Ransomware GandCrab v5.0.4 Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod jaro3 » 23 lis 2018 21:54

Ovládací panely\Uživatelské účty a zabezpečení rodiny\Uživatelské účty\Spravovat účty


tak dej ještě nový frst , odmažeme a necháme jeden + smažeme spyhunter.

možná až v neděli večer.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 09:16

No právě že mám Win 10 a tam mám jen svůj Administrátorský účet a v Rodině Pepa účet. Další nejsou zobrazeny.
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:00

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by Kedar (administrator) on KEDAR-PC (24-11-2018 09:31:46)
Running from C:\Users\Kedar\Desktop
Loaded Profiles: Kedar (Available Profiles: Kedar & Pepa)
Platform: Windows 10 Home Version 1809 17763.134 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(ICEpower a/s) C:\Windows\System32\ICEsoundService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(HP Inc.) C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2018-11-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-10-12] (ESET)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1248986085-3350451917-519491516-1001\...\Run: [HP DeskJet 4530 series (NET)] => C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvinitx.dll [209128 2018-03-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\system32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvinit.dll => C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvinit.dll [182592 2018-03-25] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4982d421-ff96-449f-8ac8-d34ff2778fa7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{95d4f4d3-ec63-417e-9851-a0ccdc701dd0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9693d931-79bb-4ace-ad7a-fdfc711b27c0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a162a91a-26b5-4a0c-8553-b752105158bb}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-08-03] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.6.0.0_neutral__c1wakc4j0nefm [2018-11-12]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR NewTab: Default -> Not-active:"chrome-extension://dljbcjbfojhlfhgenhepllagfecdpchb/startpage/startpage.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default [2018-11-24]
CHR Extension: (Prezentace) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (BetterTTV) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Dokumenty) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-05]
CHR Extension: (YouTube) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-05]
CHR Extension: (True Key™ by McAfee) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci [2018-08-10]
CHR Extension: (PasswordBox) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2017-09-28]
CHR Extension: (Google+) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2017-03-05]
CHR Extension: (Session Buddy) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Dark Reader) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2018-11-02]
CHR Extension: (Shoptagr - Your Personal Shopping Assistant) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\emalgedpdlghbkikiaeocoblajamonoh [2018-11-20]
CHR Extension: (Tabulky) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Radiant Community Extension) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfffnbhinkdleedlodeeodpaipoeonoa [2017-03-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-14]
CHR Extension: (Speed Test Internet) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhbmnfdcklajeaeikfinieljfegamko [2018-11-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-11-16]
CHR Extension: (Mapy Google) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-03-05]
CHR Extension: (My Music Play List) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpldeidflnblidgnlmdiiedgpjemlac [2018-11-20]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2018-10-12]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2017-08-17]
CHR Extension: (Twitch Now) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2018-04-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (piZap Photo Editor) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2017-03-05]
CHR Extension: (Gmail) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kedar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\FileAbap <==== ATTENTION (Rootkit!)

R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-14] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
S4 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-11-02] (EnigmaSoft Limited)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2018-11-03] (ELAN Microelectronics Corp.)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.62\elevation_service.exe [443736 2018-11-20] (Google Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-11-03] (SurfRight B.V.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel Corporation)
R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [483808 2018-11-03] (ICEpower a/s)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-19] (NVIDIA Corporation)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-08-21] ()
S4 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-11-02] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2201440 2017-11-09] (Sony) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [34416 2017-06-20] (AnvSoft Inc.)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2018-03-08] (Windows (R) Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2018-03-08] (Windows (R) Win 7 DDK provider)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2017-05-14] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2017-05-14] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-10-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107896 2018-10-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-08-27] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-08-27] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-08-27] (ESET)
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-11-02] (EnigmaSoft Limited)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-08-27] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-08-27] (ESET)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2018-11-03] (ESET)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-11-03] (REALiX(tm))
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136720 2018-05-15] (Intel Corporation)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [54648 2018-11-03] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3586072 2018-05-11] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-11-03] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [430016 2018-11-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9101016 2018-11-03] (Realtek Semiconductor Corp.)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2018-11-20] ()
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-11-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-31] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:05

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-23 21:04 - 2018-11-23 21:05 - 000109946 _____ C:\TDSSKiller.2.8.16.0_23.11.2018_21.04.47_log.txt
2018-11-23 21:04 - 2018-11-23 21:04 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\89068503.sys
2018-11-23 21:03 - 2018-11-23 21:03 - 000000000 ____D C:\Users\Kedar\Desktop\tdsskiller
2018-11-23 21:03 - 2013-02-11 18:51 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Kedar\Desktop\TDSSKiller.exe
2018-11-23 19:50 - 2018-11-23 19:51 - 000000007 _____ C:\Users\Kedar\Desktop\PFCZ.txt
2018-11-23 18:13 - 2018-11-23 18:13 - 002218636 _____ C:\Users\Kedar\Desktop\tdsskiller.zip
2018-11-23 17:30 - 2018-11-23 17:30 - 000008906 _____ C:\Users\Kedar\Downloads\cs-CZ.lang
2018-11-23 16:03 - 2018-11-23 16:07 - 000011143 _____ C:\Users\Kedar\Desktop\Fixlog.txt
2018-11-21 22:12 - 2018-11-21 22:12 - 000000000 ____D C:\Users\Kedar\Desktop\backups
2018-11-21 21:11 - 2018-11-21 22:06 - 000053519 _____ C:\Users\Kedar\Desktop\Addition.txt
2018-11-21 21:09 - 2018-11-24 09:32 - 000022205 _____ C:\Users\Kedar\Desktop\FRST.txt
2018-11-21 21:09 - 2018-11-24 09:31 - 000000000 ____D C:\FRST
2018-11-21 18:48 - 2018-11-21 18:48 - 002416640 _____ (Farbar) C:\Users\Kedar\Desktop\FRST64.exe
2018-11-21 17:59 - 2018-11-21 17:59 - 000113543 _____ C:\Users\Kedar\Desktop\qq.pdf
2018-11-20 19:15 - 2018-11-20 19:15 - 000000000 ____D C:\Users\Kedar\AppData\Local\DBG
2018-11-20 14:06 - 2018-11-20 14:06 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-11-20 14:06 - 2018-11-20 14:06 - 000000000 ____D C:\Users\Kedar\AppData\Local\Zemana
2018-11-20 14:06 - 2018-11-20 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-11-20 14:06 - 2018-11-20 14:06 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-11-20 12:12 - 2018-11-20 12:12 - 006625600 _____ (Zemana Ltd. ) C:\Users\Kedar\Downloads\Zemana.AntiMalware.Setup.exe
2018-11-20 11:35 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-11-20 10:46 - 2018-11-20 11:26 - 000000000 ____D C:\zoek_backup
2018-11-20 10:43 - 2018-11-20 10:43 - 002038755 _____ C:\Users\Kedar\Desktop\zoek.exe
2018-11-20 10:06 - 2018-11-20 10:09 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2018-11-19 22:11 - 2018-11-21 21:08 - 000000000 ____D C:\Users\Kedar\Documents\Songs
2018-11-19 20:41 - 2018-11-19 20:41 - 000004490 _____ C:\Users\Kedar\Desktop\Rogue.txt
2018-11-19 20:14 - 2018-11-19 20:15 - 033263160 _____ C:\Users\Kedar\Desktop\RogueKiller_portable64.exe
2018-11-19 18:19 - 2018-11-19 18:20 - 000000000 ____D C:\AdwCleaner
2018-11-18 20:27 - 2018-11-18 20:28 - 008630444 _____ C:\Users\Kedar\Downloads\It’s alright, it’s okay.... RT.mp4
2018-11-18 18:02 - 2018-11-21 19:05 - 000010059 _____ C:\Users\Kedar\Documents\Tools.txt
2018-11-18 14:07 - 2018-11-18 14:07 - 000000000 ____D C:\ProgramData\Sophos
2018-11-18 14:06 - 2018-11-18 14:06 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-11-18 14:06 - 2018-11-18 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-11-18 14:06 - 2018-11-18 14:06 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-11-17 23:58 - 2018-11-17 23:58 - 007592144 _____ (Malwarebytes) C:\Users\Kedar\Desktop\adwcleaner_7.2.4.0.exe
2018-11-17 23:56 - 2018-11-17 23:57 - 000448512 _____ (OldTimer Tools) C:\Users\Kedar\Desktop\TFC.exe
2018-11-17 20:28 - 2018-11-17 20:28 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Abelssoft
2018-11-17 20:28 - 2018-11-17 20:28 - 000000000 ____D C:\Users\Kedar\AppData\Local\Abelssoft
2018-11-17 20:28 - 2018-11-17 20:28 - 000000000 ____D C:\ProgramData\XDMessagingv4
2018-11-17 20:18 - 2018-11-17 20:24 - 206758184 _____ (Sophos Limited) C:\Users\Kedar\Downloads\Sophos Virus Removal Tool.exe
2018-11-17 19:40 - 2018-11-19 16:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-17 19:40 - 2018-11-17 19:40 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-11-17 19:28 - 2018-11-17 19:28 - 000000000 ____D C:\Users\Kedar\AppData\LocalLow\Adobe
2018-11-17 19:27 - 2018-11-19 16:29 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-17 19:14 - 2018-11-17 19:39 - 000000000 ____D C:\ProgramData\Adobe
2018-11-17 19:11 - 2018-11-17 19:41 - 000000000 ____D C:\Users\Kedar\AppData\Local\Adobe
2018-11-17 18:54 - 2018-11-12 16:04 - 000000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bkup
2018-11-16 17:09 - 2018-11-16 17:09 - 011093199 _____ C:\Users\Kedar\Downloads\THE BETRAYAL - Best of LoL Streams #457.mp4
2018-11-15 14:37 - 2018-11-15 14:38 - 067403394 _____ C:\Users\Kedar\Downloads\YouTube_VANCED-13.45.52_BLACK .apk
2018-11-15 14:37 - 2018-11-15 14:37 - 002823561 _____ C:\Users\Kedar\Downloads\microG_YouTube_Vanced_0.2.4-105.apk
2018-11-14 18:49 - 2018-11-14 18:50 - 124280056 _____ C:\Users\Kedar\Downloads\RYTMUS---Fenomen-by FrutaKruta.rar
2018-11-14 17:39 - 2018-11-14 17:39 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 17:39 - 2018-11-14 17:39 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-14 17:39 - 2018-11-14 17:39 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 17:39 - 2018-11-14 17:39 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-14 17:39 - 2018-11-14 17:39 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-14 17:39 - 2018-11-14 17:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-14 17:38 - 2018-11-14 17:39 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 026804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 020808704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 009696264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 003379216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002617856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001843432 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001641608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001279000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001064248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 001053352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 17:38 - 2018-11-14 17:38 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000506392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-11-14 17:38 - 2018-11-14 17:38 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-14 17:38 - 2018-11-14 17:38 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 17:38 - 2018-11-14 17:38 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 17:37 - 2018-11-14 17:37 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 17:37 - 2018-11-14 17:37 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 17:37 - 2018-11-14 17:37 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-14 17:37 - 2018-11-14 17:37 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 17:37 - 2018-11-14 17:37 - 000298488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-11-14 17:37 - 2018-11-14 17:37 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-11-14 17:37 - 2018-11-14 17:37 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-12 16:04 - 2018-11-12 16:04 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Obsidium
2018-11-09 11:25 - 2018-11-09 11:25 - 000000000 ____D C:\Users\Pepa\AppData\Local\mbam
2018-11-08 10:58 - 2018-11-08 10:58 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Macromedia
2018-11-06 21:54 - 2018-11-06 21:54 - 000000000 ____D C:\Users\Kedar\Desktop\Nová složka
2018-11-05 18:52 - 2018-11-05 18:52 - 000118226 _____ C:\Users\Kedar\Downloads\batteryinfoview.zip
2018-11-05 18:48 - 2018-11-05 18:48 - 001889038 _____ C:\Users\Kedar\Downloads\LoL-item-sets-0.3.0.1.zip
2018-11-05 14:20 - 2018-11-05 14:20 - 000006864 _____ C:\Users\Pepa\Downloads\24550--c172x172.jpg.bphvnm
2018-11-05 13:49 - 2018-11-05 13:49 - 000048246 _____ C:\Users\Pepa\Desktop\Potvrzení o platbě 11-2018.pdf
2018-11-05 13:46 - 2018-11-05 13:46 - 000048246 _____ C:\Users\Pepa\Downloads\Pohyb_17188451089_na_uctu_2100285567.pdf
2018-11-04 21:14 - 2018-11-04 21:14 - 001538179 _____ C:\Users\Pepa\Downloads\Fotografie-0005.jpg.bphvnm
2018-11-04 21:13 - 2018-11-04 21:13 - 000205726 _____ C:\Users\Pepa\Downloads\Víkend s amatéry 2018 program.pdf.bphvnm
2018-11-04 21:12 - 2018-11-04 21:12 - 000205726 _____ C:\Users\Pepa\Downloads\Víkend s amatéry 2018.pdf.bphvnm
2018-11-04 08:49 - 2018-11-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-11-04 08:18 - 2018-11-04 08:18 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-11-03 22:11 - 2018-11-03 22:11 - 009900032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-11-03 22:11 - 2018-11-03 22:11 - 000430016 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2018-11-03 22:10 - 2018-11-03 22:10 - 001118648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-11-03 22:08 - 2018-11-03 22:08 - 072520672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-11-03 22:08 - 2018-11-03 22:08 - 017763342 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-11-03 22:08 - 2018-11-03 22:08 - 007178432 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 007101704 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 006270152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 006228416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-11-03 22:08 - 2018-11-03 22:08 - 005346960 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003691368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-11-03 22:08 - 2018-11-03 22:08 - 003452112 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003417976 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003306776 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003252752 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003215184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 003128776 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 002930624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 002444648 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 002197944 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001971336 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001965120 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001787920 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001598360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001544216 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001516232 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001448736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOv251gm.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001382200 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001376336 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001372352 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001353280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001300664 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001259688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001240672 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001164584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOvlldpgm.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001159144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001157216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001045880 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 001007344 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000994648 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000964984 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000873424 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000751264 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000734736 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000715608 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000714432 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000692128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000604760 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000541080 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000511608 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000483808 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundService64.exe
2018-11-03 22:08 - 2018-11-03 22:08 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000453240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000452696 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000448568 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000416472 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000406416 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000381368 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000378344 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000367576 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000366080 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000360304 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000332976 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000327232 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000327232 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000315944 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000278232 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000266520 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000261200 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000261160 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000260176 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000231880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000230664 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000218232 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000203800 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000190896 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000190896 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000179560 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000174904 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000169481 _____ C:\WINDOWS\system32\ICEsoundService.bin
2018-11-03 22:08 - 2018-11-03 22:08 - 000158656 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000157304 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000154328 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000139720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000118552 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000105272 _____ C:\WINDOWS\system32\audioLibVc.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000093864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000090880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000090136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000088280 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2018-11-03 22:08 - 2018-11-03 22:08 - 000075504 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2018-11-03 22:07 - 2018-11-03 22:07 - 009101016 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2018-11-03 22:07 - 2018-11-03 22:07 - 002628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2018-11-03 22:07 - 2018-11-03 22:07 - 000471768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2018-11-03 22:07 - 2018-11-03 22:07 - 000418008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2018-11-03 22:07 - 2018-11-03 22:07 - 000054648 _____ (NEC Personal Computers, Ltd.) C:\WINDOWS\system32\Drivers\necbatt.sys
2018-11-03 21:53 - 2018-11-03 21:53 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\DataWorks
2018-11-03 21:52 - 2018-11-03 21:53 - 000000000 ____D C:\Users\Kedar\AppData\LocalLow\IObit
2018-11-03 21:52 - 2018-11-03 21:52 - 000027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2018-11-03 14:58 - 2018-11-03 14:58 - 000181160 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2018-11-03 14:51 - 2018-11-03 14:51 - 002043000 _____ (ESET) C:\Users\Kedar\Desktop\esetgandcrabdecryptor.exe
2018-11-03 09:36 - 2018-11-03 09:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\Kedar\Desktop\HijackThis.exe
2018-11-03 07:26 - 2018-11-03 07:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\mbamtray
2018-11-03 07:26 - 2018-11-03 07:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\ESET
2018-11-03 07:25 - 2018-11-03 07:25 - 000000020 ___SH C:\Users\Pepa\ntuser.ini
2018-11-03 01:39 - 2018-11-03 01:39 - 000000825 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-11-03 01:39 - 2018-11-03 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-11-03 01:39 - 2018-11-03 01:39 - 000000000 ____D C:\Program Files\Recuva
2018-11-03 01:25 - 2018-11-03 01:25 - 000000000 ____D C:\Users\Kedar\Downloads\RansomwareFileDecryptor 1.0.1668 MUI
2018-11-03 01:19 - 2018-11-03 01:20 - 011957376 _____ C:\Users\Kedar\Downloads\RansomwareFileDecryptor 1.0.1668 MUI.zip
2018-11-03 01:16 - 2018-11-03 01:16 - 000000452 _____ C:\WINDOWS\system32\.crusader
2018-11-03 00:54 - 2018-11-03 00:54 - 011546736 _____ (Bitdefender LLC) C:\Users\Kedar\Downloads\BDGandCrabDecryptTool.exe
2018-11-03 00:25 - 2018-11-03 00:25 - 000000020 ___SH C:\Users\Kedar\ntuser.ini
2018-11-02 23:05 - 2018-11-02 23:05 - 000004852 _____ C:\Users\Kedar\Desktop\malwarebytes.txt
2018-11-02 20:47 - 2018-11-02 20:47 - 000000000 ____D C:\Users\Kedar\AppData\Local\mbamtray
2018-11-02 20:47 - 2018-11-02 20:47 - 000000000 ____D C:\Users\Kedar\AppData\Local\mbam
2018-11-02 20:45 - 2018-11-02 20:45 - 078612224 _____ (Malwarebytes ) C:\Users\Kedar\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7607.exe
2018-11-02 20:34 - 2018-11-02 20:34 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\www.shadowexplorer.com
2018-11-02 19:39 - 2018-11-02 19:39 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-11-02 19:38 - 2018-11-02 19:38 - 000000000 ____D C:\sh5ldr
2018-11-02 19:38 - 2018-11-02 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-11-02 19:37 - 2018-11-02 19:37 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-11-02 19:28 - 2018-11-02 19:28 - 000001328 _____ C:\Users\Public\Desktop\360 File Guard.lnk
2018-11-02 19:28 - 2018-11-02 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2018-11-02 19:27 - 2018-11-02 19:27 - 006097696 _____ (360.cn) C:\Users\Kedar\Downloads\dpsetup_en.exe
2018-11-02 19:27 - 2018-11-02 19:27 - 000000000 ____D C:\Program Files (x86)\360
2018-11-02 19:27 - 2017-05-25 23:48 - 000142480 _____ (360.cn) C:\WINDOWS\system32\Drivers\FileAbap64.sys
2018-11-02 19:09 - 2018-11-02 19:09 - 000000000 ____D C:\ProgramData\ESET
2018-11-02 19:09 - 2018-11-02 19:09 - 000000000 ____D C:\Program Files\ESET
2018-11-02 18:59 - 2018-11-02 18:59 - 005455480 _____ (ESET) C:\Users\Kedar\Downloads\eset_smart_security_premium_live_installer.exe
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Public\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Public\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Public\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\LocalLow\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\Local\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Kedar\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:41 - 2018-11-02 18:41 - 000008802 _____ C:\Users\Kedar\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:40 - 2018-11-02 18:40 - 000008802 _____ C:\Users\Kedar\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:41 - 000187934 _____ C:\Users\Kedar\Documents\cc_20181102_183853.reg.bphvnm
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:26 - 2018-11-02 19:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2018-11-01 21:27 - 2018-11-02 18:41 - 000000000 ____D C:\Users\Kedar\Documents\Audacity
2018-11-01 18:54 - 2018-11-01 18:54 - 000005597 _____ C:\Users\Kedar\AppData\Local\recently-used.xbel
2018-10-31 21:27 - 2018-11-02 18:43 - 000001034 _____ C:\Users\Kedar\Downloads\10 nejbrutálnějších hororů.txt.bphvnm
2018-10-31 18:11 - 2018-11-02 18:43 - 000001653 _____ C:\Users\Kedar\Downloads\Galaxy S10.txt.bphvnm
2018-10-31 15:52 - 2018-11-02 18:43 - 000038957 _____ C:\Users\Kedar\Downloads\Win_1337_Apply_Patch_v1.5_By_DFoX.rar.bphvnm
2018-10-31 14:09 - 2018-11-02 18:43 - 000356764 _____ C:\Users\Kedar\Downloads\flexpai-launch-event-ithome.jpg.bphvnm
2018-10-31 14:00 - 2018-11-15 15:51 - 000000000 ____D C:\Users\Kedar\Downloads\qqq
2018-10-30 19:45 - 2018-11-02 18:43 - 002929231 _____ C:\Users\Kedar\Downloads\RYTMUS - Nikdy sa nezavdačíš (produced by DJ WICH).mp3.bphvnm
2018-10-30 19:08 - 2018-10-30 19:08 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-10-30 19:01 - 2018-10-30 19:02 - 133069552 _____ (Intel(R) Corporation) C:\Users\Kedar\Downloads\WiFi_20.80.0_PROSet64_Win10.exe
2018-10-30 18:58 - 2018-10-30 18:58 - 015558336 _____ (Intel(R) Corporation) C:\Users\Kedar\Downloads\BT_20.70.0_64_Win10.exe
2018-10-30 16:46 - 2018-11-02 18:40 - 000386363 _____ C:\Users\Kedar\Desktop\akse.png.bphvnm
2018-10-30 11:23 - 2018-11-02 18:43 - 008161217 _____ C:\Users\Kedar\Downloads\Julius Dreisig & Zeus X Crona - Invisible.mp3.bphvnm
2018-10-28 13:37 - 2018-11-02 18:41 - 000011163 _____ C:\Users\Kedar\Desktop\Septoboxy.xlsx.bphvnm
2018-10-27 19:09 - 2018-11-02 18:49 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2018-10-25 17:57 - 2018-11-02 18:41 - 000379253 _____ C:\Users\Kedar\Desktop\real.png.bphvnm
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:08

