf01009$
2016-03-15 10:47 - 2016-03-15 10:47 - 00000000 ____D D:\WINDOWS\LastGood
2016-03-15 10:47 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avc3.sys
2016-03-15 10:47 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avckf.sys
2016-03-15 10:47 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) D:\WINDOWS\system32\Drivers\avchv.sys
2016-03-15 10:47 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) D:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-03-15 10:46 - 2016-03-15 10:47 - 00048933 _____ D:\Report 2016-03-15 10.46.05.txt
2016-03-15 10:46 - 2016-03-15 10:46 - 00000000 ____D D:\Documents and Settings\vesna\Data aplikací\QuickScan
2016-03-15 10:45 - 2016-03-15 10:48 - 00000000 ____D D:\Program Files\Bitdefender
2016-03-15 10:45 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) D:\WINDOWS\system32\Drivers\trufos.sys
2016-03-15 10:45 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) D:\WINDOWS\system32\Drivers\gzflt.sys
2016-03-15 10:37 - 2016-03-15 11:42 - 00000000 ____D D:\FRST
2016-03-15 10:34 - 2016-03-15 10:34 - 00188392 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\census.cache
2016-03-15 10:34 - 2016-03-15 10:34 - 00162689 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\ars.cache
2016-03-15 10:15 - 2016-03-15 10:15 - 00000036 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\housecall.guid.cache
2016-03-15 10:02 - 2016-03-15 10:10 - 00000000 ____D D:\Program Files\AdwCleaner
2016-03-15 10:00 - 2016-03-15 10:00 - 00000000 ____D D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-03-14 16:58 - 2016-03-14 17:09 - 00026340 _____ D:\Documents and Settings\vesna\Plocha\Příjemky ČR.ods
2016-03-14 15:33 - 2016-03-14 15:33 - 00365482 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922BF7F37056900F7A.locky
2016-03-14 15:31 - 2016-03-14 15:31 - 00003780 _____ D:\Documents and Settings\All Users\Data aplikací\8A92DE3DCF92D4921CD205F4ECCB8E98.locky
2016-03-14 15:31 - 2016-03-14 15:31 - 00001073 _____ D:\Documents and Settings\All Users\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:29 - 2016-03-14 15:29 - 00189038 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49228D242B27F441D23.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 05364162 ____N D:\Documents and Settings\vesna\Local Settings\Data aplikací\8A92DE3DCF92D492ED1312A5107A2D0C.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 04837850 _____ D:\Documents and Settings\administrator\Local Settings\Data aplikací\8A92DE3DCF92D4922B8F4BE8A9B5AA69.locky
2016-03-14 15:28 - 2016-03-14 15:28 - 00001073 _____ D:\Documents and Settings\vesna\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:28 - 2016-03-14 15:28 - 00001073 _____ D:\Documents and Settings\administrator\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2016-03-14 15:27 - 2016-03-14 15:27 - 00597840 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49253E5D1E3B6A77850.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00208468 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4922D9B7E681FC2375D.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00170290 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4924DD4778DF20B51C7.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00139338 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DEC8FD781B5B4262.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00058293 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926F7643D4D2D19D6D.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00044426 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F857ED9941368380.locky
2016-03-14 15:27 - 2016-03-14 15:27 - 00026287 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49221E90F7919261029.locky
2016-03-14 15:26 - 2016-03-14 15:26 - 00081246 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DBCC0DF88E685A6B.locky
2016-03-14 15:25 - 2016-03-14 15:25 - 00001073 _____ D:\Documents and Settings\vesna\_Locky_recover_instructions.txt
2016-03-14 15:25 - 2016-03-14 15:25 - 00000917 _____ D:\Documents and Settings\vesna\8A92DE3DCF92D492EBA9BA681ADB06C8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00237654 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492D4DA1EB7E5490679.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00075729 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492240E0361359E06FD.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00049139 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C06C72535FBD27AF.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00049102 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4923E4C3429DA113448.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00028418 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925E19A22D3FD1A598.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00028414 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49246C812D8D73882F9.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00027536 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492853A98E04F0ACA68.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00027530 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C7067B0ED035DA0B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00026845 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DAE679459662C37A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00025554 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4920692B170016A3F64.