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-24 09:31 - 2017-08-31 17:59 - 000121403 _____ C:\WINDOWS\ZAM.krnl.trace
2018-11-24 09:31 - 2017-08-31 17:59 - 000089392 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-11-24 09:12 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-24 09:12 - 2017-04-13 19:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-23 21:12 - 2018-10-04 20:48 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-23 21:12 - 2018-09-15 18:32 - 000718018 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-23 21:12 - 2018-09-15 18:32 - 000145062 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-23 21:12 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-23 21:05 - 2018-10-04 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-23 21:05 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-23 21:04 - 2017-03-05 21:12 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Audacity
2018-11-23 17:24 - 2017-03-08 15:30 - 000000000 ____D C:\Users\Kedar\AppData\Local\CrashDumps
2018-11-23 16:07 - 2017-10-01 19:14 - 000000000 ____D C:\Users\Kedar\AppData\LocalLow\Temp
2018-11-23 15:23 - 2018-10-04 20:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-22 19:27 - 2017-03-06 17:48 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Mp3tag
2018-11-21 19:53 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-21 11:31 - 2018-09-15 08:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-21 11:31 - 2018-09-15 08:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-21 11:31 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-21 11:29 - 2017-03-05 20:07 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-20 19:15 - 2017-03-05 18:51 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Adobe
2018-11-20 11:53 - 2018-10-04 20:53 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1248986085-3350451917-519491516-1002
2018-11-20 11:53 - 2018-10-04 20:42 - 000002422 _____ C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-20 11:53 - 2017-03-06 19:28 - 000000000 ___RD C:\Users\Pepa\OneDrive
2018-11-20 11:46 - 2018-08-07 18:28 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-11-20 11:23 - 2018-10-04 20:42 - 000000000 ____D C:\Users\Kedar
2018-11-20 11:23 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-11-20 10:58 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-20 10:41 - 2018-10-04 20:40 - 005212168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-20 10:38 - 2018-09-26 16:12 - 000001598 _____ C:\Users\Pepa\Desktop\Internet Explorer.lnk
2018-11-19 18:31 - 2018-07-09 14:40 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-11-19 18:31 - 2017-10-01 17:48 - 000000000 ____D C:\Users\Kedar\AppData\Local\Notepad++
2018-11-19 18:31 - 2017-03-05 20:36 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Notepad++
2018-11-17 20:07 - 2018-05-20 09:20 - 000000000 ____D C:\Users\Kedar\AppData\Local\D3DSCache
2018-11-17 20:06 - 2017-03-05 20:30 - 000000000 ____D C:\Users\Kedar\AppData\Local\ElevatedDiagnostics
2018-11-17 16:23 - 2017-03-12 15:12 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Ulozto File Manager
2018-11-16 18:46 - 2017-04-10 20:50 - 000000000 ____D C:\Users\Kedar\Documents\Nová složka
2018-11-16 17:11 - 2017-03-10 17:15 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\MPC-HC
2018-11-16 15:56 - 2017-03-05 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2018-11-16 15:56 - 2017-03-05 21:08 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2018-11-14 21:50 - 2018-09-15 18:34 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-14 21:50 - 2018-09-15 18:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-14 21:50 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-11-14 21:50 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 17:33 - 2017-03-05 19:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 17:27 - 2017-03-05 19:45 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-07 20:43 - 2017-11-15 17:04 - 000000000 ____D C:\Users\Kedar\AppData\Local\Packages
2018-11-05 18:52 - 2018-08-24 17:33 - 000000000 ____D C:\Users\Kedar\Downloads\batteryinfoview
2018-11-04 12:33 - 2017-03-05 20:15 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Winamp
2018-11-03 22:13 - 2017-04-13 19:22 - 000000000 ____D C:\Program Files\Elantech
2018-11-03 22:12 - 2017-09-23 12:30 - 001804452 _____ C:\WINDOWS\ntbtlog.txt
2018-11-03 22:12 - 2015-10-07 02:11 - 000448224 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2018-11-03 22:08 - 2018-10-22 16:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-11-03 22:08 - 2018-10-22 16:55 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-11-03 22:08 - 2018-10-22 16:55 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-11-03 22:08 - 2018-10-22 16:54 - 000023656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-11-03 07:26 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\ConnectedDevicesPlatform
2018-11-03 07:25 - 2018-10-04 20:42 - 000000000 ____D C:\Users\Pepa
2018-11-02 23:33 - 2017-09-05 18:53 - 000000000 ____D C:\Flashtool
2018-11-02 23:32 - 2018-08-08 12:59 - 000000000 ___HD C:\AvidDownloads
2018-11-02 23:31 - 2017-04-13 17:02 - 000000000 ___HD C:\$GetCurrent
2018-11-02 20:32 - 2017-03-05 20:34 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\WinRAR
2018-11-02 19:09 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-02 18:49 - 2018-10-17 20:32 - 000850361 _____ C:\Users\Pepa\Desktop\směny 11-2018.pdf.bphvnm
2018-11-02 18:49 - 2018-10-11 10:11 - 000121884 _____ C:\Users\Pepa\Downloads\provozni rad-Tesinska.doc.bphvnm
2018-11-02 18:49 - 2018-10-09 19:09 - 000025101 _____ C:\Users\Pepa\Desktop\63672156624152904157_1.JPG.bphvnm
2018-11-02 18:49 - 2018-10-09 06:39 - 000048556 _____ C:\Users\Pepa\Desktop\Potvrzení o platbě penz..pdf.bphvnm
2018-11-02 18:49 - 2018-10-09 06:36 - 000048556 _____ C:\Users\Pepa\Downloads\Pohyb_16668407188_na_uctu_2100285567.pdf.bphvnm
2018-11-02 18:49 - 2018-10-04 21:05 - 000000560 ___SH C:\Users\Pepa\ntuser.ini.bphvnm
2018-11-02 18:49 - 2018-10-01 11:46 - 004779208 _____ C:\Users\Pepa\Downloads\prilohy_17712.zip.bphvnm
2018-11-02 18:49 - 2018-09-15 08:33 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-02 18:49 - 2018-09-13 14:27 - 000000000 ____D C:\Users\Public\Documents\Steam
2018-11-02 18:49 - 2018-09-11 09:58 - 000048294 _____ C:\Users\Pepa\Desktop\potvrzení-Jež..pdf.bphvnm
2018-11-02 18:49 - 2018-09-11 09:57 - 000048294 _____ C:\Users\Pepa\Downloads\Pohyb_16651411341_na_uctu_2100285567.pdf.bphvnm
2018-11-02 18:49 - 2018-09-11 09:57 - 000048294 _____ C:\Users\Pepa\Downloads\Pohyb_16651411341_na_uctu_2100285567 (1).pdf.bphvnm
2018-11-02 18:49 - 2018-09-10 20:24 - 000000000 ____D C:\Users\Public\Documents\Adobe
2018-11-02 18:49 - 2018-09-10 12:42 - 000000000 ____D C:\Users\Pepa\Ivans
2018-11-02 18:49 - 2018-09-06 06:52 - 006911536 _____ C:\Users\Pepa\Downloads\DSC_2609.JPG.bphvnm
2018-11-02 18:49 - 2018-09-04 19:09 - 007445039 _____ C:\Users\Pepa\Downloads\Testy.pdf.bphvnm
2018-11-02 18:49 - 2018-09-01 11:28 - 005146012 _____ C:\Users\Pepa\Downloads\20180901_113738.jpg.bphvnm
2018-11-02 18:49 - 2018-09-01 11:28 - 005146012 _____ C:\Users\Pepa\Downloads\20180901_113738 (1).jpg.bphvnm
2018-11-02 18:49 - 2018-09-01 11:01 - 000000831 _____ C:\Users\Pepa\Downloads\undefined (1).bphvnm
2018-11-02 18:49 - 2018-08-31 16:36 - 000140113 _____ C:\Users\Pepa\Downloads\sml4.jpeg.bphvnm
2018-11-02 18:49 - 2018-08-31 16:36 - 000132413 _____ C:\Users\Pepa\Downloads\sml5.jpeg.bphvnm
2018-11-02 18:49 - 2018-08-31 16:34 - 000222617 _____ C:\Users\Pepa\Downloads\sml2.jpeg.bphvnm
2018-11-02 18:49 - 2018-08-31 16:34 - 000172259 _____ C:\Users\Pepa\Downloads\sml3.jpeg.bphvnm
2018-11-02 18:49 - 2018-08-31 16:33 - 000197394 _____ C:\Users\Pepa\Downloads\sml1.jpeg.bphvnm
2018-11-02 18:49 - 2018-08-26 08:33 - 000138974 _____ C:\Users\Pepa\Desktop\křeslo BZJ 487 XAL nosnost 200 kg - 11495 Kč.html.bphvnm
2018-11-02 18:49 - 2018-08-26 08:33 - 000000000 ____D C:\Users\Pepa\Desktop\křeslo BZJ 487 XAL nosnost 200 kg - 11495 Kč_files
2018-11-02 18:49 - 2018-08-25 22:08 - 000012180 _____ C:\Users\Pepa\Desktop\plán směn Iva.docx.bphvnm
2018-11-02 18:49 - 2018-08-16 20:08 - 000000673 _____ C:\Users\Pepa\Desktop\Ischias cviky 2.url.bphvnm
2018-11-02 18:49 - 2018-08-16 12:46 - 000000713 _____ C:\Users\Pepa\Desktop\Sedací nerv cviky.url.bphvnm
2018-11-02 18:49 - 2018-08-15 12:21 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Winamp
2018-11-02 18:49 - 2018-08-15 12:21 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\vlc
2018-11-02 18:49 - 2018-08-01 16:51 - 000938514 _____ C:\Users\Pepa\Downloads\prilohy_16890.zip.bphvnm
2018-11-02 18:49 - 2018-08-01 14:43 - 000948097 _____ C:\Users\Pepa\Desktop\ŽP 1.jpg.bphvnm
2018-11-02 18:49 - 2018-08-01 14:43 - 000348354 _____ C:\Users\Pepa\Desktop\ŽP 2.jpg.bphvnm
2018-11-02 18:49 - 2018-07-31 08:58 - 000098068 _____ C:\Users\Pepa\Documents\uces 3 - kopie.jpg.bphvnm
2018-11-02 18:49 - 2018-07-31 08:53 - 000098068 _____ C:\Users\Pepa\Desktop\uces 3.jpg.bphvnm
2018-11-02 18:49 - 2018-07-31 08:08 - 000094836 _____ C:\Users\Pepa\Desktop\uces.jpg.bphvnm
2018-11-02 18:49 - 2018-07-27 15:01 - 043876909 _____ C:\Users\Pepa\Downloads\Fotky z Jablonce.rar.bphvnm
2018-11-02 18:49 - 2018-07-18 21:38 - 000587215 _____ C:\Users\Pepa\Downloads\vysavac-hoover-sn70-sn55011-sensory-1498208305-soubor-79947.pptx.bphvnm
2018-11-02 18:49 - 2018-07-18 20:23 - 009329712 _____ C:\Users\Pepa\Downloads\CZ_4A_skladacka_view.pdf.bphvnm
2018-11-02 18:49 - 2018-07-08 14:23 - 001375680 _____ C:\Users\Pepa\Desktop\Fotografie-0071.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:23 - 001122085 _____ C:\Users\Pepa\Desktop\Fotografie-0070.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:22 - 001563814 _____ C:\Users\Pepa\Desktop\Fotografie-0358.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:22 - 001450497 _____ C:\Users\Pepa\Desktop\Fotografie-0265.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:22 - 001366404 _____ C:\Users\Pepa\Desktop\Fotografie-0266.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:21 - 002653749 _____ C:\Users\Pepa\Desktop\Fotografie-0182.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:21 - 002644388 _____ C:\Users\Pepa\Desktop\Fotografie-0183.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:21 - 002543170 _____ C:\Users\Pepa\Desktop\Fotografie-0184.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:20 - 001547510 _____ C:\Users\Pepa\Desktop\Fotografie-0002.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:20 - 001538179 _____ C:\Users\Pepa\Desktop\Fotografie-0005.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:20 - 001370811 _____ C:\Users\Pepa\Desktop\Fotografie-0001.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:17 - 001168031 _____ C:\Users\Pepa\Desktop\Fotografie-0301.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 14:17 - 001113155 _____ C:\Users\Pepa\Desktop\Fotografie-0300.jpg.bphvnm
2018-11-02 18:49 - 2018-07-08 13:33 - 000227686 _____ C:\Users\Pepa\Desktop\100_2314.JPG.bphvnm
2018-11-02 18:49 - 2018-07-08 13:33 - 000208887 _____ C:\Users\Pepa\Desktop\100_2313.JPG.bphvnm
2018-11-02 18:49 - 2018-07-08 13:33 - 000077552 _____ C:\Users\Pepa\Desktop\100_2600.JPG.bphvnm
2018-11-02 18:49 - 2018-07-03 13:23 - 000727735 _____ C:\Users\Pepa\Downloads\FB2018_q1_1.xlsx.bphvnm
2018-11-02 18:49 - 2018-06-19 23:34 - 000108964 _____ C:\Users\Pepa\Downloads\446732_es_czsk.pdf.bphvnm
2018-11-02 18:49 - 2018-06-19 10:59 - 000052352 _____ C:\Users\Pepa\Desktop\VP_C_2018_5_Jezik_Josef.pdf.bphvnm
2018-11-02 18:49 - 2018-06-18 21:53 - 000695502 _____ C:\Users\Pepa\Downloads\cz_reb1023_war_ce.pdf.bphvnm
2018-11-02 18:49 - 2018-06-03 21:50 - 000071013 _____ C:\Users\Pepa\Desktop\platba-Ježíková.pdf.bphvnm
2018-11-02 18:49 - 2018-05-19 17:48 - 000052748 _____ C:\Users\Pepa\Downloads\VP_F_2018_4_Jezik_Josef.pdf.bphvnm
2018-11-02 18:49 - 2018-05-17 17:51 - 000308346 _____ C:\Users\Pepa\Downloads\eluc-kr-olomoucky-cz-verejne-lekce-688 (2).pdf.bphvnm
2018-11-02 18:49 - 2018-05-17 17:50 - 000308346 _____ C:\Users\Pepa\Downloads\eluc-kr-olomoucky-cz-verejne-lekce-688 (1).pdf.bphvnm
2018-11-02 18:49 - 2018-05-17 17:49 - 000308346 _____ C:\Users\Pepa\Downloads\eluc-kr-olomoucky-cz-verejne-lekce-688.pdf.bphvnm
2018-11-02 18:49 - 2018-05-07 08:40 - 000002747 _____ C:\Users\Pepa\Downloads\image001 (2).jpg.bphvnm
2018-11-02 18:49 - 2018-04-29 22:38 - 008518567 _____ C:\Users\Pepa\Downloads\prilohy_17028.zip.bphvnm
2018-11-02 18:49 - 2018-04-29 22:23 - 000094748 _____ C:\Users\Pepa\Downloads\Seznam bezplatných PRÁVNÍCH poraden 2016.doc.bphvnm
2018-11-02 18:49 - 2018-04-11 07:15 - 000401484 _____ C:\Users\Pepa\Downloads\Směnnost - ČP (05,18) Sládkova.pdf.bphvnm
2018-11-02 18:49 - 2018-04-11 07:15 - 000002747 _____ C:\Users\Pepa\Downloads\image001 (1).jpg.bphvnm
2018-11-02 18:49 - 2018-04-09 19:27 - 000144950 _____ C:\Users\Pepa\Desktop\QQ.jpg.bphvnm
2018-11-02 18:49 - 2018-04-03 13:02 - 000036090 _____ C:\Users\Pepa\Desktop\vrátný akord.png.bphvnm
2018-11-02 18:49 - 2018-04-03 12:31 - 000000000 ___RD C:\Users\Pepa\Documents\Scanned Documents
2018-11-02 18:49 - 2018-04-03 12:31 - 000000000 ____D C:\Users\Pepa\Documents\Fax
2018-11-02 18:49 - 2018-04-03 12:31 - 000000000 ____D C:\Users\Pepa\Desktop\sml
2018-11-02 18:49 - 2018-04-03 12:19 - 000016302 _____ C:\Users\Pepa\Downloads\prilohy_2295.zip.bphvnm
2018-11-02 18:49 - 2018-03-27 21:03 - 000000000 ____D C:\Users\Pepa\Desktop\000Babička
2018-11-02 18:49 - 2018-03-27 10:48 - 000075605 _____ C:\Users\Pepa\Desktop\DD-babi.jpg.bphvnm
2018-11-02 18:49 - 2018-03-26 20:20 - 000014007 _____ C:\Users\Pepa\Desktop\PS.docx.bphvnm
2018-11-02 18:49 - 2018-03-23 13:26 - 000015745 _____ C:\Users\Pepa\Desktop\KČT.docx.bphvnm
2018-11-02 18:49 - 2018-03-23 12:22 - 000103935 _____ C:\Users\Pepa\Downloads\IMG_0001.jpg.bphvnm
2018-11-02 18:49 - 2018-03-21 14:55 - 003298355 _____ C:\Users\Pepa\Documents\20180319_230914.jpg.bphvnm
2018-11-02 18:49 - 2018-03-20 17:03 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Audacity
2018-11-02 18:49 - 2018-03-12 22:37 - 000579752 _____ C:\Users\Pepa\Downloads\Zajezd_ALPENHOF_HOTEL.pdf.bphvnm
2018-11-02 18:49 - 2018-03-08 15:51 - 000112458 _____ C:\Users\Pepa\Documents\IMG-20180308-WA0005.jpg.bphvnm
2018-11-02 18:49 - 2018-03-02 12:14 - 000047847 _____ C:\Users\Pepa\Downloads\životopis-Jos. (1).pdf.bphvnm
2018-11-02 18:49 - 2018-03-01 21:15 - 002296185 _____ C:\Users\Pepa\Downloads\prilohy_16670.zip.bphvnm
2018-11-02 18:49 - 2018-02-28 23:59 - 000000000 ____D C:\Users\Pepa\Desktop\ples
2018-11-02 18:49 - 2018-02-28 15:09 - 003252332 _____ C:\Users\Pepa\Downloads\prilohy_16642.zip.bphvnm
2018-11-02 18:49 - 2018-02-13 23:34 - 000032284 _____ C:\Users\Pepa\Downloads\T-Mobile_od_13_1_2017.docx.bphvnm
2018-11-02 18:49 - 2018-02-13 23:34 - 000032284 _____ C:\Users\Pepa\Downloads\T-Mobile_od_13_1_2017 (3).docx.bphvnm
2018-11-02 18:49 - 2018-02-13 23:34 - 000032284 _____ C:\Users\Pepa\Downloads\T-Mobile_od_13_1_2017 (2).docx.bphvnm
2018-11-02 18:49 - 2018-02-13 23:34 - 000032284 _____ C:\Users\Pepa\Downloads\T-Mobile_od_13_1_2017 (1).docx.bphvnm
2018-11-02 18:49 - 2018-02-10 10:07 - 000000831 _____ C:\Users\Pepa\Downloads\undefined.bphvnm
2018-11-02 18:49 - 2018-01-30 14:25 - 000080042 _____ C:\Users\Pepa\Downloads\1624805_778006135560431_1460818185_n.jpg.bphvnm
2018-11-02 18:49 - 2018-01-30 14:14 - 000596602 _____ C:\Users\Pepa\Downloads\Usmej se.pdf.bphvnm
2018-11-02 18:49 - 2018-01-30 12:11 - 000000000 ____D C:\Users\Pepa\Desktop\IVA MR
2018-11-02 18:49 - 2018-01-08 11:00 - 000243007 _____ C:\Users\Pepa\Downloads\prilohy_1159.zip.bphvnm
2018-11-02 18:49 - 2017-12-30 19:15 - 001071174 _____ C:\Users\Pepa\Desktop\PF 2018.png.bphvnm
2018-11-02 18:49 - 2017-12-30 19:13 - 000164042 _____ C:\Users\Pepa\Desktop\foto-sraz 2.jpg.bphvnm
2018-11-02 18:49 - 2017-12-30 18:45 - 000080428 _____ C:\Users\Pepa\Desktop\foto-sraz.jpg.bphvnm
2018-11-02 18:49 - 2017-12-30 18:36 - 000486786 _____ C:\Users\Pepa\Desktop\odpočítávání-nového-roku.png.bphvnm
2018-11-02 18:49 - 2017-12-09 15:58 - 000017166 _____ C:\Users\Pepa\Downloads\undefined.jpg.bphvnm
2018-11-02 18:49 - 2017-12-08 11:53 - 000216604 _____ C:\Users\Pepa\Downloads\D odpovědi (2).doc.bphvnm
2018-11-02 18:49 - 2017-12-05 15:19 - 000216604 _____ C:\Users\Pepa\Downloads\D odpovědi.doc.bphvnm
2018-11-02 18:49 - 2017-12-05 15:19 - 000216604 _____ C:\Users\Pepa\Downloads\D odpovědi (1).doc.bphvnm
2018-11-02 18:49 - 2017-12-05 15:05 - 000223772 _____ C:\Users\Pepa\Downloads\Soubor_typovych_situaci_strazny_zpracované odpovědi.doc.bphvnm
2018-11-02 18:49 - 2017-12-05 15:05 - 000087720 _____ C:\Users\Pepa\Downloads\prilohy_1720.zip.bphvnm
2018-11-02 18:49 - 2017-12-05 07:43 - 000001124 _____ C:\Users\Pepa\Downloads\barcode.png.bphvnm
2018-11-02 18:49 - 2017-12-05 00:55 - 000057908 _____ C:\Users\Pepa\Downloads\Kavárna foto.jpg.bphvnm
2018-11-02 18:49 - 2017-11-24 11:18 - 000012270 _____ C:\Users\Pepa\Desktop\prův.dopis.docx.bphvnm
2018-11-02 18:49 - 2017-11-20 12:28 - 000000000 ___HD C:\Users\Pepa\MicrosoftEdgeBackups
2018-11-02 18:49 - 2017-11-15 22:51 - 000022315 _____ C:\Users\Pepa\Downloads\Žádost o vyplacení odměny pro odchod do ID_Ježík.docx.bphvnm
2018-11-02 18:49 - 2017-11-15 13:11 - 000047847 _____ C:\Users\Pepa\Downloads\životopis-Jos..pdf.bphvnm
2018-11-02 18:49 - 2017-11-15 13:11 - 000047847 _____ C:\Users\Pepa\Desktop\životopis-Jos..pdf.bphvnm
2018-11-02 18:49 - 2017-10-25 00:08 - 000124444 _____ C:\Users\Pepa\Downloads\16036-16036-16036-aktualni-jidelni-listek-Zatisi1 (1).doc.bphvnm
2018-11-02 18:49 - 2017-10-25 00:06 - 000037916 _____ C:\Users\Pepa\Downloads\16036-aktualni-napojovy-listek-Zatisi (1).doc.bphvnm
2018-11-02 18:49 - 2017-10-24 18:23 - 000049275 _____ C:\Users\Pepa\Downloads\Pohyb_14445364804_na_uctu_2100285567.pdf.bphvnm
2018-11-02 18:49 - 2017-10-23 12:37 - 000039964 _____ C:\Users\Pepa\Downloads\tiskopis_k_proplaceni_nadstandardu_2015.xls.bphvnm
2018-11-02 18:49 - 2017-10-15 10:08 - 000008670 _____ C:\Users\Pepa\Downloads\prilohy_1481.zip.bphvnm
2018-11-02 18:49 - 2017-10-12 13:57 - 000003282 _____ C:\Users\Pepa\Downloads\image001.jpg.bphvnm
2018-11-02 18:49 - 2017-10-11 21:47 - 000047847 _____ C:\Users\Pepa\Documents\životopis-Jos..pdf.bphvnm
2018-11-02 18:49 - 2017-10-11 21:44 - 000047847 _____ C:\Users\Pepa\Downloads\PROFESIACZ_CV_2603968_cz (1).pdf.bphvnm
2018-11-02 18:49 - 2017-10-11 21:32 - 000047843 _____ C:\Users\Pepa\Downloads\PROFESIACZ_CV_2603968_cz.pdf.bphvnm
2018-11-02 18:49 - 2017-10-11 10:33 - 000878972 _____ C:\Users\Pepa\Downloads\ceník THERMAL VARGA HOTEL ___, Velký Meder.pdf.bphvnm
2018-11-02 18:49 - 2017-10-02 21:48 - 000346905 _____ C:\Users\Pepa\Downloads\KS na roky 2017 - 2019_AMO_hlavní změny.pdf.bphvnm
2018-11-02 18:49 - 2017-10-02 06:15 - 001586716 _____ C:\Users\Pepa\Downloads\Kolektivní vyjednávání na roky_2017_2019_k_distribuci.ppt.bphvnm
2018-11-02 18:49 - 2017-09-28 07:49 - 000399900 _____ C:\Users\Pepa\Downloads\Duchodova_kalkulacka_161122 (1).xls.bphvnm
2018-11-02 18:49 - 2017-09-28 07:38 - 000399900 _____ C:\Users\Pepa\Downloads\Duchodova_kalkulacka_161122.xls.bphvnm
2018-11-02 18:49 - 2017-09-21 11:11 - 015467584 _____ C:\Users\Pepa\Downloads\prilohy_15624.zip.bphvnm
2018-11-02 18:49 - 2017-09-21 11:11 - 005239753 _____ C:\Users\Pepa\Downloads\DSCN3224.JPG.bphvnm
2018-11-02 18:49 - 2017-09-02 21:16 - 000023068 _____ C:\Users\Pepa\Downloads\Cestne_prohlaseni_o_vyrovnani_zavazku.doc.bphvnm
2018-11-02 18:49 - 2017-08-31 19:20 - 000000000 ____D C:\Users\Pepa\AppData\Local\Zemana
2018-11-02 18:49 - 2017-08-24 20:22 - 000298524 _____ C:\Users\Pepa\Downloads\Smlova o OsA MSK vyplnit ručně.doc.bphvnm
2018-11-02 18:49 - 2017-08-15 20:01 - 000012811 _____ C:\Users\Pepa\Desktop\Výpověď smlouvy o poskytování služby bezdrátového připojení k síti internet.docx.bphvnm
2018-11-02 18:49 - 2017-08-12 13:16 - 000054812 _____ C:\Users\Pepa\Downloads\podminky (1).doc.bphvnm
2018-11-02 18:49 - 2017-08-10 20:37 - 000000000 ____D C:\Users\Pepa\Desktop\ZAHRADA KROMĚŘÍŽ
2018-11-02 18:49 - 2017-08-03 18:16 - 000302961 _____ C:\Users\Pepa\Downloads\1705-Zamestnanecke jizdni vyhody.pdf.bphvnm
2018-11-02 18:49 - 2017-08-02 09:52 - 000308136 _____ C:\Users\Pepa\Downloads\dospelin-5-mg-pil.pdf.bphvnm
2018-11-02 18:49 - 2017-08-02 09:51 - 000372566 _____ C:\Users\Pepa\Downloads\arketis-20-mg-pil.pdf.bphvnm
2018-11-02 18:49 - 2017-08-02 09:50 - 000346326 _____ C:\Users\Pepa\Downloads\aktiprol-200-mg-tablety-pil.pdf.bphvnm
2018-11-02 18:49 - 2017-07-31 14:24 - 000743452 _____ C:\Users\Pepa\Downloads\krizovky-ve-zpravodaji.doc.bphvnm
2018-11-02 18:49 - 2017-07-27 18:49 - 000103829 _____ C:\Users\Pepa\Downloads\DSCN6170.jpg.bphvnm
2018-11-02 18:49 - 2017-07-26 12:14 - 000054812 _____ C:\Users\Pepa\Downloads\podminky.doc.bphvnm
2018-11-02 18:49 - 2017-07-19 10:20 - 000049180 _____ C:\Users\Pepa\Downloads\1465636206-program-na-vypocet-pomeru-olej-benzin.xls.bphvnm
2018-11-02 18:49 - 2017-07-19 10:20 - 000049180 _____ C:\Users\Pepa\Downloads\1465636206-program-na-vypocet-pomeru-olej-benzin (1).xls.bphvnm
2018-11-02 18:49 - 2017-07-18 09:21 - 000059052 _____ C:\Users\Pepa\Downloads\tipy_na_vylety_50_km.pdf.bphvnm
2018-11-02 18:49 - 2017-07-18 09:21 - 000059052 _____ C:\Users\Pepa\Downloads\tipy_na_vylety_50_km (1).pdf.bphvnm
2018-11-02 18:49 - 2017-06-26 14:44 - 000000000 ____D C:\Users\Pepa\Desktop\1888
2018-11-02 18:49 - 2017-06-07 22:00 - 000106668 _____ C:\Users\Pepa\Downloads\IMG_6718.jpg.bphvnm
2018-11-02 18:49 - 2017-05-18 23:29 - 001795093 _____ C:\Users\Pepa\Documents\79107_CS_SK-cyklocomputer (1).pdf.bphvnm
2018-11-02 18:49 - 2017-05-18 23:23 - 001795093 _____ C:\Users\Pepa\Desktop\79107_CS_SK-cyklocomputer.pdf.bphvnm
2018-11-02 18:49 - 2017-04-28 22:45 - 000176668 _____ C:\Users\Pepa\Downloads\Ceník-služeb-WEB-3.doc.bphvnm
2018-11-02 18:49 - 2017-04-28 22:45 - 000176668 _____ C:\Users\Pepa\Downloads\Ceník-služeb-WEB-3 (1).doc.bphvnm
2018-11-02 18:49 - 2017-04-25 22:16 - 000022763 _____ C:\Users\Pepa\Documents\psychopat.docx.bphvnm
2018-11-02 18:49 - 2017-04-25 19:59 - 000011900 _____ C:\Users\Pepa\Desktop\Babi Jež. 02-03.xlsx.bphvnm
2018-11-02 18:49 - 2017-04-25 16:40 - 000012833 _____ C:\Users\Pepa\Desktop\Babi Jež. 03-04.xlsx.bphvnm
2018-11-02 18:49 - 2017-04-23 20:24 - 001286172 _____ C:\Users\Pepa\Downloads\11 rad proti zblazneni d.pps.bphvnm
2018-11-02 18:49 - 2017-04-17 22:01 - 000007077 _____ C:\Users\Pepa\Documents\detailBill_774074334.csv.bphvnm
2018-11-02 18:49 - 2017-04-17 22:00 - 000000000 ____D C:\Users\Pepa\Documents\Vlastní šablony Office
2018-11-02 18:49 - 2017-04-17 21:59 - 000007388 _____ C:\Users\Pepa\Downloads\detailBill_774074334.csv.bphvnm
2018-11-02 18:49 - 2017-04-11 12:34 - 000244698 _____ C:\Users\Pepa\Downloads\SKMBT_C20314052714150_0002.pdf.bphvnm
2018-11-02 18:49 - 2017-04-11 12:13 - 000075804 _____ C:\Users\Pepa\Downloads\Přihláška léto 2017 2. turnus.doc.bphvnm
2018-11-02 18:49 - 2017-04-06 08:53 - 000519103 _____ C:\Users\Pepa\Downloads\press-release.docx.bphvnm
2018-11-02 18:49 - 2017-04-05 22:40 - 000095363 _____ C:\Users\Pepa\Downloads\IMG_20170405_091601.jpg.bphvnm
2018-11-02 18:49 - 2017-04-04 20:44 - 000148508 _____ C:\Users\Pepa\Downloads\A531F053C4148F5AE04011AC811460BF.doc.bphvnm
2018-11-02 18:49 - 2017-04-02 23:29 - 000015650 _____ C:\Users\Pepa\Downloads\Dopis-péče.docx.bphvnm
2018-11-02 18:49 - 2017-04-02 20:47 - 000017030 _____ C:\Users\Pepa\Desktop\Dopis-péče.docx.bphvnm
2018-11-02 18:49 - 2017-03-21 22:33 - 000069695 _____ C:\Users\Pepa\Downloads\20.3.-24.3.2017.xlsx.bphvnm
2018-11-02 18:49 - 2017-03-21 22:19 - 000037916 _____ C:\Users\Pepa\Downloads\16036-aktualni-napojovy-listek-Zatisi.doc.bphvnm
2018-11-02 18:49 - 2017-03-21 22:15 - 000124444 _____ C:\Users\Pepa\Downloads\16036-16036-16036-aktualni-jidelni-listek-Zatisi1.doc.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 011641818 _____ C:\Users\Pepa\Documents\Sken1.jpg.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 011220060 _____ C:\Users\Pepa\Documents\Sken2.jpg.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 001091970 _____ C:\Users\Pepa\Documents\mapa Petřvald2.png.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 001078786 _____ C:\Users\Pepa\Documents\mapa Petřvald.png.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000367916 _____ C:\Users\Pepa\Documents\tech. průkaz_0001.jpg.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000320436 _____ C:\Users\Pepa\Documents\tech. průkaz_0002.jpg.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000083947 _____ C:\Users\Pepa\Documents\List Duch. Pojištění Josef.pdf.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000083649 _____ C:\Users\Pepa\Documents\List Duch. Pojištění Stanislav.pdf.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000083000 _____ C:\Users\Pepa\Documents\List Duch. Pojištění.pdf.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000029153 _____ C:\Users\Pepa\Documents\mapask.png.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000023308 _____ C:\Users\Pepa\Documents\mapa.png.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000021294 _____ C:\Users\Pepa\Documents\pozemek sk.png.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000017530 _____ C:\Users\Pepa\Documents\Cviky po operaci kyčel.kloubu.docx.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000014403 _____ C:\Users\Pepa\Documents\biomasa.docx.bphvnm
2018-11-02 18:49 - 2017-03-12 14:24 - 000000000 ____D C:\Users\Pepa\Documents\Radek-škola
2018-11-02 18:49 - 2017-03-12 14:24 - 000000000 ____D C:\Users\Pepa\Documents\Pepík
2018-11-02 18:49 - 2017-03-09 23:15 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\WinRAR
2018-11-02 18:49 - 2017-03-07 23:51 - 001810279 _____ C:\Users\Pepa\Documents\20170128_104729.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:45 - 000000000 ____D C:\Users\Pepa\Desktop\pepa, MR2 - tiskostrava.cz, 24.2.2017
2018-11-02 18:49 - 2017-03-06 19:45 - 000000000 ____D C:\Users\Pepa\Desktop\cdc obrázky
2018-11-02 18:49 - 2017-03-06 19:44 - 000012211 _____ C:\Users\Pepa\Desktop\prac.lékařství.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:44 - 000000000 ____D C:\Users\Pepa\Desktop\JOSEF
2018-11-02 18:49 - 2017-03-06 19:44 - 000000000 ____D C:\Users\Pepa\Desktop\Boty
2018-11-02 18:49 - 2017-03-06 19:43 - 007390593 _____ C:\Users\Pepa\Desktop\MASARYK.UNIVERZITA-PÁTEŘ.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:43 - 000019487 _____ C:\Users\Pepa\Desktop\Bez názvu.png.bphvnm
2018-11-02 18:49 - 2017-03-06 19:43 - 000012758 _____ C:\Users\Pepa\Desktop\mary kay.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:43 - 000000000 ____D C:\Users\Pepa\Desktop\Prodloužený víkend v luxusní neobarokní Ville Regenhart v srdci Jeseníků - Villa Regenhart____ _ Lázně a wellness hotely _ Spa.cz_files
2018-11-02 18:49 - 2017-03-06 19:43 - 000000000 ____D C:\Users\Pepa\Desktop\2014-09-04 sit.snímek-Petř
2018-11-02 18:49 - 2017-03-06 19:43 - 000000000 ____D C:\Users\Pepa\Desktop\2014-09-04 LV 1247-Zac
2018-11-02 18:49 - 2017-03-06 19:42 - 000000000 ____D C:\Users\Pepa\Desktop\foto babi,prodej
2018-11-02 18:49 - 2017-03-06 19:41 - 002008672 _____ C:\Users\Pepa\Desktop\Lesy SR.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:41 - 000044229 _____ C:\Users\Pepa\Desktop\d5ead320-718b-4b69-b9d4-21e7b78f2b50.png.bphvnm
2018-11-02 18:49 - 2017-03-06 19:41 - 000040476 _____ C:\Users\Pepa\Desktop\T-Mobile_Program_pro_OSZ_Mlada_Boleslav_ceny_a_informace_2015.doc.bphvnm
2018-11-02 18:49 - 2017-03-06 19:41 - 000027676 _____ C:\Users\Pepa\Desktop\Plná_moc_ŘP-2010-0324 (1).doc.bphvnm
2018-11-02 18:49 - 2017-03-06 19:41 - 000012679 _____ C:\Users\Pepa\Desktop\Oznámení.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:40 - 008942748 _____ C:\Users\Pepa\Desktop\ŽÁDOST 2016.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:40 - 002581753 _____ C:\Users\Pepa\Desktop\DSC_0003.JPG.bphvnm