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00025332 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492CC3CA06645EBE7DD.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024405 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492384F8B662BFBFD5D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EF48A209E4C0451B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4928F2CBF6E5E20DDB5.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49244B97B4A1CD5004B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024368 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49242CD54EE7880ADC0.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00024363 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492A8959CBDFB184125.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00023627 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922F9D45DACE89EE59.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00022828 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4921997400459838EC2.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00019631 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925687EA5636FB04B2.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00019143 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4926A4A88522CBC3360.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00018882 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49272A24FFBD2E6789D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00018756 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49269F93887DA016716.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00016103 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49250431A8A2B407AF6.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015701 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492627E88E829BD288F.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015649 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4928B58ED342F636E47.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015176 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B09308DB6390B218.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00015041 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C16F8D326C038636.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00014768 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F88121D41920AEA8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00014390 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49259EA0B6BAFD2FBFA.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00013239 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4927C8A69C9E11CFE5A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012754 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926274FA23B2796EE8.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012631 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C0125A2C334E5636.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00012425 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492C99890DF7A2F5FB0.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011826 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926B73D9A15657165C.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011624 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4926E6AE2EF4F489187.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00011573 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EB191C9E811CC24D.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00010564 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492E07A8576923EA110.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00009986 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49283E16AF2A947B90B.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00009978 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492EF6AADDB03969AF4.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008378 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49276CB3074109D8C9E.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492F42C0C2235ACAD4A.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4921E9B59B6B5C76C46.locky
2016-03-14 15:23 - 2016-03-14 15:23 - 00008377 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D49207766D73E8EEA916.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00289604 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C7EBFA33417ACA8A.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00156996 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927B817A07B7E627C2.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C897D51C536F9648.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492ABADAA4F4A0F0E7B.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043844 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4925FDCFE3EB8B4AB93.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00043332 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492AEA9B3D6F42DF697.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00042820 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492613243B906CC3AAD.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00042308 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D49228741F87B2B76B77.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00031044 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492F2543CD9B16BEC36.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00030532 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927D68AEB6F1137738.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00028484 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492F210A795ED74F527.