2018-11-02 18:49 - 2017-03-06 19:40 - 002412121 _____ C:\Users\Pepa\Desktop\DSC_0002.JPG.bphvnm
2018-11-02 18:49 - 2017-03-06 19:40 - 000970165 _____ C:\Users\Pepa\Desktop\krka3--c1366xc768.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:40 - 000114015 _____ C:\Users\Pepa\Desktop\denivka žlutá.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:39 - 000232769 _____ C:\Users\Pepa\Desktop\kvet12369.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:39 - 000216646 _____ C:\Users\Pepa\Desktop\chemie nazvoslovi_oxidu.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:38 - 002181037 _____ C:\Users\Pepa\Desktop\DSC_0040.JPG.bphvnm
2018-11-02 18:49 - 2017-03-06 19:38 - 001395302 _____ C:\Users\Pepa\Desktop\Ježíková28.5.2014.jpg.bphvnm
2018-11-02 18:49 - 2017-03-06 19:38 - 000012134 _____ C:\Users\Pepa\Desktop\Nový Microsoft Word Document.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000016303 _____ C:\Users\Pepa\Desktop\HRAN.stíž-ODIS.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000016257 _____ C:\Users\Pepa\Desktop\HRAN.stíž-DP.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000016233 _____ C:\Users\Pepa\Desktop\HRan.stíž..docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000014944 _____ C:\Users\Pepa\Documents\Dobrá-cesta 4 září 2014.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000013011 _____ C:\Users\Pepa\Desktop\jídlo a oddech.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000012157 _____ C:\Users\Pepa\Desktop\Parkovaní - Kadeřnictví.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:37 - 000004339 _____ C:\Users\Pepa\Documents\Dobrá-cesta(3).docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000248444 _____ C:\Users\Pepa\Desktop\Kalkulačka pojištění - Nejlevnější povinné ručení - ePojisteni.cz.htm.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000108572 _____ C:\Users\Pepa\Desktop\CDsmlouva2015.xls.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000074693 _____ C:\Users\Pepa\Desktop\diktát s-z.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000013931 _____ C:\Users\Pepa\Desktop\Břemeno,.docx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000012432 _____ C:\Users\Pepa\Desktop\Televize.xlsx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000012402 _____ C:\Users\Pepa\Desktop\Televize vyber.xlsx.bphvnm
2018-11-02 18:49 - 2017-03-06 19:36 - 000000000 ____D C:\Users\Pepa\Desktop\Iva foto
2018-11-02 18:49 - 2017-03-06 19:35 - 001234596 _____ C:\Users\Pepa\Desktop\klima.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:34 - 001880367 _____ C:\Users\Pepa\Desktop\Citroen Xsara.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:34 - 000269232 _____ C:\Users\Pepa\Desktop\stř. proud a transf pr k procviceni.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:34 - 000242831 _____ C:\Users\Pepa\Desktop\dopis RK.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:34 - 000085076 _____ C:\Users\Pepa\Desktop\(4) Doručené – Seznam Email.pdf.bphvnm
2018-11-02 18:49 - 2017-03-06 19:34 - 000000000 ____D C:\Users\Pepa\Desktop\Všechny obrázky tata
2018-11-02 18:49 - 2017-03-06 19:34 - 000000000 ____D C:\Users\Pepa\Desktop\skeny
2018-11-02 18:49 - 2017-03-06 19:33 - 000030277 _____ C:\Users\Pepa\Desktop\Chemické názvosloví – anorganika.html.bphvnm
2018-11-02 18:49 - 2017-03-06 19:33 - 000000000 ____D C:\Users\Pepa\Desktop\petř.mama
2018-11-02 18:49 - 2017-03-06 19:33 - 000000000 ____D C:\Users\Pepa\Desktop\Chemické názvosloví – anorganika_files
2018-11-02 18:49 - 2017-03-06 19:33 - 000000000 ____D C:\Users\Pepa\Desktop\Foto
2018-11-02 18:49 - 2017-03-06 19:32 - 000083408 _____ C:\Users\Pepa\Desktop\PAZOURA.html.bphvnm
2018-11-02 18:49 - 2017-03-06 19:32 - 000000000 ____D C:\Users\Pepa\Desktop\PAZOURA_files
2018-11-02 18:49 - 2017-03-06 19:29 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Skype
2018-11-02 18:49 - 2017-03-06 19:29 - 000000000 ____D C:\Users\Pepa\AppData\LocalLow\Adobe
2018-11-02 18:49 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Intel
2018-11-02 18:49 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Adobe
2018-11-02 18:49 - 2017-01-26 09:15 - 000326298 _____ C:\Users\Pepa\Downloads\Ceník klient MSK 2017 nová smlouva (1).pdf.bphvnm
2018-11-02 18:49 - 2017-01-26 09:14 - 000326298 _____ C:\Users\Pepa\Downloads\Ceník klient MSK 2017 nová smlouva.pdf.bphvnm
2018-11-02 18:49 - 2017-01-25 16:43 - 000014364 _____ C:\Users\Pepa\Downloads\5099_1_05lDaFXi.doc.bphvnm
2018-11-02 18:49 - 2017-01-10 14:24 - 000027676 _____ C:\Users\Pepa\Downloads\Plná_moc_ŘP-2010-0324 (1).doc.bphvnm
2018-11-02 18:49 - 2017-01-10 14:21 - 000027676 _____ C:\Users\Pepa\Downloads\Plná_moc_ŘP-2010-0324.doc.bphvnm
2018-11-02 18:49 - 2017-01-05 23:54 - 000119236 _____ C:\Users\Pepa\Downloads\zpoždění 1.jpg.bphvnm
2018-11-02 18:49 - 2017-01-04 10:59 - 000036892 _____ C:\Users\Pepa\Downloads\000140.doc.bphvnm
2018-11-02 18:49 - 2017-01-04 10:59 - 000036892 _____ C:\Users\Pepa\Downloads\000140 (1).doc.bphvnm
2018-11-02 18:49 - 2016-12-19 19:30 - 000052798 _____ C:\Users\Pepa\Downloads\dodatPrikaz_78.pdf.bphvnm
2018-11-02 18:49 - 2016-12-19 19:30 - 000052798 _____ C:\Users\Pepa\Downloads\dodatPrikaz_78 (1).pdf.bphvnm
2018-11-02 18:49 - 2016-12-14 22:41 - 000967196 _____ C:\Users\Pepa\Downloads\diplomka_14 (2).doc.bphvnm
2018-11-02 18:49 - 2016-12-14 22:40 - 000967196 _____ C:\Users\Pepa\Downloads\diplomka_14.doc.bphvnm
2018-11-02 18:49 - 2016-12-14 22:40 - 000967196 _____ C:\Users\Pepa\Downloads\diplomka_14 (1).doc.bphvnm
2018-11-02 18:49 - 2016-12-08 14:06 - 000628721 _____ C:\Users\Pepa\Downloads\Doklad_163162717PV.pdf.bphvnm
2018-11-02 18:49 - 2016-11-23 13:30 - 000102045 _____ C:\Users\Pepa\Downloads\Priloha_Sb_1999_256-P7.rtf.bphvnm
2018-11-02 18:49 - 2016-11-21 05:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-02 18:49 - 2016-11-17 22:36 - 000328163 _____ C:\Users\Pepa\Downloads\Pravni poradny 09-12-2014_226.pdf.bphvnm
2018-11-02 18:49 - 2016-09-26 00:08 - 000066105 _____ C:\Users\Pepa\Downloads\409892_es_czsk.JPG.bphvnm
2018-11-02 18:49 - 2016-09-26 00:06 - 000213543 _____ C:\Users\Pepa\Downloads\380397_es_czsk.jpg.bphvnm
2018-11-02 18:49 - 2016-09-26 00:04 - 000185639 _____ C:\Users\Pepa\Downloads\409168_es_czsk.png.bphvnm
2018-11-02 18:49 - 2016-09-26 00:02 - 000185639 _____ C:\Users\Pepa\Downloads\409167_es_czsk.png.bphvnm
2018-11-02 18:49 - 2016-09-26 00:00 - 000033672 _____ C:\Users\Pepa\Downloads\347048_es_czsk.jpg.bphvnm
2018-11-02 18:49 - 2016-09-25 23:59 - 000547893 _____ C:\Users\Pepa\Downloads\412779_es_czsk.jpg.bphvnm
2018-11-02 18:49 - 2016-09-25 23:57 - 000033542 _____ C:\Users\Pepa\Downloads\367293_es_czsk.jpg.bphvnm
2018-11-02 18:49 - 2016-09-13 12:18 - 000140296 _____ C:\Users\Pepa\Downloads\Linka_Bus_418,_Senov,V_Druzstvu_-_Mesto,zel.st..pdf.bphvnm
2018-11-02 18:49 - 2016-06-02 22:51 - 000043036 _____ C:\Users\Pepa\Downloads\zk-02-2002-08pr3 .doc.bphvnm
2018-11-02 18:49 - 2016-05-18 19:35 - 000051740 _____ C:\Users\Pepa\Downloads\Souveti.doc.bphvnm
2018-11-02 18:49 - 2016-04-28 22:26 - 000056348 _____ C:\Users\Pepa\Downloads\mz_jc_seznam_lit_del_sablona.doc.bphvnm
2018-11-02 18:49 - 2016-04-25 21:17 - 000759324 _____ C:\Users\Pepa\Downloads\opakzs (1).doc.bphvnm
2018-11-02 18:49 - 2016-04-25 21:12 - 000759324 _____ C:\Users\Pepa\Downloads\opakzs.doc.bphvnm
2018-11-02 18:49 - 2016-04-07 06:55 - 000523443 _____ C:\Users\Pepa\Downloads\vypoved-formular-Ježíková.pdf.bphvnm
2018-11-02 18:49 - 2016-03-13 01:27 - 000065052 _____ C:\Users\Pepa\Downloads\kosmetika (1).doc.bphvnm
2018-11-02 18:49 - 2016-03-13 01:27 - 000033820 _____ C:\Users\Pepa\Downloads\manikura.doc.bphvnm
2018-11-02 18:49 - 2016-03-13 00:48 - 000065052 _____ C:\Users\Pepa\Downloads\kosmetika.doc.bphvnm
2018-11-02 18:49 - 2016-02-07 01:49 - 000182812 _____ C:\Users\Pepa\Downloads\cestovni-smlouva-rekrea.xls.bphvnm
2018-11-02 18:49 - 2016-02-03 21:14 - 000237653 _____ C:\Users\Pepa\Downloads\vy-32-inovace-02-b-20-slovna-aslohy-o-pohybu.pptx.bphvnm
2018-11-02 18:49 - 2016-02-02 11:50 - 004880014 _____ C:\Users\Pepa\Downloads\ENBRA_-_ceník_MaR_TT_07_2015.pdf.bphvnm
2018-11-02 18:49 - 2016-02-02 11:46 - 000365129 _____ C:\Users\Pepa\Downloads\ENBRA_-_ceník_2015_Tepelná_čerpadla_a_solární_systémy.pdf.bphvnm
2018-11-02 18:49 - 2016-02-02 11:04 - 000067612 _____ C:\Users\Pepa\Downloads\Prohlášení o funkčnosti kotle a používaných palivech.doc.bphvnm
2018-11-02 18:49 - 2016-02-02 09:36 - 000222992 _____ C:\Users\Pepa\Downloads\187-1-Seznam výrobků _ Kotlíky_29_1.xlsx.bphvnm
2018-11-02 18:49 - 2016-02-02 09:31 - 000305292 _____ C:\Users\Pepa\Downloads\285-1-FAQ_kotlíková revoluce v plném proudu.pdf.bphvnm
2018-11-02 18:49 - 2016-01-28 01:34 - 000014622 _____ C:\Users\Pepa\Downloads\PF 2014.jpg.bphvnm
2018-11-02 18:49 - 2016-01-27 23:00 - 000072036 _____ C:\Users\Pepa\Downloads\M8_slovní úlohy řešené rovnicemi 2-řešení (1).pdf.bphvnm
2018-11-02 18:49 - 2016-01-27 22:29 - 000062953 _____ C:\Users\Pepa\Downloads\Slovní úlohy pro 9. ročník 1.pdf.bphvnm
2018-11-02 18:49 - 2016-01-27 22:06 - 000545820 _____ C:\Users\Pepa\Downloads\Slovni_ulohy_resene_pomoci_rovnic_1.ppt.bphvnm
2018-11-02 18:49 - 2016-01-27 20:38 - 000072036 _____ C:\Users\Pepa\Downloads\M8_slovní úlohy řešené rovnicemi 2-řešení.pdf.bphvnm
2018-11-02 18:49 - 2016-01-14 22:17 - 000439066 _____ C:\Users\Pepa\Downloads\vyr_zprava_12_13.pdf.bphvnm
2018-11-02 18:49 - 2016-01-12 18:04 - 000176039 _____ C:\Users\Pepa\Downloads\187-1-Seznam výrobků _Kotlíky_SVT_8_1_2016 (1).xlsx.bphvnm
2018-11-02 18:49 - 2016-01-12 18:03 - 000176039 _____ C:\Users\Pepa\Downloads\187-1-Seznam výrobků _Kotlíky_SVT_8_1_2016.xlsx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 006890087 _____ C:\Users\Pepa\Downloads\113103.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 003922039 _____ C:\Users\Pepa\Downloads\autokolo.jpg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 002390956 _____ C:\Users\Pepa\Downloads\VELIS_katalog-10.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 002377210 _____ C:\Users\Pepa\Downloads\pvc-podlahove-krytiny-cenik-v-podlahy-platny-od-132015-do-2922016-strana-4-19.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 002035343 _____ C:\Users\Pepa\Downloads\143_480_produktovy-list-plt-r-pdf.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001490807 _____ C:\Users\Pepa\Downloads\Návod_Metalac.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001330204 _____ C:\Users\Pepa\Downloads\2007Mannenkalender.pps.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001270300 _____ C:\Users\Pepa\Downloads\IZO-2008.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001263237 _____ C:\Users\Pepa\Downloads\Popisy vyrobku TORO Hlavecnik.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001218732 _____ C:\Users\Pepa\Downloads\cennik bytovania a balíky 2015.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001140470 _____ C:\Users\Pepa\Downloads\404575_-_OTG_120_SLSIM_BC6.PDF.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 001091432 _____ C:\Users\Pepa\Downloads\Protokol_test_CJL.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000932380 _____ C:\Users\Pepa\Downloads\03_zakazove.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000919783 _____ C:\Users\Pepa\Downloads\vykres-okce-50-125.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000857148 _____ C:\Users\Pepa\Downloads\voucher-NAK00003qmumcngw.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000658871 _____ C:\Users\Pepa\Downloads\2000-leto.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000626716 _____ C:\Users\Pepa\Downloads\Mocniny_se_zapornym_zakladem.ppt.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000623962 _____ C:\Users\Pepa\Downloads\VY_32_INOVACE_ZSV_1.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000551964 _____ C:\Users\Pepa\Downloads\ohrivace.xls.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000532048 _____ C:\Users\Pepa\Downloads\čsob dop 001.jpg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000483501 _____ C:\Users\Pepa\Downloads\smlouva 001.jpg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000470044 _____ C:\Users\Pepa\Downloads\Lomene_vyrazy_-_odcitani.ppt.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000461243 _____ C:\Users\Pepa\Downloads\LV 1247-Zac 001.jpg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000459804 _____ C:\Users\Pepa\Downloads\lomene_vyrazy_kraceni.pps.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000434808 _____ C:\Users\Pepa\Downloads\Cennik dec 2014 SK.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000422428 _____ C:\Users\Pepa\Downloads\GLN_kody.xls.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000394098 _____ C:\Users\Pepa\Downloads\str. 1.jpeg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000384336 _____ C:\Users\Pepa\Downloads\CJL_jaro_2014_DT.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000347495 _____ C:\Users\Pepa\Downloads\sporak-komb-indesit-k-343-m-x-eu-1423646298-soubor-21530.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000309696 _____ C:\Users\Pepa\Downloads\255-1-16586-faq_2_11.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000261303 _____ C:\Users\Pepa\Downloads\f403-cenik-2015-dlazba---vyrobky.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000232988 _____ C:\Users\Pepa\Downloads\Metodicky-list_lyrika-priloha.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000209286 _____ C:\Users\Pepa\Downloads\zoznam_zmluv_mesta_banska_bystrica_za_r._2007_a_2008.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000192540 _____ C:\Users\Pepa\Downloads\075 Násobení zlomků.ppt.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000179228 _____ C:\Users\Pepa\Downloads\ODPORSITE.pps.bphvnm
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:09

2018-11-02 18:49 - 2016-01-11 14:31 - 000169720 _____ C:\Users\Pepa\Downloads\formular_podpora.rtf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000156188 _____ C:\Users\Pepa\Downloads\cJm8-vedl_vety.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000154993 _____ C:\Users\Pepa\Downloads\187-1-Seznam výrobků _ OPŽP-Kotlíky_SVT_18_12.xlsx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000150493 _____ C:\Users\Pepa\Downloads\CJ_klic.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000134172 _____ C:\Users\Pepa\Downloads\priloha_6___vyber_uryvku_z_portfolia_zakovskych_praci.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000125115 _____ C:\Users\Pepa\Downloads\studie.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000119683 _____ C:\Users\Pepa\Downloads\OTG120SLSIMBC6_(404575).pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000113102 _____ C:\Users\Pepa\Downloads\M9 Řešení slovních úloh o pohybu.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000105929 _____ C:\Users\Pepa\Downloads\slevomat-cz-voucher-hodinova-masaz-dle-vlastniho-vyberu-5919712970A-571.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000096796 _____ C:\Users\Pepa\Downloads\prihlaska_tabory_3.2015.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000093142 _____ C:\Users\Pepa\Downloads\slevomat-cz-voucher-brillantni-kosmeticke-rozmazleni-5849613950A-940.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000086556 _____ C:\Users\Pepa\Downloads\Metodika domaci pripravy.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000083996 _____ C:\Users\Pepa\Downloads\Vila Flóra - Hévíz.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000081436 _____ C:\Users\Pepa\Downloads\Prihlaska_SS_2507.xls.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000069148 _____ C:\Users\Pepa\Downloads\Matematika 8.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000063401 _____ C:\Users\Pepa\Downloads\nlVnitro_54_343640_2154_00041_20150107_voznalepky.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000058908 _____ C:\Users\Pepa\Downloads\Babicka_2.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000053938 _____ C:\Users\Pepa\Downloads\detektory-plynu-co-co2 _ Detektor CO a hlásič oxidu uhelnatého CO-man LCD Plus.html.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000050607 _____ C:\Users\Pepa\Downloads\A + A Mobilmarket-DETEKTOR.html.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000049692 _____ C:\Users\Pepa\Downloads\kopie - kontakty biskupsk lesy01_2015.xls.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000048252 _____ C:\Users\Pepa\Downloads\Pohyb_8236520398_na_uctu_2100285567.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000044572 _____ C:\Users\Pepa\Downloads\CJ_13_moderni_lyrika.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000042433 _____ C:\Users\Pepa\Downloads\Hlásič a detektor oxidu uhelnatého (CO) CARBON.html.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000039452 _____ C:\Users\Pepa\Downloads\Přihláška léto 2015.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000033308 _____ C:\Users\Pepa\Downloads\pokyny_pro_rodice_1.t.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000027164 _____ C:\Users\Pepa\Downloads\zadprip.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000024592 _____ C:\Users\Pepa\Downloads\Seznam_uradu_pro_vydej_OP.xlsx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000023580 _____ C:\Users\Pepa\Downloads\k2_syllabus.doc.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000019527 _____ C:\Users\Pepa\Downloads\kontakty_personalni_pracoviste.xlsx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000018718 _____ C:\Users\Pepa\Downloads\Propustka_k_lekari.pdf.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000016809 _____ C:\Users\Pepa\Downloads\PROGRAMOVÉ__PROHLÁŠENÍ.docx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000014078 _____ C:\Users\Pepa\Downloads\poukaz_2_2015.docx.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000012515 _____ C:\Users\Pepa\Downloads\vel.2.jpg.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000006188 _____ C:\Users\Pepa\Downloads\FOSFORECNAN HORECNATY.RTF.bphvnm
2018-11-02 18:49 - 2016-01-11 14:31 - 000000000 ____D C:\Users\Pepa\Downloads\Hlásič a detektor oxidu uhelnatého (CO) CARBON_files
2018-11-02 18:49 - 2016-01-11 14:31 - 000000000 ____D C:\Users\Pepa\Downloads\detektory-plynu-co-co2 _ Detektor CO a hlásič oxidu uhelnatého CO-man LCD Plus_files
2018-11-02 18:49 - 2016-01-11 14:31 - 000000000 ____D C:\Users\Pepa\Downloads\A + A Mobilmarket-DETEKTOR_files
2018-11-02 18:48 - 2018-05-22 10:15 - 000000000 ____D C:\Users\Pepa\AppData\Local\PlaceholderTileLogoFolder
2018-11-02 18:48 - 2018-03-26 19:52 - 000002550 _____ C:\Users\Pepa\AppData\Local\recently-used.xbel.bphvnm
2018-11-02 18:48 - 2018-03-26 19:51 - 000000000 ____D C:\Users\Pepa\AppData\Local\gtk-2.0
2018-11-02 18:48 - 2018-03-09 09:51 - 000000000 ____D C:\Users\Pepa\AppData\Local\NetworkTiles
2018-11-02 18:48 - 2018-01-30 16:03 - 000000000 ____D C:\Users\Pepa\AppData\Local\HP
2018-11-02 18:48 - 2017-11-15 17:04 - 000000000 ____D C:\Users\Pepa\AppData\Local\Packages
2018-11-02 18:48 - 2017-09-11 19:41 - 000000000 ____D C:\Users\Pepa\AppData\Local\TempTaskUpdateDetection92EA6C9E-799F-4263-897E-52C7C985D887
2018-11-02 18:48 - 2017-08-31 17:54 - 000000000 ____D C:\Users\Pepa\AppData\Local\VirtualStore
2018-11-02 18:48 - 2017-05-10 12:42 - 000000000 ____D C:\Users\Pepa\AppData\Local\paint.net
2018-11-02 18:48 - 2017-04-13 20:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\MicrosoftEdge
2018-11-02 18:48 - 2017-03-06 19:27 - 000000000 ____D C:\Users\Pepa\AppData\Local\Publishers
2018-11-02 18:48 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\TileDataLayer
2018-11-02 18:48 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\NVIDIA Corporation
2018-11-02 18:48 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\NVIDIA
2018-11-02 18:48 - 2017-03-06 19:26 - 000000000 ____D C:\Users\Pepa\AppData\Local\Google
2018-11-02 18:43 - 2018-10-21 19:58 - 004038943 _____ C:\Users\Kedar\Downloads\It's Impossible to Ghost That Guy ! - Best of LoL Streams #444.mp4.bphvnm
2018-11-02 18:43 - 2018-10-20 18:11 - 000121372 _____ C:\Users\Kedar\Downloads\Směnnost - ČP (11,18) Sládkova.xls.bphvnm
2018-11-02 18:43 - 2018-10-20 14:31 - 021910314 _____ C:\Users\Kedar\Documents\Untitled24.mp4.bphvnm
2018-11-02 18:43 - 2018-10-19 21:45 - 000051583 _____ C:\Users\Kedar\Downloads\DSC01319.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:45 - 000051069 _____ C:\Users\Kedar\Downloads\DSC01318.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:44 - 000051063 _____ C:\Users\Kedar\Downloads\DSC01340.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:44 - 000050855 _____ C:\Users\Kedar\Downloads\DSC01350.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:44 - 000050628 _____ C:\Users\Kedar\Downloads\DSC01338.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:44 - 000050329 _____ C:\Users\Kedar\Downloads\DSC01339.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:38 - 000050578 _____ C:\Users\Kedar\Downloads\PC158450.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:37 - 000050653 _____ C:\Users\Kedar\Downloads\PC158457.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 21:37 - 000049941 _____ C:\Users\Kedar\Downloads\PC158478.JPG.bphvnm
2018-11-02 18:43 - 2018-10-19 19:32 - 012661761 _____ C:\Users\Kedar\Downloads\10000000_1621612261273009_3393257386328598903_n.mp4.bphvnm
2018-11-02 18:43 - 2018-10-09 19:42 - 006176171 _____ C:\Users\Kedar\Documents\Untitled43.mp4.bphvnm
2018-11-02 18:43 - 2018-10-09 19:23 - 009496933 _____ C:\Users\Kedar\Documents\Untitled33.mp4.bphvnm
2018-11-02 18:43 - 2018-10-08 18:58 - 007294208 _____ C:\Users\Kedar\Downloads\Debris & RudeLies - Animal (ft. Jex) (Radio Edit).mp3.bphvnm
2018-11-02 18:43 - 2018-10-06 18:54 - 000092806 _____ C:\Users\Kedar\Downloads\kv111111 (1)a.png.bphvnm
2018-11-02 18:43 - 2018-10-06 18:50 - 000033348 _____ C:\Users\Kedar\Downloads\kv111111.pdf.bphvnm
2018-11-02 18:43 - 2018-10-06 18:49 - 005183513 _____ C:\Users\Kedar\Downloads\kv111111 (1).png.bphvnm
2018-11-02 18:43 - 2018-10-06 18:45 - 010436165 _____ C:\Users\Kedar\Downloads\kv111111.png.bphvnm
2018-11-02 18:43 - 2018-10-06 18:33 - 000766142 _____ C:\Users\Kedar\Downloads\pustkovec komunalni-volby-2018.png.bphvnm
2018-11-02 18:43 - 2018-10-06 18:27 - 000227759 _____ C:\Users\Kedar\Downloads\Pustkovec komunalni-volby-2018.aspx.pdf.bphvnm
2018-11-02 18:43 - 2018-10-04 21:02 - 000000560 ___SH C:\Users\Kedar\ntuser.ini.bphvnm
2018-11-02 18:43 - 2018-10-03 20:34 - 000000000 ____D C:\Users\Kedar\Downloads\InviDownloader1.0.0.4
2018-11-02 18:43 - 2018-10-03 15:49 - 000000000 ____D C:\Users\Kedar\Downloads\SP
2018-11-02 18:43 - 2018-10-03 13:13 - 000044749 _____ C:\Users\Kedar\Downloads\EizjHqRV_400x400.jpg.bphvnm
2018-11-02 18:43 - 2018-10-01 19:55 - 000000000 ____D C:\Users\Kedar\Documents\My RoboHelp Projects
2018-11-02 18:43 - 2018-09-30 17:44 - 007698536 _____ C:\Users\Kedar\Downloads\Mountkid - Dino [NCS Release].mp3.bphvnm
2018-11-02 18:43 - 2018-09-30 17:38 - 007125199 _____ C:\Users\Kedar\Downloads\Emdi x Coorby feat. Kristi-Leah - Lonewolf.mp3.bphvnm
2018-11-02 18:43 - 2018-09-30 17:28 - 008388494 _____ C:\Users\Kedar\Downloads\Rogers & Dean - No Doubt (Rival & Cadmium Remix).mp3.bphvnm
2018-11-02 18:43 - 2018-09-29 12:30 - 000970687 _____ C:\Users\Kedar\Documents\xs battery.png.bphvnm
2018-11-02 18:43 - 2018-09-29 12:29 - 000837571 _____ C:\Users\Kedar\Documents\x battery.png.bphvnm
2018-11-02 18:43 - 2018-09-28 17:11 - 091561641 _____ C:\Users\Kedar\Downloads\Pink Analog Look Premium App With All Filters.rar.bphvnm
2018-11-02 18:43 - 2018-09-24 20:43 - 000259797 _____ C:\Users\Kedar\Documents\poq.png.bphvnm
2018-11-02 18:43 - 2018-09-24 20:41 - 000172015 _____ C:\Users\Kedar\Documents\ppp1.png.bphvnm
2018-11-02 18:43 - 2018-09-24 20:37 - 000417983 _____ C:\Users\Kedar\Documents\ppp.png.bphvnm
2018-11-02 18:43 - 2018-09-23 15:11 - 038472333 _____ C:\Users\Kedar\Downloads\How to Attack_Move like a Scripter with Kog'Maw.mp4.bphvnm
2018-11-02 18:43 - 2018-09-23 14:01 - 000010729 _____ C:\Users\Kedar\Downloads\Wk,.xlsx.bphvnm
2018-11-02 18:43 - 2018-09-23 09:56 - 000000000 ____D C:\Users\Kedar\Documents\UnrealEngine
2018-11-02 18:43 - 2018-09-22 13:45 - 005211043 _____ C:\Users\Kedar\Downloads\30533893_284017642178450_1228192642006990433_n.mp4.bphvnm
2018-11-02 18:43 - 2018-09-22 08:36 - 000999833 _____ C:\Users\Kedar\Downloads\Huawei Mate 20 non-Pro hand on video leak.mp4.bphvnm
2018-11-02 18:43 - 2018-09-11 09:44 - 000000000 ____D C:\Users\Pepa\ansel
2018-11-02 18:43 - 2018-09-10 17:49 - 000052714 _____ C:\Users\Kedar\Downloads\12193563_494169297410806_6703212485002056331_n.jpg.bphvnm
2018-11-02 18:43 - 2018-09-05 16:30 - 010883171 _____ C:\Users\Kedar\Downloads\Testy.pdf.bphvnm
2018-11-02 18:43 - 2018-09-04 18:13 - 002753829 _____ C:\Users\Kedar\Documents\Screenshot_20180904-191142.png.bphvnm
2018-11-02 18:43 - 2018-09-03 19:45 - 039153646 _____ C:\Users\Kedar\Downloads\AdGuard-Premium-v2.12.187.apk.bphvnm
2018-11-02 18:43 - 2018-09-03 19:44 - 016668225 _____ C:\Users\Kedar\Downloads\Google Play Store v11.4.15-all [0] [PR] 209232408 Build 81141500.apk.bphvnm
2018-11-02 18:43 - 2018-09-03 19:28 - 038140013 _____ C:\Users\Kedar\Downloads\AdGuard-Premium-v2.12.140_build_2012140 (1).apk.bphvnm
2018-11-02 18:43 - 2018-08-31 13:10 - 178392728 _____ C:\Users\Kedar\Downloads\Banny.mp4.bphvnm
2018-11-02 18:43 - 2018-08-31 12:45 - 001853090 _____ C:\Users\Kedar\Downloads\senovska-basta-a-pizza-od-krtecka (1).jpg.bphvnm
2018-11-02 18:43 - 2018-08-29 10:36 - 000160066 _____ C:\Users\Kedar\Downloads\Invoice_1101811269_20180829_1228111_1092818_1228111.pdf.bphvnm
2018-11-02 18:43 - 2018-08-29 08:28 - 000064572 _____ C:\Users\Kedar\Downloads\40298025_1152135698272517_6234088401000202240_o.jpg.bphvnm
2018-11-02 18:43 - 2018-08-29 08:10 - 000183353 _____ C:\Users\Kedar\Documents\verz3.png.bphvnm
2018-11-02 18:43 - 2018-08-29 08:09 - 000183341 _____ C:\Users\Kedar\Documents\verz2.png.bphvnm
2018-11-02 18:43 - 2018-08-29 08:00 - 000105098 _____ C:\Users\Kedar\Documents\pB3U3.png.bphvnm
2018-11-02 18:43 - 2018-08-29 07:58 - 000179274 _____ C:\Users\Kedar\Documents\verz1.png.bphvnm
2018-11-02 18:43 - 2018-08-29 07:41 - 000064092 _____ C:\Users\Kedar\Downloads\Sophmore Year-FontZillion.zip.bphvnm
2018-11-02 18:43 - 2018-08-29 07:39 - 000216483 _____ C:\Users\Kedar\Documents\qqw.png.bphvnm
2018-11-02 18:43 - 2018-08-26 21:34 - 003665848 _____ C:\Users\Kedar\Downloads\ydxerpxkpcfqjaybcssw.gz.bphvnm
2018-11-02 18:43 - 2018-08-24 22:46 - 000115707 _____ C:\Users\Kedar\Documents\song.png.bphvnm
2018-11-02 18:43 - 2018-08-24 17:32 - 000118766 _____ C:\Users\Kedar\Downloads\batteryinfoview.zip.bphvnm
2018-11-02 18:43 - 2018-08-24 17:32 - 000002233 _____ C:\Users\Kedar\Downloads\batteryinfoview_czech.zip.bphvnm
2018-11-02 18:43 - 2018-08-21 14:28 - 004066570 _____ C:\Users\Kedar\Downloads\JPB - Defeat The Night (feat. Ashley Apollodor) _NCS Release_.mp3.bphvnm
2018-11-02 18:43 - 2018-08-21 11:39 - 001259636 _____ C:\Users\Kedar\Downloads\Far Cry 3 Blood Dragon CESTINA (By Keeper).rar.bphvnm
2018-11-02 18:43 - 2018-08-18 13:56 - 009445707 _____ C:\Users\Kedar\Downloads\Inova - All Gone.mp3.bphvnm
2018-11-02 18:43 - 2018-08-16 13:52 - 009919563 _____ C:\Users\Kedar\Downloads\PhotoPills_1.3.1 b53.apk.bphvnm
2018-11-02 18:43 - 2018-08-16 10:42 - 000138206 _____ C:\Users\Kedar\Downloads\sk_harry_potter_sorcerers_stone.zip.bphvnm
2018-11-02 18:43 - 2018-08-15 21:24 - 1625534185 _____ C:\Users\Kedar\Downloads\Adobe Premiere Pro CC 2018 12.1.2.69 (x64) + Crack [Kedar_CZ].rar.bphvnm
2018-11-02 18:43 - 2018-08-15 21:11 - 000361508 _____ C:\Users\Kedar\Downloads\BTS - The Truth Untold (전하지 못한 진심).mp3.sfk.bphvnm
2018-11-02 18:43 - 2018-08-15 11:38 - 000426069 _____ C:\Users\Kedar\Documents\Pixel2.png.bphvnm
2018-11-02 18:43 - 2018-08-15 10:32 - 000449510 _____ C:\Users\Kedar\Documents\Pixel.png.bphvnm
2018-11-02 18:43 - 2018-08-14 09:18 - 038140013 _____ C:\Users\Kedar\Downloads\AdGuard-Premium-v2.12.140_build_2012140.apk.bphvnm
2018-11-02 18:43 - 2018-08-13 13:23 - 011530747 _____ C:\Users\Kedar\Downloads\Post Malone - Better Now (Romen Jewels Remix).mp3.bphvnm
2018-11-02 18:43 - 2018-08-12 20:24 - 000155793 _____ C:\Users\Kedar\Downloads\Jak vytvořit romantický partnerský vztah.pdf.bphvnm
2018-11-02 18:43 - 2018-08-11 10:35 - 008699397 _____ C:\Users\Kedar\Downloads\Inova - Desire.mp3.bphvnm
2018-11-02 18:43 - 2018-08-10 10:57 - 1828306034 _____ C:\Users\Kedar\Downloads\O myšce a medvědovi Ernest et Célestine 2012, CZ.mkv.bphvnm
2018-11-02 18:43 - 2018-08-07 08:08 - 040299992 _____ C:\Users\Kedar\Downloads\Daft Punk - Harder, Better, Faster, Stronger (Far Out Remix).wav.bphvnm
2018-11-02 18:43 - 2018-08-06 09:00 - 005343639 _____ C:\Users\Kedar\Downloads\Fareoh - Under Water.mp3.bphvnm
2018-11-02 18:43 - 2018-08-05 17:39 - 011061017 _____ C:\Users\Kedar\Downloads\WinRar.7z.bphvnm
2018-11-02 18:43 - 2018-08-05 12:41 - 050544707 _____ C:\Users\Kedar\Downloads\Photoshop_Express-Premium-v5.0.510_build_156.apk.bphvnm
2018-11-02 18:43 - 2018-08-05 09:30 - 000092785 _____ C:\Users\Kedar\Downloads\EUNE-kedarczech.zip.bphvnm
2018-11-02 18:43 - 2018-08-04 09:59 - 009676721 _____ C:\Users\Kedar\Downloads\BTS - The Truth Untold (전하지 못한 진심).mp3.bphvnm
2018-11-02 18:43 - 2018-07-21 22:33 - 000000000 ____D C:\Users\Pepa\AppData\Local\D3DSCache
2018-11-02 18:43 - 2018-07-20 14:39 - 000030748 _____ C:\Users\Kedar\Downloads\Seznam věcí.doc.bphvnm
2018-11-02 18:43 - 2018-07-20 11:11 - 007445300 _____ C:\Users\Kedar\Downloads\FaceApp-Pro-v2.0.957.apk.bphvnm
2018-11-02 18:43 - 2018-07-18 10:36 - 003352670 _____ C:\Users\Kedar\Downloads\PowerAudio_Pro-v5.0.5_[ApkShadow].apk.bphvnm
2018-11-02 18:43 - 2018-07-18 09:46 - 004193256 _____ C:\Users\Kedar\Downloads\Unlock_Any_Device_Guide_2.0__AdFree_.apk.bphvnm
2018-11-02 18:43 - 2018-07-17 16:39 - 000784364 _____ C:\Users\Kedar\Downloads\video-1531841703.mp4.bphvnm
2018-11-02 18:43 - 2018-07-13 10:17 - 000002158 _____ C:\Users\Kedar\Documents\What Parts You Need to Build OWN iPhone (Smartphone).txt.bphvnm
2018-11-02 18:43 - 2018-07-13 10:11 - 001092071 _____ C:\Users\Kedar\Downloads\strangeparts-com-what-parts-do-you-need-to-make-your-own-iphone-.pdf.bphvnm
2018-11-02 18:43 - 2018-07-12 16:48 - 000001211 _____ C:\Users\Kedar\Documents\Obchody.txt.bphvnm
2018-11-02 18:43 - 2018-07-10 11:42 - 000374930 _____ C:\Users\Kedar\Downloads\1.jpg.bphvnm