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00024395 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DE5999D6D6127071.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00024363 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492897CA5AEBBD29919.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00023364 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4923C36F528C0694668.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00022820 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4922A101E76F271BAAB.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00019273 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492408FBB073B1549A9.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00017144 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B9E2135EEC67C723.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00016708 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492FA71081B7CCC3EA3.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00015817 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492FF922C2ABB872720.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00014700 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4921551BA041062550D.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00013431 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4927670D5B8CF7CC7A6.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00013124 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D492DAFB11A13C31404C.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00012990 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4923562510445962D5A.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00011588 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D4922B4AD5A60CFDD1BC.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00010382 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492C4490BDCF21C89C5.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00010052 _____ D:\Documents and Settings\vesna\Plocha\8A92DE3DCF92D492B531D5B93EE1BA4F.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00007553 _____ D:\Documents and Settings\vesna\Dokumenty\8A92DE3DCF92D4925F2C79D0038B101B.locky
2016-03-14 15:22 - 2016-03-14 15:22 - 00001073 _____ D:\Documents and Settings\vesna\Plocha\_Locky_recover_instructions.txt
2016-03-14 15:22 - 2016-03-14 15:22 - 00001073 _____ D:\Documents and Settings\vesna\Dokumenty\_Locky_recover_instructions.txt
2016-03-08 21:12 - 2016-03-09 09:01 - 00000000 ____D D:\Program Files\Mozilla Firefox
2016-02-23 09:07 - 2016-02-25 15:48 - 00000000 ____D D:\Program Files\Mozilla Thunderbird
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-15 11:43 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna\Local Settings\Temp
2016-03-15 11:22 - 2005-11-28 11:38 - 00001604 ____C D:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 11:20 - 2005-11-30 12:03 - 00001604 ____C D:\Documents and Settings\administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 11:07 - 2013-09-17 09:38 - 00000000 __RHD D:\Documents and Settings\vesna\Data aplikací
2016-03-15 11:07 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna
2016-03-15 11:07 - 2005-11-28 19:21 - 00000000 ___HD D:\WINDOWS\inf
2016-03-15 10:59 - 2004-08-18 13:00 - 00013646 _____ D:\WINDOWS\system32\wpa.dbl
2016-03-15 10:56 - 2013-09-17 09:38 - 00000178 ___SH D:\Documents and Settings\vesna\ntuser.ini
2016-03-15 10:56 - 2005-11-28 11:42 - 00032318 _____ D:\WINDOWS\SchedLgU.Txt
2016-03-15 10:56 - 2005-11-28 11:42 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
2016-03-15 10:56 - 2005-11-28 11:42 - 00000000 ___HD D:\Documents and Settings\LocalService\Local Settings\Data aplikací
2016-03-15 10:54 - 2005-11-28 19:28 - 00000000 __RHD D:\Documents and Settings\All Users\Data aplikací
2016-03-15 10:48 - 2005-11-28 19:28 - 00000000 ___RD D:\Documents and Settings\All Users\Nabídka Start\Programy
2016-03-15 10:48 - 2005-11-28 19:28 - 00000000 ____D D:\Documents and Settings\All Users\Plocha
2016-03-15 10:45 - 2013-11-06 16:24 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Stažené soubory
2016-03-15 10:34 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Local Settings\Data aplikací
2016-03-15 10:13 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Nabídka Start\Programy\Po spuštění
2016-03-15 10:12 - 2014-05-06 13:14 - 00000222 _____ D:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-03-15 10:10 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Nabídka Start\Programy
2016-03-15 10:10 - 2013-09-17 09:38 - 00000000 ____D D:\Documents and Settings\vesna\Plocha
2016-03-15 09:32 - 2013-09-18 10:13 - 00000466 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{0BBC05CF-1BC5-4D80-A578-27B0F791C627}.job
2016-03-15 09:15 - 2013-09-17 09:38 - 00001604 _____ D:\Documents and Settings\vesna\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-03-15 09:15 - 2005-11-28 11:38 - 00001568 _____ D:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2016-03-15 09:13 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Okolní síť
2016-03-14 16:46 - 2015-12-30 13:30 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Leták
2016-03-14 15:33 - 2015-03-02 14:44 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Tesco
2016-03-14 15:33 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Dokumenty
2016-03-14 15:33 - 2013-09-17 09:38 - 00000000 ___HD D:\Documents and Settings\vesna\Šablony