2018-11-02 18:43 - 2018-07-04 18:22 - 004750074 _____ C:\Users\Kedar\Downloads\UDĚLALA SI TO NA STREAMU!.mp4.bphvnm
2018-11-02 18:43 - 2018-07-04 11:41 - 003422852 _____ C:\Users\Kedar\Downloads\obchodni_podminky_fio.pdf.bphvnm
2018-11-02 18:43 - 2018-07-02 09:58 - 000221629 _____ C:\Users\Kedar\Documents\qqa.png.bphvnm
2018-11-02 18:43 - 2018-06-27 19:50 - 001180519 _____ C:\Users\Kedar\Documents\shaco.png.bphvnm
2018-11-02 18:43 - 2018-06-26 19:41 - 067042760 _____ C:\Users\Kedar\Downloads\hmdcamera_8.1041.71.apk.bphvnm
2018-11-02 18:43 - 2018-06-18 20:02 - 000000813 _____ C:\Users\Kedar\Documents\Sickick skladby některé v RARu.txt.bphvnm
2018-11-02 18:43 - 2018-06-18 19:40 - 025881091 _____ C:\Users\Kedar\Downloads\Sickick - Infected.mp4.bphvnm
2018-11-02 18:43 - 2018-06-18 16:57 - 363771479 _____ C:\Users\Kedar\Downloads\Sickick - #TalkSick EP (2016 Update).zip.bphvnm
2018-11-02 18:43 - 2018-06-16 18:54 - 802449235 _____ C:\Users\Kedar\Downloads\FL Studio Producer Edition 20.0.2 Build 477 + Crack [Kedar_CZ].rar.bphvnm
2018-11-02 18:43 - 2018-06-08 21:37 - 006508704 _____ C:\Users\Kedar\Downloads\Prisma-v2.8.2.329_build_2000329.apk.bphvnm
2018-11-02 18:43 - 2018-06-08 21:36 - 011269581 _____ C:\Users\Kedar\Downloads\MX Player Pro-1.9.24_AC3-DTS_NEON-ULTRA-Lite-arm.apk.bphvnm
2018-11-02 18:43 - 2018-06-07 19:42 - 000880527 _____ C:\Users\Kedar\Downloads\34532618_2132111667070269_4484098786273118622_n.mp4.bphvnm
2018-11-02 18:43 - 2018-05-30 20:36 - 088125030 _____ C:\Users\Kedar\Downloads\Popcorn Time 6.1.0 Portable.rar.bphvnm
2018-11-02 18:43 - 2018-05-27 18:18 - 000025863 _____ C:\Users\Kedar\Documents\protokol 11.xlsx.bphvnm
2018-11-02 18:43 - 2018-05-27 15:55 - 000020391 _____ C:\Users\Kedar\Documents\PROTOKOL 11!.docx.bphvnm
2018-11-02 18:43 - 2018-05-27 14:07 - 002477498 _____ C:\Users\Kedar\Downloads\video-1527426343.mp4.bphvnm
2018-11-02 18:43 - 2018-05-21 11:40 - 000198342 _____ C:\Users\Kedar\Downloads\33049929_1970314689668817_1452474973623943168_o.jpg.bphvnm
2018-11-02 18:43 - 2018-05-20 11:03 - 000657928 _____ C:\Users\Kedar\Documents\p8.10 JungleRoute 2.png.bphvnm
2018-11-02 18:43 - 2018-05-20 10:58 - 000985289 _____ C:\Users\Kedar\Documents\p8.10 JungleRoute.png.bphvnm
2018-11-02 18:43 - 2018-05-20 10:55 - 000281142 _____ C:\Users\Kedar\Documents\p8.10.png.bphvnm
2018-11-02 18:43 - 2018-05-19 13:33 - 000013224 _____ C:\Users\Kedar\Documents\Smartphone do 8k Kč 2017-18-19.xlsx.bphvnm
2018-11-02 18:43 - 2018-05-15 19:06 - 001164645 _____ C:\Users\Kedar\Downloads\video-1526406864.mp4.bphvnm
2018-11-02 18:43 - 2018-05-13 09:55 - 000798919 _____ C:\Users\Kedar\Downloads\s1280x720.jpg.bphvnm
2018-11-02 18:43 - 2018-05-05 19:22 - 000000613 _____ C:\Users\Kedar\Documents\Tábor.txt.bphvnm
2018-11-02 18:43 - 2018-05-02 19:27 - 000032200 _____ C:\Users\Kedar\Documents\protokol 10.xlsx.bphvnm
2018-11-02 18:43 - 2018-05-02 17:50 - 000024125 _____ C:\Users\Kedar\Documents\PROTOKOL 10!.docx.bphvnm
2018-11-02 18:43 - 2018-04-24 19:26 - 000156484 _____ C:\Users\Kedar\Downloads\regular.jpg.bphvnm
2018-11-02 18:43 - 2018-04-24 19:25 - 000138342 _____ C:\Users\Kedar\Downloads\regular tsh.jpg.bphvnm
2018-11-02 18:43 - 2018-04-24 14:35 - 011175852 _____ C:\Users\Kedar\Downloads\Inova - Disowned.mp3.bphvnm
2018-11-02 18:43 - 2018-04-23 17:43 - 000091352 _____ C:\Users\Kedar\Downloads\The.Net.[Geumul].2016.720p.HDRip.x264.AC3.HORiZON-ArtSubs_track3_eng.ass.bphvnm
2018-11-02 18:43 - 2018-04-23 15:12 - 000096871 _____ C:\Users\Kedar\Downloads\30855863_1810642389231881_4976921627733262336_n.jpg.bphvnm
2018-11-02 18:43 - 2018-04-18 17:25 - 000028929 _____ C:\Users\Kedar\Documents\PROTOKOL 9!.docx.bphvnm
2018-11-02 18:43 - 2018-04-18 14:24 - 000035766 _____ C:\Users\Kedar\Documents\protokol 9.xlsx.bphvnm
2018-11-02 18:43 - 2018-04-12 20:27 - 000979736 _____ C:\Users\Kedar\Downloads\157271334_f0c6de51afc4bc0c3220809ccd0e1eaeaa7e5bff twitter history.zip.bphvnm
2018-11-02 18:43 - 2018-04-08 12:10 - 000011524 _____ C:\Users\Kedar\Documents\stříd.xlsx.bphvnm
2018-11-02 18:43 - 2018-04-07 20:23 - 000025405 _____ C:\Users\Kedar\Documents\PROTOKOL 8!.docx.bphvnm
2018-11-02 18:43 - 2018-04-07 20:19 - 000011629 _____ C:\Users\Kedar\Documents\stejnosměrný.xlsx.bphvnm
2018-11-02 18:43 - 2018-04-03 14:10 - 000025628 _____ C:\Users\Kedar\Downloads\me_uvod_prot (2).xls.bphvnm
2018-11-02 18:43 - 2018-03-29 09:33 - 003918559 _____ C:\Users\Kedar\Documents\upi.png.bphvnm
2018-11-02 18:43 - 2018-03-27 19:48 - 000582716 _____ C:\Users\Kedar\Documents\qqq.png.bphvnm
2018-11-02 18:43 - 2018-03-20 17:03 - 000000000 ____D C:\Users\Pepa\AppData\Local\Audacity
2018-11-02 18:43 - 2018-03-13 16:38 - 000297845 _____ C:\Users\Kedar\Documents\sýkorka.png.bphvnm
2018-11-02 18:43 - 2018-03-12 21:20 - 000083075 _____ C:\Users\Kedar\Downloads\2Pac X Kurupt - Still Ballin (2SCRATCH REMIX) Mastera.jpg.bphvnm
2018-11-02 18:43 - 2018-03-12 21:16 - 048941722 _____ C:\Users\Kedar\Downloads\2Pac X Kurupt - Still Ballin (2SCRATCH REMIX) Master.wav.bphvnm
2018-11-02 18:43 - 2018-03-10 21:22 - 000011360 _____ C:\Users\Kedar\Documents\Sešit1.xlsx.bphvnm
2018-11-02 18:43 - 2018-02-24 16:43 - 000030748 _____ C:\Users\Kedar\Downloads\me_uvod_prot (1).xls.bphvnm
2018-11-02 18:43 - 2018-02-20 16:51 - 000242419 _____ C:\Users\Kedar\Downloads\DWb5V5eW4AAz7QI.jpg.bphvnm
2018-11-02 18:43 - 2018-02-16 15:34 - 000025366 _____ C:\Users\Kedar\Downloads\36800.jpg.bphvnm
2018-11-02 18:43 - 2018-02-10 13:52 - 016004788 _____ C:\Users\Kedar\Downloads\MX Player Pro v1.9.17 (Paid) [Patched] [AC3 & DTS Support] [ARM].apk.bphvnm
2018-11-02 18:43 - 2018-02-10 13:18 - 004188971 _____ C:\Users\Kedar\Downloads\Dictionary-v7.5.4_build_519.apk.bphvnm
2018-11-02 18:43 - 2018-02-08 14:50 - 000000000 ____D C:\Users\Pepa\AppData\Local\DBG
2018-11-02 18:43 - 2018-02-08 14:50 - 000000000 ____D C:\Users\Pepa\AppData\Local\CrashDumps
2018-11-02 18:43 - 2018-02-07 12:21 - 024541436 _____ C:\Users\Kedar\Downloads\YouTube.zip.bphvnm
2018-11-02 18:43 - 2018-02-01 13:17 - 000191551 _____ C:\Users\Kedar\Downloads\27164384_2102706486680113_812905477115965905_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:17 - 000102535 _____ C:\Users\Kedar\Downloads\27500464_2102712460012849_6663701711561780589_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:15 - 000105584 _____ C:\Users\Kedar\Downloads\27173789_2102707496680012_8234251087207390787_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:15 - 000101998 _____ C:\Users\Kedar\Downloads\27709969_2102708603346568_8145497041708345638_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:13 - 000098995 _____ C:\Users\Kedar\Downloads\27624687_2102715590012536_7168614404339580722_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:13 - 000089430 _____ C:\Users\Kedar\Downloads\27355677_2102715116679250_3638042616317293910_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:12 - 000198508 _____ C:\Users\Kedar\Downloads\27368841_2102715236679238_6745377239398733620_o.jpg.bphvnm
2018-11-02 18:43 - 2018-02-01 13:09 - 000162259 _____ C:\Users\Kedar\Downloads\27500774_2102709056679856_8448390555181795615_o.jpg.bphvnm
2018-11-02 18:43 - 2018-01-25 15:27 - 005752790 _____ C:\Users\Kedar\Downloads\video-1516864749.mp4.bphvnm
2018-11-02 18:43 - 2018-01-11 23:06 - 000073165 _____ C:\Users\Kedar\Downloads\26828263_776665119187425_971119603_o.jpg.bphvnm
2018-11-02 18:43 - 2018-01-11 22:15 - 000025628 _____ C:\Users\Kedar\Downloads\me_uvod_prot.xls.bphvnm
2018-11-02 18:43 - 2018-01-08 21:23 - 000033212 _____ C:\Users\Kedar\Downloads\config.bin.bphvnm
2018-11-02 18:43 - 2018-01-06 18:56 - 011367015 _____ C:\Users\Kedar\Downloads\obchodni_prostory_N1600327.pdf.bphvnm
2018-11-02 18:43 - 2018-01-01 20:06 - 000029939 _____ C:\Users\Kedar\Downloads\26166473_1978069685781096_4809553703653431887_n.jpg.bphvnm
2018-11-02 18:43 - 2017-12-28 19:11 - 000719089 _____ C:\Users\Kedar\Downloads\Zelený vítr LT Heroltice 2017.mp4.bphvnm
2018-11-02 18:43 - 2017-12-27 20:09 - 000003300 _____ C:\Users\Kedar\Downloads\Monument Valley 2 v1.1.14 Patched Apk + Obb [CracksNow].torrent.bphvnm
2018-11-02 18:43 - 2017-12-27 19:15 - 000004441 _____ C:\Users\Kedar\Downloads\TEKKEN v0.5.3 Mod Obb + Apk [CracksNow].torrent.bphvnm
2018-11-02 18:43 - 2017-12-27 15:41 - 000041784 _____ C:\Users\Kedar\Downloads\26166310_319429705223326_2876412653919304905_n.jpg.bphvnm
2018-11-02 18:43 - 2017-12-27 15:41 - 000028150 _____ C:\Users\Kedar\Downloads\26167765_378409652624278_9096269961981980987_n.jpg.bphvnm
2018-11-02 18:43 - 2017-11-28 14:14 - 000000000 ____D C:\Users\Kedar\Documents\Sony
2018-11-02 18:43 - 2017-11-18 14:09 - 000021426 _____ C:\Users\Kedar\Downloads\me_uvod_prot-TISK.xlsx.bphvnm
2018-11-02 18:43 - 2017-11-15 18:59 - 000000000 ___RD C:\Users\Pepa\3D Objects
2018-11-02 18:43 - 2017-11-15 17:45 - 000000000 ___HD C:\Users\Kedar\MicrosoftEdgeBackups
2018-11-02 18:43 - 2017-11-11 17:04 - 020910467 _____ C:\Users\Kedar\Downloads\Alternate_Installer.zip.bphvnm
2018-11-02 18:43 - 2017-11-09 19:12 - 000051778 _____ C:\Users\Kedar\Downloads\22687580_1298563126955504_5775165265676828605_n.png.bphvnm
2018-11-02 18:43 - 2017-10-18 13:03 - 000246464 _____ C:\Users\Kedar\Downloads\22616223_926242900863593_7262608265232515072_n.mp4.bphvnm
2018-11-02 18:43 - 2017-10-15 20:55 - 000270000 _____ C:\Users\Kedar\Downloads\seznam_post_czechpoint.xls.xlsx.bphvnm
2018-11-02 18:43 - 2017-10-15 16:26 - 041027698 _____ C:\Users\Kedar\Downloads\Taneční.zip.bphvnm
2018-11-02 18:43 - 2017-10-01 18:29 - 000000600 _____ C:\Users\Kedar\license.dat.bphvnm
2018-11-02 18:43 - 2017-10-01 14:46 - 000276625 _____ C:\Users\Kedar\Downloads\Lunzo Motýlek.pdf.bphvnm
2018-11-02 18:43 - 2017-09-27 13:39 - 005340915 _____ C:\Users\Kedar\Downloads\AutoClient_v4.9.4.1.zip.bphvnm
2018-11-02 18:43 - 2017-09-24 20:46 - 000000000 ____D C:\Users\Pepa\AppData\Local\Aimersoft
2018-11-02 18:43 - 2017-09-11 16:50 - 000016378 _____ C:\Users\Kedar\Downloads\Syslog.txt.bphvnm
2018-11-02 18:43 - 2017-09-09 16:34 - 000210833 _____ C:\Users\Kedar\Downloads\21369073_1238435299593964_7893812795328850677_o.jpg.bphvnm
2018-11-02 18:43 - 2017-08-27 16:35 - 000132712 _____ C:\Users\Kedar\Downloads\12109259_770680553054721_7895711291110108297_n.jpg.bphvnm
2018-11-02 18:43 - 2017-08-26 20:24 - 000119676 _____ C:\Users\Kedar\Downloads\21106496_1304468906342547_3289697082685985824_n.jpg.bphvnm
2018-11-02 18:43 - 2017-08-25 13:23 - 000056498 _____ C:\Users\Kedar\Downloads\ilu8.jpg.bphvnm
2018-11-02 18:43 - 2017-08-23 17:50 - 000175807 _____ C:\Users\Kedar\Downloads\20814219_1718233521539788_1796180184_n.png.bphvnm
2018-11-02 18:43 - 2017-08-19 15:51 - 000014365 _____ C:\Users\Kedar\Downloads\czech.zip.bphvnm
2018-11-02 18:43 - 2017-08-17 09:41 - 000054812 _____ C:\Users\Kedar\Downloads\podminky.doc.bphvnm
2018-11-02 18:43 - 2017-08-15 17:50 - 000094008 _____ C:\Users\Kedar\Downloads\speedtests-2017-08-15-185046.csv.bphvnm
2018-11-02 18:43 - 2017-08-12 19:29 - 009712228 _____ C:\Users\Kedar\Downloads\Wiggle (Onderkoffer Remix).mp3.bphvnm
2018-11-02 18:43 - 2017-08-06 15:07 - 000406476 _____ C:\Users\Kedar\Downloads\11110499_943927225648771_5391062895098897596_o.jpg.bphvnm
2018-11-02 18:43 - 2017-07-23 09:41 - 000032663 _____ C:\Users\Kedar\Downloads\SK Titulky Kimi no Na wa.zip.bphvnm
2018-11-02 18:43 - 2017-07-20 19:15 - 000051396 _____ C:\Users\Kedar\Downloads\D-Sport Adidas Duramo boty.pdf.bphvnm
2018-11-02 18:43 - 2017-07-19 20:15 - 000202780 _____ C:\Users\Kedar\Downloads\Odjezd+na+letní+tábor.doc.bphvnm
2018-11-02 18:43 - 2017-07-14 14:57 - 001563385 _____ C:\Users\Kedar\Documents\Untitled-2.jpg.bphvnm
2018-11-02 18:43 - 2017-07-14 14:22 - 000006982 _____ C:\Users\Kedar\Downloads\360template.zip.bphvnm
2018-11-02 18:43 - 2017-07-14 14:18 - 007807982 _____ C:\Users\Kedar\Downloads\DSC_0376.JPG.bphvnm
2018-11-02 18:43 - 2017-07-13 09:43 - 000578147 _____ C:\Users\Kedar\Downloads\Alza Pioneer Sluchátka.pdf.bphvnm
2018-11-02 18:43 - 2017-06-29 17:02 - 000259481 _____ C:\Users\Kedar\Downloads\13559028_583892285121286_2362003409030167700_o.png.bphvnm
2018-11-02 18:43 - 2017-06-23 20:37 - 076239596 _____ C:\Users\Kedar\Downloads\Ill Follow You - Shinedown Piano Tutorial (Part 2).mp4.bphvnm
2018-11-02 18:43 - 2017-06-23 20:25 - 058837019 _____ C:\Users\Kedar\Downloads\Ill Follow You - Shinedown Piano Tutorial (Part 1).mp4.bphvnm
2018-11-02 18:43 - 2017-06-23 20:21 - 000075337 _____ C:\Users\Kedar\Downloads\Shinedown - I'll Follow You notes (Piano).pdf.bphvnm
2018-11-02 18:43 - 2017-06-17 17:42 - 000265347 _____ C:\Users\Kedar\Downloads\30446_102_3861.JPG.bphvnm
2018-11-02 18:43 - 2017-06-17 17:35 - 000246871 _____ C:\Users\Kedar\Downloads\30447_102_3862.JPG.bphvnm
2018-11-02 18:43 - 2017-06-17 17:10 - 000287490 _____ C:\Users\Kedar\Downloads\30191_102_3287.JPG.bphvnm
2018-11-02 18:43 - 2017-06-13 20:27 - 000000000 ____D C:\Users\Kedar\Tracing
2018-11-02 18:43 - 2017-06-12 20:30 - 000760620 _____ C:\Users\Kedar\Downloads\xperia.zip.bphvnm
2018-11-02 18:43 - 2017-05-31 13:29 - 000430690 _____ C:\Users\Kedar\Downloads\ČD CARGO Tábor 2017.pdf.bphvnm
2018-11-02 18:43 - 2017-05-23 14:40 - 000615060 _____ C:\Users\Kedar\Downloads\PBE_Client_Shell.zip.bphvnm
2018-11-02 18:43 - 2017-05-10 13:09 - 000000000 ____D C:\Users\Pepa\.thumbnails
2018-11-02 18:43 - 2017-05-10 13:08 - 000000000 ____D C:\Users\Pepa\AppData\Local\gegl-0.2
2018-11-02 18:43 - 2017-05-10 13:08 - 000000000 ____D C:\Users\Pepa\AppData\Local\fontconfig
2018-11-02 18:43 - 2017-05-10 13:08 - 000000000 ____D C:\Users\Pepa\.gimp-2.8
2018-11-02 18:43 - 2017-05-06 20:18 - 000000000 ____D C:\Users\Kedar\Documents\OFX Presets
2018-11-02 18:43 - 2017-04-29 06:23 - 000033064 _____ C:\Users\Kedar\Documents\Whoosh sound effects (from the tutorial).mp3.bphvnm
2018-11-02 18:43 - 2017-04-28 17:00 - 001394879 _____ C:\Users\Kedar\Downloads\Moje Intro.mp4.bphvnm
2018-11-02 18:43 - 2017-04-25 15:11 - 000002257 _____ C:\Users\Kedar\Downloads\detailBill_775390508 (1).csv.bphvnm
2018-11-02 18:43 - 2017-04-25 15:10 - 000003204 _____ C:\Users\Kedar\Downloads\detailBill_775390508.csv.bphvnm
2018-11-02 18:43 - 2017-03-27 16:26 - 000037207 _____ C:\Users\Kedar\Downloads\Holime.cz-17DZ109742.pdf.bphvnm
2018-11-02 18:43 - 2017-03-22 16:39 - 000238499 _____ C:\Users\Kedar\Downloads\ClownfishVoiceChanger-v1.60.ts3_plugin.bphvnm
2018-11-02 18:43 - 2017-03-19 14:54 - 000252988 _____ C:\Users\Kedar\Downloads\warnes.zip.bphvnm
2018-11-02 18:43 - 2017-03-19 14:54 - 000205640 _____ C:\Users\Kedar\Downloads\sportrop.zip.bphvnm
2018-11-02 18:43 - 2017-03-19 14:53 - 000034576 _____ C:\Users\Kedar\Downloads\neon-2-news.zip.bphvnm
2018-11-02 18:43 - 2017-03-19 13:12 - 000112183 _____ C:\Users\Kedar\Downloads\Kedar.jpg.bphvnm
2018-11-02 18:43 - 2017-03-18 20:56 - 000266350 _____ C:\Users\Kedar\Downloads\LolSceneSwitch.v0.2-alpha11.zip.bphvnm
2018-11-02 18:43 - 2017-03-15 17:00 - 001151520 _____ C:\Users\Kedar\Downloads\adlery.zip.bphvnm
2018-11-02 18:43 - 2017-03-14 16:21 - 000000000 ____D C:\Users\Kedar\Documents\Vlastní šablony Office
2018-11-02 18:43 - 2017-03-10 15:40 - 000036668 _____ C:\Users\Kedar\Downloads\20080611-131404-g.jpg.bphvnm
2018-11-02 18:43 - 2017-03-06 19:43 - 000000000 ____D C:\Users\Pepa\AppData\Local\Comms
2018-11-02 18:43 - 2017-03-06 19:29 - 000000000 ____D C:\Users\Pepa\AppData\Local\CEF
2018-11-02 18:43 - 2017-03-06 19:29 - 000000000 ____D C:\Users\Pepa\AppData\Local\Adobe
2018-11-02 18:43 - 2017-03-06 19:25 - 000592262 _____ C:\Users\Kedar\Downloads\K - Profilovka na Windows.jpg.bphvnm
2018-11-02 18:43 - 2017-03-05 18:52 - 000000000 ___RD C:\Users\Kedar\OneDrive
2018-11-02 18:42 - 2018-08-26 15:53 - 000000563 _____ C:\Users\Kedar\Documents\kamil tracker cztorrent.txt.bphvnm
2018-11-02 18:42 - 2018-08-11 19:46 - 001420613 _____ C:\Users\Kedar\Documents\Marlenka.png.bphvnm
2018-11-02 18:42 - 2018-07-08 14:24 - 000000000 ____D C:\Users\Kedar\Documents\iva
2018-11-02 18:42 - 2018-06-16 18:33 - 000000000 ____D C:\Users\Kedar\Documents\Image-Line
2018-11-02 18:42 - 2018-05-30 19:55 - 000003471 _____ C:\Users\Kedar\Documents\Manual Method Activation.txt.bphvnm
2018-11-02 18:42 - 2018-05-25 20:00 - 000311899 _____ C:\Users\Kedar\Documents\Jak 1 uploud změní zobrazení filmu na webu.png.bphvnm
2018-11-02 18:42 - 2018-05-17 18:43 - 000490668 _____ C:\Users\Kedar\Documents\LoL BUY Champion Tier List .png.bphvnm
2018-11-02 18:42 - 2018-05-15 15:42 - 000011292 _____ C:\Users\Kedar\Documents\Kdo přežije Guatemala 3.txt.bphvnm
2018-11-02 18:42 - 2018-05-15 14:48 - 000006421 _____ C:\Users\Kedar\Documents\Kdo Přežije Afrika 2.txt.bphvnm