2016-03-14 15:33 - 2005-11-30 12:03 - 00000000 ___HD D:\Documents and Settings\administrator\Šablony
2016-03-14 15:33 - 2005-11-28 19:28 - 00000000 ___HD D:\Documents and Settings\Default User\Šablony
2016-03-14 15:33 - 2005-11-28 11:36 - 00000000 ___RD D:\Documents and Settings\All Users\Dokumenty\Obrázky
2016-03-14 15:31 - 2013-12-23 14:25 - 00000000 ____D D:\Podpis
2016-03-14 15:29 - 2013-09-17 09:38 - 00000000 ___RD D:\Documents and Settings\vesna\Dokumenty\Obrázky
2016-03-14 15:28 - 2015-12-30 13:29 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\vyřízené
2016-03-14 15:28 - 2014-05-07 08:23 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Radka
2016-03-14 15:28 - 2005-11-30 12:03 - 00000000 ___HD D:\Documents and Settings\administrator\Local Settings\Data aplikací
2016-03-14 15:27 - 2015-12-16 10:52 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Radka plocha
2016-03-14 15:27 - 2015-12-02 12:35 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\Petra
2016-03-14 15:27 - 2015-05-27 09:37 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\invoices Mai 2015
2016-03-14 15:27 - 2015-04-07 10:48 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\Credit note SK VESNA
2016-03-14 15:27 - 2005-11-28 15:28 - 00000000 ____D D:\WINGED
2016-03-14 15:23 - 2015-09-14 07:28 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\p. PLAČEK
2016-03-14 15:23 - 2015-04-27 12:21 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\AKCE 2015
2016-03-14 15:23 - 2005-11-28 19:28 - 00000000 ___HD D:\Documents and Settings\All Users\Šablony
2016-03-14 15:22 - 2015-06-11 06:29 - 00000000 ____D D:\Documents and Settings\vesna\Dokumenty\ZALISTOVÁNÍ ZBOŽÍ_2015
2016-03-14 15:22 - 2015-01-20 14:08 - 00000000 ____D D:\Documents and Settings\vesna\Plocha\AKCE 2014
2016-03-14 15:22 - 2013-09-18 07:46 - 00000000 ____D D:\vpn
2016-03-14 15:19 - 2008-07-18 06:44 - 00000000 ____D D:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
2016-03-14 07:06 - 2012-09-27 09:43 - 00000000 ____D D:\Program Files\Mozilla Maintenance Service
2016-03-09 12:03 - 2005-11-28 14:04 - 00000212 _____ D:\WINDOWS\Tasks\Nod32lic.job
2016-03-09 03:05 - 2013-08-15 14:20 - 00000000 ____D D:\WINDOWS\system32\MRT
2016-03-09 03:00 - 2007-06-19 12:04 - 141270216 ____C (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2016-03-08 15:08 - 2014-05-06 13:14 - 00000216 _____ D:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
==================== Files in the root of some directories =======
2013-09-18 07:15 - 2007-09-20 03:45 - 0090112 ____R (Axesstel) D:\Program Files\axesstel.dll
2013-09-18 07:15 - 2007-09-20 03:45 - 0118784 ____R () D:\Program Files\MSP_Uninstall.exe
2016-03-14 15:28 - 2016-03-14 15:28 - 5364162 ____N () D:\Documents and Settings\vesna\Local Settings\Data aplikací\8A92DE3DCF92D492ED1312A5107A2D0C.locky
2016-03-15 10:34 - 2016-03-15 10:34 - 0162689 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\ars.cache
2016-03-15 10:34 - 2016-03-15 10:34 - 0188392 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\census.cache
2016-03-15 10:15 - 2016-03-15 10:15 - 0000036 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\housecall.guid.cache
2016-03-14 15:28 - 2016-03-14 15:28 - 0001073 _____ () D:\Documents and Settings\vesna\Local Settings\Data aplikací\_Locky_recover_instructions.txt
2006-03-17 07:51 - 2006-03-17 07:51 - 0185872 ____C () D:\Documents and Settings\All Users\NCCD.log
2016-03-15 10:52 - 2016-03-15 10:52 - 0218067 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035130.bdinstall.bin
2016-03-15 10:54 - 2016-03-15 10:54 - 0037461 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035691.bdinstall.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0042015 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.1628.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0001334 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.2204.bin
2016-03-15 10:54 - 2016-03-15 10:55 - 0002406 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.3208.bin
2016-03-15 10:55 - 2016-03-15 10:55 - 0009635 _____ () D:\Documents and Settings\All Users\Data aplikací\1458035695.3504.bin
2016-03-14 15:31 - 2016-03-14 15:31 - 0003780 _____ () D:\Documents and Settings\All Users\Data aplikací\8A92DE3DCF92D4921CD205F4ECCB8E98.locky
2007-07-25 12:21 - 2013-09-17 09:03 - 0007563 ____C () D:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2015-02-27 09:00 - 2012-07-16 16:28 - 0024772 _____ () D:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
2015-02-27 09:00 - 2012-08-13 20:22 - 0004364 ____R () D:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
2016-03-14 15:31 - 2016-03-14 15:31 - 0001073 _____ () D:\Documents and Settings\All Users\Data aplikací\_Locky_recover_instructions.txt
Some files in TEMP:
====================
D:\Documents and Settings\administrator\Local Settings\Temp\hpzmsi01.exe
D:\Documents and Settings\administrator\Local Settings\Temp\hpzscr01.exe
D:\Documents and Settings\administrator\Local Settings\Temp\Nokia_PC_Suite_683_rel_14_1_cze.exe
D:\Documents and Settings\vesna\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
D:\Documents and Settings\vesna\Local Settings\Temp\jre-8u73-windows-au.exe
D:\Documents and Settings\vesna\Local Settings\Temp\siinst.exe
D:\Documents and Settings\vesna\Local Settings\Temp\sqlite3.dll
D:\Documents and Settings\vesna\Local Settings\Temp\strings.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\dnsapi.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================