2018-11-02 18:42 - 2018-05-14 20:37 - 000005135 _____ C:\Users\Kedar\Documents\Kdo přežije Borneo 1.txt.bphvnm
2018-11-02 18:42 - 2018-03-30 11:33 - 2587507155 _____ C:\Users\Kedar\Documents\Kimi no Na wa. - Your Name BDRip 1920x1080 - 1080p x264 Japan 2CH AAC Audio + CZ & SK Subtitles VOSTFR V2 & Skeletorn - Ceske a Slovenske Titulky.mkv.bphvnm
2018-11-02 18:42 - 2018-03-18 17:59 - 002223921 _____ C:\Users\Kedar\Documents\Lineární napěťové zdroje - EA.docx.bphvnm
2018-11-02 18:42 - 2018-02-20 20:01 - 000001304 _____ C:\Users\Kedar\Documents\kpopvideafunny.txt.bphvnm
2018-11-02 18:42 - 2017-05-19 15:59 - 000000000 ____D C:\Users\Kedar\Documents\League of Legends
2018-11-02 18:42 - 2017-05-08 05:43 - 000000000 ____D C:\Users\Kedar\Documents\Moje palety
2018-11-02 18:41 - 2018-10-23 19:36 - 000202218 _____ C:\Users\Kedar\Desktop\mid range NEw cpu.png.bphvnm
2018-11-02 18:41 - 2018-10-23 19:07 - 000000550 _____ C:\Users\Kedar\Desktop\Rodné číslo pepa.txt.bphvnm
2018-11-02 18:41 - 2018-10-20 20:12 - 000000000 ____D C:\Users\Kedar\Documents\D
2018-11-02 18:41 - 2018-10-18 17:35 - 000053358 _____ C:\Users\Kedar\Desktop\windows-10-1366x768-windows-logo-blue-pink-dark-hd-10954.jpg.bphvnm
2018-11-02 18:41 - 2018-10-18 14:30 - 001571755 _____ C:\Users\Kedar\Desktop\mid range CPU mobile 2018.png.bphvnm
2018-11-02 18:41 - 2018-10-11 16:10 - 000773023 _____ C:\Users\Kedar\Desktop\kamil 3-4 fotáky v mobilu jsou hnus.png.bphvnm
2018-11-02 18:41 - 2018-10-11 06:56 - 000108117 _____ C:\Users\Kedar\Desktop\růže.png.bphvnm
2018-11-02 18:41 - 2018-10-07 19:54 - 000295291 _____ C:\Users\Kedar\Desktop\pickem.png.bphvnm
2018-11-02 18:41 - 2018-10-03 20:27 - 000000000 ____D C:\Users\Kedar\Documents\FreeRapid-0.9u4
2018-11-02 18:41 - 2018-09-26 18:56 - 000269342 _____ C:\Users\Kedar\Desktop\mnb.png.bphvnm
2018-11-02 18:41 - 2018-09-25 18:24 - 015254578 _____ C:\Users\Kedar\Desktop\moth lamp memes.png.bphvnm
2018-11-02 18:41 - 2018-09-25 16:37 - 000133118 _____ C:\Users\Kedar\Desktop\pračka.png.bphvnm
2018-11-02 18:41 - 2018-09-23 09:56 - 000000000 ____D C:\Users\Kedar\Documents\AncestorsLegacy
2018-11-02 18:41 - 2018-09-17 19:51 - 000211433 _____ C:\Users\Kedar\Desktop\qasa.png.bphvnm
2018-11-02 18:41 - 2018-09-16 13:03 - 000000581 _____ C:\Users\Kedar\Desktop\kač.txt.bphvnm
2018-11-02 18:41 - 2018-09-16 12:01 - 000921195 _____ C:\Users\Kedar\Desktop\gaben steam infinity war.png.bphvnm
2018-11-02 18:41 - 2018-09-15 18:45 - 000643138 _____ C:\Users\Kedar\Desktop\xs.png.bphvnm
2018-11-02 18:41 - 2018-09-12 19:00 - 000002797 _____ C:\Users\Kedar\Desktop\OMS.txt.bphvnm
2018-11-02 18:41 - 2018-09-12 18:41 - 000001133 _____ C:\Users\Kedar\Desktop\qad.png.bphvnm
2018-11-02 18:41 - 2018-09-11 15:42 - 000461173 _____ C:\Users\Kedar\Desktop\qasw.png.bphvnm
2018-11-02 18:41 - 2018-09-11 15:42 - 000193286 _____ C:\Users\Kedar\Desktop\sdq.png.bphvnm
2018-11-02 18:41 - 2018-09-04 18:04 - 000615256 _____ C:\Users\Kedar\Desktop\vpns.png.bphvnm
2018-11-02 18:41 - 2018-09-04 17:33 - 000782319 _____ C:\Users\Kedar\Desktop\vpn.png.bphvnm
2018-11-02 18:41 - 2018-08-29 08:18 - 001415714 _____ C:\Users\Kedar\Documents\drakememever4.png.bphvnm
2018-11-02 18:41 - 2018-08-26 15:12 - 000000000 ____D C:\Users\Kedar\Documents\Avengers.Infinity.War.2018.CZ.BRRip.XViD.DD2.0-BST
2018-11-02 18:41 - 2018-08-24 22:11 - 000002554 _____ C:\Users\Kedar\Documents\idol.txt.bphvnm
2018-11-02 18:41 - 2018-08-21 14:42 - 000006262 _____ C:\Users\Kedar\Documents\cc_20180821_154228.reg.bphvnm
2018-11-02 18:41 - 2018-08-15 19:35 - 000085794 _____ C:\Users\Kedar\Documents\cc_20180815_203543.reg.bphvnm
2018-11-02 18:41 - 2018-08-15 19:31 - 000492544 _____ C:\Users\Kedar\Documents\cc_20180815_203142.reg.bphvnm
2018-11-02 18:41 - 2018-08-11 20:28 - 000000591 _____ C:\Users\Kedar\Desktop\Lokace Češtiny do Gimpu.txt.bphvnm
2018-11-02 18:41 - 2018-08-11 19:24 - 000085584 _____ C:\Users\Kedar\Desktop\potr.png.bphvnm
2018-11-02 18:41 - 2018-08-11 19:08 - 000017938 _____ C:\Users\Kedar\Desktop\inger.png.bphvnm
2018-11-02 18:41 - 2018-08-11 19:06 - 000010786 _____ C:\Users\Kedar\Desktop\mar.png.bphvnm
2018-11-02 18:41 - 2018-08-07 20:06 - 000001032 _____ C:\Users\Kedar\Desktop\Růže za kolik a kde.txt.bphvnm
2018-11-02 18:41 - 2018-06-29 18:05 - 000007168 _____ C:\Users\Kedar\Documents\hodinky.txt.bphvnm
2018-11-02 18:41 - 2018-06-12 16:21 - 000531098 _____ C:\Users\Kedar\Documents\b+k.png.bphvnm
2018-11-02 18:41 - 2018-05-30 19:49 - 000003048 _____ C:\Users\Kedar\Documents\About program and Failed Activation.txt.bphvnm
2018-11-02 18:41 - 2018-05-20 11:45 - 000000000 ____D C:\Users\Kedar\Documents\BTS Love Yourself 轉 'Tear' 2018 Full Album
2018-11-02 18:41 - 2018-04-27 19:07 - 000001931 _____ C:\Users\Kedar\Documents\Dabing k filmům na internet.txt.bphvnm
2018-11-02 18:41 - 2018-04-19 16:22 - 000102724 _____ C:\Users\Kedar\Documents\Bez názvuq.png.bphvnm
2018-11-02 18:41 - 2018-04-09 15:38 - 000147664 _____ C:\Users\Kedar\Documents\aaq.png.bphvnm
2018-11-02 18:41 - 2018-03-27 19:59 - 000305366 _____ C:\Users\Kedar\Documents\as.jpg.bphvnm
2018-11-02 18:41 - 2018-03-22 18:48 - 000237250 _____ C:\Users\Kedar\Documents\HuaComp.png.bphvnm
2018-11-02 18:41 - 2018-03-22 18:33 - 000005166 _____ C:\Users\Kedar\Documents\horn.png.bphvnm
2018-11-02 18:41 - 2018-03-22 18:30 - 000008687 _____ C:\Users\Kedar\Documents\hhua.png.bphvnm
2018-11-02 18:41 - 2018-02-08 16:53 - 008570332 _____ C:\Users\Kedar\Desktop\Taylor Swift - …Ready For It.mp3.bphvnm
2018-11-02 18:41 - 2018-01-11 23:13 - 000028529 _____ C:\Users\Kedar\Desktop\Protokol.docx.bphvnm
2018-11-02 18:41 - 2018-01-11 23:01 - 000019922 _____ C:\Users\Kedar\Desktop\KURVA UŽ TO DĚLÁM 5 HODIN.xlsx.bphvnm
2018-11-02 18:41 - 2018-01-11 21:20 - 000000000 ____D C:\Users\Kedar\Desktop\prot
2018-11-02 18:41 - 2018-01-09 21:20 - 000812328 _____ C:\Users\Kedar\Desktop\filmy.png.bphvnm
2018-11-02 18:41 - 2018-01-04 18:49 - 000011294 _____ C:\Users\Kedar\Desktop\Stříbrné taneční.xlsx.bphvnm
2018-11-02 18:41 - 2017-12-29 13:23 - 000512813 _____ C:\Users\Kedar\Desktop\fbh.png.bphvnm
2018-11-02 18:41 - 2017-12-25 22:01 - 000557901 _____ C:\Users\Kedar\Documents\26056448_1855721791124293_1187060156_n.png.bphvnm
2018-11-02 18:41 - 2017-12-25 22:00 - 001040132 _____ C:\Users\Kedar\Documents\26062698_1855725591123913_325219153_o.png.bphvnm
2018-11-02 18:41 - 2017-12-16 15:34 - 010363700 _____ C:\Users\Kedar\Desktop\Logic ft. Alessia Cara, Khalid - 1-800-273-8255.mp3.bphvnm
2018-11-02 18:41 - 2017-12-06 11:31 - 000008544 _____ C:\Users\Kedar\Desktop\Jídla.xlsx.bphvnm
2018-11-02 18:41 - 2017-11-23 20:40 - 000001127 _____ C:\Users\Kedar\Desktop\Plán B..txt.bphvnm
2018-11-02 18:41 - 2017-11-12 20:28 - 001491189 _____ C:\Users\Kedar\Desktop\thresh.png.bphvnm
2018-11-02 18:41 - 2017-10-26 17:42 - 106060669 _____ C:\Users\Kedar\Desktop\Tance Flodur 2017.rar.bphvnm
2018-11-02 18:41 - 2017-10-18 17:26 - 000000000 ____D C:\Users\Kedar\Desktop\Tance Flodur 2017
2018-11-02 18:41 - 2017-09-27 14:55 - 008717410 _____ C:\Users\Kedar\Desktop\Martin Garrix & Matisse & Sadko - Forever.mp3.bphvnm
2018-11-02 18:41 - 2017-09-24 14:10 - 000347065 _____ C:\Users\Kedar\Desktop\sdsaddsa.png.bphvnm
2018-11-02 18:41 - 2017-09-21 15:49 - 000000000 ____D C:\Users\Kedar\Desktop\Videa upl
2018-11-02 18:41 - 2017-09-03 20:27 - 000000000 ____D C:\Users\Kedar\Desktop\Fav
2018-11-02 18:41 - 2017-08-27 16:34 - 000508597 _____ C:\Users\Kedar\Desktop\sadsadsda.png.bphvnm
2018-11-02 18:41 - 2017-08-18 18:15 - 000014461 _____ C:\Users\Kedar\Desktop\Taneční.xlsx.bphvnm
2018-11-02 18:41 - 2017-08-15 18:18 - 000022554 _____ C:\Users\Kedar\Desktop\Měření internetu.xlsx.bphvnm
2018-11-02 18:41 - 2017-08-06 19:34 - 000000000 ____D C:\Users\Kedar\Desktop\ssds
2018-11-02 18:41 - 2017-06-03 18:10 - 000000600 _____ C:\Users\Kedar\Desktop\LQL.txt.bphvnm
2018-11-02 18:41 - 2017-05-31 21:12 - 000014110 _____ C:\Users\Kedar\Desktop\Pravda okolo K.docx.bphvnm
2018-11-02 18:41 - 2017-05-31 17:21 - 000003849 _____ C:\Users\Kedar\Desktop\K-pop.txt.bphvnm
2018-11-02 18:41 - 2017-05-26 21:34 - 000000000 ____D C:\Users\Kedar\Documents\Any Video Converter Ultimate
2018-11-02 18:41 - 2017-05-12 17:17 - 000001054 _____ C:\Users\Kedar\Desktop\WiFi Problém.txt.bphvnm
2018-11-02 18:41 - 2017-05-08 12:08 - 000000000 ____D C:\Users\Kedar\Documents\Adobe
2018-11-02 18:41 - 2017-05-08 06:13 - 000946890 _____ C:\Users\Kedar\Documents\cc_20170508_071336.reg.bphvnm
2018-11-02 18:41 - 2017-05-04 14:20 - 000075575 _____ C:\Users\Kedar\Desktop\project_zed_by_wacalac-d9kvjxb.jpg.bphvnm
2018-11-02 18:41 - 2017-04-26 15:00 - 000000979 _____ C:\Users\Kedar\Desktop\Líbaní.txt.bphvnm
2018-11-02 18:41 - 2017-04-18 21:04 - 000018077 _____ C:\Users\Kedar\Desktop\Obnovitelné zdroje energie.docx.bphvnm
2018-11-02 18:41 - 2017-04-09 15:30 - 000456628 _____ C:\Users\Kedar\Documents\....png.bphvnm
2018-11-02 18:41 - 2017-03-19 19:39 - 000022532 _____ C:\Users\Kedar\Desktop\YT.png.bphvnm
2018-11-02 18:41 - 2017-03-19 18:12 - 000020925 _____ C:\Users\Kedar\Desktop\playstvs.png.bphvnm
2018-11-02 18:41 - 2017-03-19 17:10 - 000514518 _____ C:\Users\Kedar\Desktop\hex_grid_red_by_metatality-d62eja1 (1).xcf.bphvnm
2018-11-02 18:41 - 2017-03-19 17:10 - 000021256 _____ C:\Users\Kedar\Desktop\op.gg.png.bphvnm
2018-11-02 18:41 - 2017-03-19 15:17 - 000873462 _____ C:\Users\Kedar\Documents\complete3.png.bphvnm
2018-11-02 18:41 - 2017-03-19 15:04 - 000851969 _____ C:\Users\Kedar\Documents\complete2.png.bphvnm
2018-11-02 18:41 - 2017-03-19 14:36 - 000838241 _____ C:\Users\Kedar\Documents\complete.png.bphvnm
2018-11-02 18:41 - 2017-03-17 10:00 - 000000705 ____H C:\Users\Kedar\Desktop\~$Vesnice Barbarů.xlsx.bphvnm
2018-11-02 18:41 - 2017-03-16 20:46 - 000001151 _____ C:\Users\Kedar\Desktop\Romantické drama - filmy převážně se špatným koncem.txt.bphvnm
2018-11-02 18:40 - 2018-10-10 19:37 - 000002225 _____ C:\Users\Kedar\Desktop\download Item to win.txt.bphvnm
2018-11-02 18:40 - 2018-10-02 16:14 - 000001321 _____ C:\Users\Kedar\Desktop\Babička Telefon 2018.txt.bphvnm
2018-11-02 18:40 - 2018-09-30 15:08 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\NetLibCache
2018-11-02 18:40 - 2018-09-28 17:26 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\[Worker]
2018-11-02 18:40 - 2018-09-26 19:35 - 000190445 _____ C:\Users\Kedar\Desktop\bba.png.bphvnm
2018-11-02 18:40 - 2018-09-22 13:42 - 000728041 _____ C:\Users\Kedar\Desktop\barč.png.bphvnm
2018-11-02 18:40 - 2018-09-21 18:10 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Toadman Interactive
2018-11-02 18:40 - 2018-09-10 15:57 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\uplay
2018-11-02 18:40 - 2018-09-09 13:56 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Unity
2018-11-02 18:40 - 2018-09-07 20:09 - 000009625 _____ C:\Users\Kedar\Desktop\dodělat.txt.bphvnm
2018-11-02 18:40 - 2018-09-05 17:28 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Steam
2018-11-02 18:40 - 2018-09-04 17:54 - 000904369 _____ C:\Users\Kedar\Desktop\ads.png.bphvnm
2018-11-02 18:40 - 2018-09-03 12:02 - 000506295 _____ C:\Users\Kedar\Desktop\bar.png.bphvnm
2018-11-02 18:40 - 2018-09-02 13:26 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Publish Providers
2018-11-02 18:40 - 2018-08-15 20:23 - 000000000 ____D C:\Users\Kedar\Creative Cloud Files
2018-11-02 18:40 - 2018-08-15 12:21 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\vlc
2018-11-02 18:40 - 2018-08-06 20:46 - 000085719 _____ C:\Users\Kedar\Desktop\38725281_244667472832774_3146539937797505024_n.jpg.bphvnm
2018-11-02 18:40 - 2018-01-06 13:38 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\VitySoft
2018-11-02 18:40 - 2017-12-30 21:32 - 000327818 _____ C:\Users\Kedar\Desktop\asdsd.png.bphvnm
2018-11-02 18:40 - 2017-12-03 19:32 - 000000000 ____D C:\Users\Kedar\Desktop\asq
2018-11-02 18:40 - 2017-11-23 18:33 - 000117686 _____ C:\Users\Kedar\Desktop\asd.png.bphvnm
2018-11-02 18:40 - 2017-09-25 15:52 - 000525581 _____ C:\Users\Kedar\Desktop\22016227_429124204151466_2008557443_n.png.bphvnm
2018-11-02 18:40 - 2017-09-11 12:48 - 000053205 _____ C:\Users\Kedar\Desktop\21586225_423887904675096_1560422470_n.jpg.bphvnm
2018-11-02 18:40 - 2017-09-07 16:21 - 000014444 _____ C:\Users\Kedar\Desktop\Aktualizace Xperia XZ.xlsx.bphvnm
2018-11-02 18:40 - 2017-09-05 18:56 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\XperiFirm
2018-11-02 18:40 - 2017-09-01 21:10 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Sun
2018-11-02 18:40 - 2017-08-19 15:09 - 000014402 _____ C:\Users\Kedar\Desktop\75 nejlepší horrory.docx.bphvnm
2018-11-02 18:40 - 2017-08-11 16:35 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Two Pilots
2018-11-02 18:40 - 2017-08-05 21:51 - 000003464 _____ C:\Users\Kedar\Desktop\dopis.txt.bphvnm
2018-11-02 18:40 - 2017-08-05 21:24 - 005834188 _____ C:\Users\Kedar\Desktop\DSC_0651.JPG.bphvnm
2018-11-02 18:40 - 2017-08-05 21:24 - 005789530 _____ C:\Users\Kedar\Desktop\DSC_0653.JPG.bphvnm
2018-11-02 18:40 - 2017-08-05 21:24 - 005722697 _____ C:\Users\Kedar\Desktop\DSC_0652.JPG.bphvnm
2018-11-02 18:40 - 2017-06-13 20:27 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Skype
2018-11-02 18:40 - 2017-05-14 12:24 - 004238278 _____ C:\Users\Kedar\Desktop\DSC_0285+.jpg.bphvnm
2018-11-02 18:40 - 2017-04-28 17:07 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\NVIDIA
2018-11-02 18:40 - 2017-04-24 16:55 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Sony
2018-11-02 18:40 - 2017-04-09 12:20 - 000013838 _____ C:\Users\Kedar\Desktop\Co koupit na kterou linku.xlsx.bphvnm
2018-11-02 18:40 - 2017-03-20 20:15 - 000000548 _____ C:\Users\Kedar\Desktop\Chren.txt.bphvnm
2018-11-02 18:40 - 2017-03-18 22:44 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\TS3Client
2018-11-02 18:40 - 2017-03-18 21:22 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\OBS
2018-11-02 18:40 - 2017-03-17 17:29 - 000261211 _____ C:\Users\Kedar\Desktop\Bez názvu.png.bphvnm
2018-11-02 18:40 - 2017-03-14 15:59 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\obs-studio
2018-11-02 18:39 - 2018-10-06 13:38 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\ESET
2018-11-02 18:39 - 2018-06-25 12:39 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Gpower2
2018-11-02 18:39 - 2018-04-12 17:17 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Grammarly
2018-11-02 18:39 - 2018-02-18 15:18 - 000000573 _____ C:\Users\Kedar\AppData\Roaming\AdobeWLCMCache.dat.bphvnm
2018-11-02 18:39 - 2018-01-30 13:37 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\HP_Easy_Start
2018-11-02 18:39 - 2017-03-17 14:19 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Google
2018-11-02 18:39 - 2017-03-06 18:29 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Dazzleware
2018-11-02 18:39 - 2017-03-06 18:19 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Macromedia
2018-11-02 18:39 - 2017-03-06 18:18 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\LolClient
2018-11-02 18:39 - 2017-03-05 20:43 - 000000000 ____D C:\Users\Kedar\AppData\Roaming\Intel
2018-11-02 18:38 - 2018-01-29 16:09 - 000000000 ____D C:\Users\Kedar\ansel
2018-11-02 18:38 - 2018-01-14 13:44 - 000000000 ____D C:\Users\Kedar\.Origin
2018-11-02 18:38 - 2018-01-06 13:38 - 000000000 ____D C:\Users\Kedar\.objectdb
2018-11-02 18:38 - 2017-11-15 17:44 - 000000000 ___RD C:\Users\Kedar\3D Objects
2018-11-02 18:38 - 2017-09-24 19:25 - 000000000 ____D C:\Users\Kedar\.cache
2018-11-02 18:38 - 2017-09-05 18:55 - 000000000 ____D C:\Users\Kedar\.swt
2018-11-02 18:38 - 2017-09-05 18:55 - 000000000 ____D C:\Users\Kedar\.flashTool
2018-11-02 18:38 - 2017-03-20 16:03 - 000000573 _____ C:\Users\Kedar\.gtk-bookmarks.bphvnm
2018-11-02 18:38 - 2017-03-18 22:44 - 000000000 ____D C:\Users\Kedar\.TeamSpeak 3
2018-11-02 18:38 - 2017-03-18 22:44 - 000000000 ____D C:\Users\Kedar\.QtWebEngineProcess
2018-11-02 18:38 - 2017-03-10 16:07 - 000000000 ____D C:\Users\Kedar\.thumbnails
2018-11-02 18:38 - 2017-03-10 16:06 - 000000000 ____D C:\Users\Kedar\.gimp-2.8
2018-11-02 18:38 - 2017-03-05 19:09 - 000000000 ____D C:\Intel
2018-10-30 19:08 - 2017-03-05 20:43 - 000000000 ____D C:\ProgramData\Intel
2018-10-30 19:07 - 2017-03-05 19:09 - 000000000 ____D C:\Program Files (x86)\Intel
2018-10-30 19:03 - 2017-03-05 20:42 - 000000000 ____D C:\Program Files\Intel
2018-10-28 18:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-26 17:49 - 2018-10-04 20:53 - 000004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7704D453-194A-4966-9333-1978238B2BD0}
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:09

==================== Files in the root of some directories =======

2018-08-08 15:12 - 2018-08-08 15:12 - 000000604 ____H () C:\Program Files (x86)\Br1S
2018-02-18 15:18 - 2018-11-02 18:39 - 000000573 _____ () C:\Users\Kedar\AppData\Roaming\AdobeWLCMCache.dat.bphvnm
2018-11-02 18:39 - 2018-11-02 18:39 - 000008802 _____ () C:\Users\Kedar\AppData\Roaming\Microsoft\BPHVNM-DECRYPT.txt
2017-07-14 14:57 - 2017-07-14 15:02 - 000001456 _____ () C:\Users\Kedar\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-11-01 18:54 - 2018-11-01 18:54 - 000005597 _____ () C:\Users\Kedar\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:37

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by Kedar (24-11-2018 09:33:06)
Running from C:\Users\Kedar\Desktop
Windows 10 Home Version 1809 17763.134 (X64) (2018-10-04 19:53:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1248986085-3350451917-519491516-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1248986085-3350451917-519491516-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1248986085-3350451917-519491516-1000 - Limited - Disabled)
Guest (S-1-5-21-1248986085-3350451917-519491516-501 - Limited - Disabled)
Kedar (S-1-5-21-1248986085-3350451917-519491516-1001 - Administrator - Enabled) => C:\Users\Kedar
Pepa (S-1-5-21-1248986085-3350451917-519491516-1002 - Limited - Enabled) => C:\Users\Pepa
WDAGUtilityAccount (S-1-5-21-1248986085-3350451917-519491516-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe (HKLM\...\{54F523F5-5C09-46C5-A256-3EFAB3FF804B}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
adobe (HKLM\...\{94ED5A92-8B93-48A2-BEA6-8FB4C2EAF08F}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
adobe (HKLM\...\{C292D9FF-FE73-4A50-8FEB-3BE480A6DB27}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
adobe (HKLM\...\{ECA002A5-48AB-4B43-86FC-8E9AA65C7077}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Aktualizace NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{bb524cb9-b65f-4f06-97f4-48c851e87a57}) (Version: 20.80.0 - Intel Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Balíček ovladače systému Windows - SIGMA Elektro GmbH (usbser) Ports (02/20/2017 1.7.0000.0000) (HKLM\...\F11095F081576CA0F709F279E5FC84AC50628B78) (Version: 02/20/2017 1.7.0000.0000 - SIGMA Elektro GmbH)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CorelDRAW Graphics Suite 2017 (HKLM\...\{03E21392-CE4A-4FC6-B593-370E7A7E345A}) (Version: 19.0 - Corel Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
ELAN Touchpad 11.5.22.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.22.2 - ELAN Microelectronic Corp.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{30AAEA0C-2993-4ED6-8ABC-48499DA53D87}) (Version: 12.0.27.0 - ESET, spol. s r.o.)
Exif Pilot 5.1 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.1 - Two Pilots)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.24.4 - Androxyde)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{C42F31A9-9B72-4F6A-A28D-82F8BDE5FF3E}) (Version: 6.7.139 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1248986085-3350451917-519491516-1001\...\{bb18e955-50c6-42a1-9219-168db073252a}) (Version: 6.7.139 - Grammarly)
HP DeskJet 4530 series Nápověda (HKLM-x32\...\{6533E793-4E8D-4C7C-B287-4115DA1F40E3}) (Version: 36.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{0078F518-B5B5-4857-8939-199E752A4190}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{F260117F-45E4-483E-B10F-C80224558C4D}) (Version: 36.0.41.58587 - HP)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000070-0200-1029-84C8-B8D95FA3C8C3}) (Version: 20.70.0 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
K-Lite Mega Codec Pack 14.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.6 - KLCP)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Microsoft Office 2013 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 15.0.5075.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d3ea57b6-46d6-4824-a20f-6b8213001903}) (Version: 14.10.25017.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{e89464af-e7f0-4ed3-bf43-f1a5986113db}) (Version: 14.10.25017.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
MKVToolNix 27.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 27.0.0 - Moritz Bunkus)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.90a (HKLM-x32\...\Mp3tag) (Version: 2.90a - Florian Heidenreich)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0405-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{36C264F3-0458-42D9-A091-807B5CEB0FA8}) (Version: 4.1.1 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8447 - Realtek Semiconductor Corp.)
Resource Hacker Version 4.3.20 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Sigma Data Center 5.5 (HKLM-x32\...\Sigma Data Center5.5) (Version: 5.5 - Sigma Elektro GmbH)
Služba Xperia Companion (HKLM\...\{826B080E-3B85-448D-99C3-D843D54ED116}) (Version: 1.9.2.0 - Sony) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie vylepšování produktu HP DeskJet 4530 series (HKLM\...\{93AB5884-7DE1-4F7E-881D-0AA548DD32E5}) (Version: 40.11.1122.1796 - HP Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Ulož.to FileManager verze 2.45 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.45 - Uloz.to cloud a.s.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 45.0 - Ubisoft)
USB2.0 UVC VGA WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Realtek Semiconductor Corp.)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{74C27C4F-BCDF-4D88-8B04-E5C7609AB1EB}) (Version: 1.9.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{b677a3f8-01ab-49df-92a8-d039691c0e2d}) (Version: 1.9.2.0 - Sony)
Základní software zařízení HP DeskJet 4530 series (HKLM\...\{BC36C273-E8B5-4673-826C-13D8CA9458F6}) (Version: 40.11.1122.1796 - HP Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1248986085-3350451917-519491516-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Kedar\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.139\52F3D36D4B\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-1248986085-3350451917-519491516-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1248986085-3350451917-519491516-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-11-20] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-13] ()
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-12] (ESET)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-12] (ESET)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-11-20] ()
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-10-12] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B164D14-0A32-42CF-8AC5-B5472B2E05C1} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1248986085-3350451917-519491516-1002 => C:\Users\Kedar\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {2282F823-BCFD-4355-BC4F-1BB47E08EE2B} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {30088FFB-DC6C-48FD-8CD3-25F61BAA5236} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {39DAC629-0D48-4DFA-B9DB-DBAECCB084AD} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {3E1E84DA-D420-4820-9DEC-CC4B481477EA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {565BA0B8-572A-4D1C-ABA2-874950707A54} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {6B5A2A1B-699C-41EE-8357-CA9B57EB8129} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {88896677-1DC2-4652-BE34-E2268C1D6D57} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {89096622-C49C-48D0-B41D-D8D6BD136831} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-11-03] (Realtek Semiconductor)
Task: {8CF36692-E445-48F5-B0F2-5D595EE74BA2} - System32\Tasks\AdobeGCInvoker-1.0-KEDAR-PC-Kedar => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {900281A7-E8CE-4AE7-A5EF-07013BBF628D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {ABE4A9B6-4B73-4D0B-A6D3-49593FF6CF15} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {B79DF4D7-4457-4904-84F2-AC256B5B9D45} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {B8815E42-796A-48FF-9760-40C544E14F22} - System32\Tasks\S-1-5-21-1248986085-3350451917-519491516-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-09-15] (Microsoft Corporation)
Task: {BBD97896-E3C3-4EEC-A49B-3E0B3F9A56E5} - System32\Tasks\AdobeAAMUpdater-1.0-KEDAR-PC-Kedar => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {BC49F6B2-F368-416B-B88F-30706ED24162} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {CE47CB14-96E8-4F2D-8B06-FEDF96BD6CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {D192B5DF-1994-4D6A-BC8A-FB566333D2E8} - System32\Tasks\HPCustParticipation HP DeskJet 4530 series => C:\Program Files\HP\HP DeskJet 4530 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {D46A41E2-1ACE-40B8-9BB8-6195688A3CC5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-19] (NVIDIA Corporation)
Task: {DAC22C32-CEAF-4EBD-B100-C647180260AD} - System32\Tasks\AdobeGCInvoker-1.0-KEDAR-PC-Pepa => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] ()
Task: {E8405A4C-9E6B-4BA0-BEBE-3CB08CA2F3F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {EBED0435-7FEB-4564-A0FA-C2879ACC3718} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-19] (NVIDIA Corporation)
Task: {F53AEBA8-531D-46B8-956C-81C9BFD426A9} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-11-03] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-26 18:05 - 2018-03-24 02:19 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-03-05 20:47 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-07-12 07:02 - 2018-07-19 21:20 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-08-21 11:14 - 2018-08-21 11:14 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-14 14:02 - 2018-11-14 14:03 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-04 13:02 - 2018-10-04 13:03 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-14 14:02 - 2018-11-14 14:02 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-11-06 16:07 - 2018-11-06 16:07 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 16:07 - 2018-11-06 16:07 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 16:07 - 2018-11-06 16:07 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-16 07:40 - 2018-10-16 07:40 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-26 06:12 - 2018-09-26 06:12 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-12 07:02 - 2018-07-19 21:19 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2018-11-21 22:12 - 000000813 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1248986085-3350451917-519491516-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kedar\AppData\Local\Temp\\pidor.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: 360DocProtect => 2
MSCONFIG\Services: EsgShKernel => 2
MSCONFIG\Services: ShMonitor => 2
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [{ED815389-A5C4-4AFE-AF8B-17AB0AE981F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62DDAA46-368C-4203-B56C-DC5F11AE4123}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10D2BD79-F794-4E71-935F-D08ED93BFE1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{91BC5C07-BD29-4B97-9F6B-5E3A637F2509}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{83F86B98-3353-4A36-AF39-76ACD4455247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{76C269AE-D808-44CB-8ABA-F34EB253DA61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{E3412F07-E0E0-41DE-9E6C-A4B596CD19A4}C:\program files\hp\hp deskjet 4530 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 4530 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{337039E5-D8A7-425F-B42E-98BBC136FB6D}C:\program files\hp\hp deskjet 4530 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 4530 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{21F445A0-D506-4CD9-A1F2-85A309EE4528}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C172DB40-A9E4-4745-93FC-353C8430BE28}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{91B89B7F-D732-4EE8-B6B2-BB5F05649BED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{080EC946-58AF-4D65-BF4A-6EDEC745DACF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{18A3840A-4ED1-4EA6-B172-87A787A884BD}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{86CF7E93-655E-469C-A52F-6D96657D2E38}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{51AE520F-D74B-42F8-BF56-C21C44482A87}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7A48FCD2-D73D-4F3C-82BF-B7C9AB5FDA57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-11-2018 11:30:56 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2018 09:17:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/23/2018 09:16:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b3448002-c722-4a2e-a2a6-03844c19f142}

Error: (11/23/2018 05:24:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: AbLauncher.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ComponentModel.Win32Exception
na System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
na System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo)
na AbLauncher.Program.Main(System.String[])

Error: (11/23/2018 04:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AUDIODG.EXE, verze: 10.0.17763.134, časové razítko: 0x1cb1ad5b
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x928
Čas spuštění chybující aplikace: 0x01d4833e67702504
Cesta k chybující aplikaci: C:\WINDOWS\system32\AUDIODG.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: e00ba105-11ba-4139-8366-053c1a7ab20e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/23/2018 04:03:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/22/2018 10:40:41 AM) (Source: Wlclntfy) (EventID: 4005) (User: )
Description: Proces přihlášení do systému Windows byl neočekávaně ukončen.

Error: (11/20/2018 07:15:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MicrosoftEdgeCP.exe, verze: 11.0.17763.1, časové razítko: 0x90f701bc
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000000203
ID chybujícího procesu: 0x28e4
Čas spuštění chybující aplikace: 0x01d480fcf9bf43b2
Cesta k chybující aplikaci: C:\Windows\System32\MicrosoftEdgeCP.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 71e2894a-113b-4144-8aad-85f0ca4bd7b7
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge


System errors:
=============
Error: (11/24/2018 09:10:26 AM) (Source: DCOM) (EventID: 10016) (User: KEDAR-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli KEDAR-PC\Kedar (SID: S-1-5-21-1248986085-3350451917-519491516-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 09:08:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 09:08:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 09:06:25 PM) (Source: DCOM) (EventID: 10016) (User: KEDAR-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli KEDAR-PC\Kedar (SID: S-1-5-21-1248986085-3350451917-519491516-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 04:10:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 04:10:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 04:09:44 PM) (Source: DCOM) (EventID: 10016) (User: KEDAR-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli KEDAR-PC\Kedar (SID: S-1-5-21-1248986085-3350451917-519491516-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/23/2018 04:08:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\System32\IWMSSvc.dll


Windows Defender:
===================================
Date: 2018-11-02 19:13:23.711
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {CFA90C90-D94E-43D5-97E2-68B2B4B9541F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: KEDAR-PC\Kedar

Date: 2018-11-02 19:06:36.934
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.A!cl
ID: 2147723652
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: KEDAR-PC\Kedar
Název procesu: C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Verze podpisu: AV: 1.279.1017.0, AS: 1.279.1017.0, NIS: 1.279.1017.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-02 19:06:36.068
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.A!cl
ID: 2147723652
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe; process:_pid:5624,ProcessStart:131856555262438668
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Verze podpisu: AV: 1.279.1017.0, AS: 1.279.1017.0, NIS: 1.279.1017.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-02 19:05:42.603
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.A!cl
ID: 2147723652
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: KEDAR-PC\Kedar
Název procesu: C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Verze podpisu: AV: 1.279.1017.0, AS: 1.279.1017.0, NIS: 1.279.1017.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-02 19:05:28.654
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.A!cl
ID: 2147723652
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe
Verze podpisu: AV: 1.279.1017.0, AS: 1.279.1017.0, NIS: 1.279.1017.0
Verze modulu: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-10-21 17:56:56.008
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o obnovení položky z karantény.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Závažnost: Vážné
Kategorie: Trojský kůň
Uživatel: KEDAR-PC\Kedar
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze podpisu: AV: 1.279.216.0, AS: 1.279.216.0
Verze modulu: 1.1.15400.4

Date: 2018-10-21 17:56:48.569
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o obnovení položky z karantény.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Uživatel: KEDAR-PC\Kedar
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze podpisu: AV: 1.279.216.0, AS: 1.279.216.0
Verze modulu: 1.1.15400.4

Date: 2018-10-20 11:41:41.635
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.279.99.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15400.4
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-10-06 14:32:48.525
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-10-06 13:42:36.859
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-11-17 22:56:50.238
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:56:50.228
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:56:50.205
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:56:50.194
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:45:51.215
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:45:51.179
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:45:51.113
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-17 22:45:51.099
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 8102.69 MB
Available physical RAM: 5965.96 MB
Total Virtual: 13990.69 MB
Available Virtual: 11879.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.6 GB) (Free:21.98 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:125 GB) (Free:20.41 GB) NTFS

\\?\Volume{0c14ca08-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{0c14ca08-0000-0000-0000-c08518000000}\ () (Fixed) (Total:0.47 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 0C14CA08)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=486 MB) - (Type=27)
Partition 4: (Not Active) - (Size=125 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 24 lis 2018 11:40

Jo ještě jsem si vzpomněl dá se udělat něco jako vymazání celé Windows Defender karantény ? Vím že mi tam zůstali nějaké soubory se kterými nešlo nic udělat. Když jsem klikl na tlačítko obnovit nic se nestalo, když jsem klikl na odstranit taky se nic nestalo.
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod jaro3 » 25 lis 2018 20:27

no asi není wd aktivní , protože máš eset , nevím wd nemám..

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
CHR NewTab: Default -> Not-active:"chrome-extension://dljbcjbfojhlfhgenhepllagfecdpchb/startpage/startpage.html"
HKLM\SYSTEM\CurrentControlSet\Services\FileAbap <==== ATTENTION (Rootkit!)
C:\WINDOWS\system32\Drivers\etc\hosts_bkup
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\LocalLow\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\Local\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Kedar\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:41 - 2018-11-02 18:41 - 000008802 _____ C:\Users\Kedar\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:40 - 2018-11-02 18:40 - 000008802 _____ C:\Users\Kedar\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:41 - 000187934 _____ C:\Users\Kedar\Documents\cc_20181102_183853.reg.bphvnm
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
C:\Users\Kedar\AppData\Roaming\Microsoft\BPHVNM-DECRYPT.txt
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

nechal jsem tam jen 2 textové:
C:\Users\Public\Downloads\BPHVNM-DECRYPT.txt
C:\Users\Public\Documents\BPHVNM-DECRYPT.txt


C:\Users\Pepa\Downloads
C:\Users\Kedar\Downloads
měl bys tam nechat jen to , co je bezpečné , může tam být nákaza.

C:\Program Files (x86)\Br1S --- co je to za program?

No právě že mám Win 10 a tam mám jen svůj Administrátorský účet a v Rodině Pepa účet. Další nejsou zobrazeny.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
pak ho vidíš?



S4 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-11-02] (EnigmaSoft Limited)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 25 lis 2018 21:15

No předtím než jsem nainstaloval Eset tak jsem používal jen WD a když jsem ho měl tak asi 2-3 soubory se přesunuli do karantény (už nevím s čím to bylo spojené) a když jsem chtěl soubory obnovit z karantény tak se nic nestalo. A když jsem je chtěl definitivně odstranit tak taky nic. Nějaký bug asi ve WD. Škoda že se nedá nějak reinstalovat.

Obrázek

C:\Program Files (x86)\Br1S nemám zdání co to je. Soubor byl vytvořen 08.08.2018 .
A poslední nainstalovaný program byl ovladač pro GPU 07.08.2018 . Ale vypadá to čistě.
https://www.virustotal.com/#/file/b78d4f8c76b6b86ad0ad158f06dc2b2f1219f330d4230babf83a64770d4d0adf/detection
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S

Uživatelský avatar
KedarCZE
Level 3
Level 3
Příspěvky: 411
Registrován: říjen 14
Bydliště: Severní Morava
Pohlaví: Muž
Stav:
Offline

Re: Ransomware GandCrab v5.0.4

Příspěvekod KedarCZE » 25 lis 2018 21:32

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by Kedar (25-11-2018 21:26:34) Run:2
Running from C:\Users\Kedar\Desktop
Loaded Profiles: Kedar (Available Profiles: Kedar & Pepa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR NewTab: Default -> Not-active:"chrome-extension://dljbcjbfojhlfhgenhepllagfecdpchb/startpage/startpage.html"
HKLM\SYSTEM\CurrentControlSet\Services\FileAbap <==== ATTENTION (Rootkit!)
C:\WINDOWS\system32\Drivers\etc\hosts_bkup
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:49 - 2018-11-02 18:49 - 000008802 _____ C:\Users\Pepa\AppData\LocalLow\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\Local\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Pepa\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:43 - 2018-11-02 18:43 - 000008802 _____ C:\Users\Kedar\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:41 - 2018-11-02 18:41 - 000008802 _____ C:\Users\Kedar\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:40 - 2018-11-02 18:40 - 000008802 _____ C:\Users\Kedar\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:41 - 000187934 _____ C:\Users\Kedar\Documents\cc_20181102_183853.reg.bphvnm
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Kedar\AppData\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Downloads\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Documents\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\Desktop\BPHVNM-DECRYPT.txt
2018-11-02 18:38 - 2018-11-02 18:38 - 000008802 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt
C:\Users\Kedar\AppData\Roaming\Microsoft\BPHVNM-DECRYPT.txt
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome NewTab" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\FileAbap <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\Drivers\etc\hosts_bkup => moved successfully
C:\Users\Pepa\Downloads\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\Documents\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\Desktop\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\AppData\LocalLow\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\AppData\Local\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Pepa\AppData\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Kedar\Downloads\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Kedar\Documents\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Kedar\Desktop\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Kedar\Documents\cc_20181102_183853.reg.bphvnm => moved successfully
C:\Users\Kedar\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Kedar\AppData\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Default\Downloads\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Default\Documents\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Default\Desktop\BPHVNM-DECRYPT.txt => moved successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt => moved successfully
"C:\Users\Default User\Downloads\BPHVNM-DECRYPT.txt" => not found
"C:\Users\Default User\Documents\BPHVNM-DECRYPT.txt" => not found
"C:\Users\Default User\Desktop\BPHVNM-DECRYPT.txt" => not found
"C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\BPHVNM-DECRYPT.txt" => not found
C:\Users\Kedar\AppData\Roaming\Microsoft\BPHVNM-DECRYPT.txt => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1 => not found
HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2 => not found
HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3 => not found
HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
"C:\Users\Kedar\AppData\Local\Temp\601F.tmp.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11724447 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1013704 B
Edge => 7680 B
Chrome => 220041814 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1806 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Kedar => 22172835 B
Pepa => 48209 B

RecycleBin => 0 B
EmptyTemp: => 250.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:28:07 ====
OS: Windows 10 64 bit
MB: ASUS PRIME X570-P
Procesor: AMD Ryzen 7 3700X
Grafika: MSI GeForce RTX 3060 Ti Gaming Z TRIO
RAM: Kingston HyperX Fury 16 GB (2 x 8 GB) DDR4-3200 CL16
Zdroj: MSI MPG A750GF
SSD: Kingston SSD A2000 500 GB
HDD: Seagate IronWolf 4 TB
Monitor: Dell S2721D
Case: Fractal Design Define S


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů