VIRY.CZ

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2305.16087.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2342.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21632.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21632.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2309.6.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype Software Sarl -> MsixBackgroundTasksExecutor) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\MsixBackgroundTasksExecutor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [193984 2023-09-25] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [581120 2023-10-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [Spotify] => C:\Users\o\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-21] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [581120 2023-10-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 5820 series): C:\WINDOWS\system32\HPDiscoPMEE11.dll [807056 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP EE11 Status Monitor: C:\WINDOWS\system32\hpinkstsEE11LM.dll [383496 2015-09-01] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\118.0.5993.118\Installer\chrmstp.exe [2023-10-27] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2018-08-06]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D144EF7-8D9A-477E-8731-AD3E73B8F885} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {BDBC497A-3C07-4680-9C41-8F887589EDE4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {BBBEAD30-8060-4FE5-A063-49FCA1396CDE} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "e2cd71d7-1b0f-431f-9e15-b7e0ab2840d3" --version "6.17.10746" --silent
Task: {BDB3C620-56B7-4357-8C51-DC3F1A3DA378} - System32\Tasks\CCleanerSkipUAC - o => C:\Program Files\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {B264AA78-FA47-455B-B666-03E007C88EC9} - System32\Tasks\GoogleUpdateTaskMachineCore{165D1C48-DC02-4E2F-A4A4-3A0EDA94F8AB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-05] (Google Inc -> Google Inc.)
Task: {369FBB7A-DCD0-487C-ADD8-DFFF4A14E043} - System32\Tasks\GoogleUpdateTaskMachineUA{09BB530A-706B-40A5-A0C2-F9CE813290EA} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-05] (Google Inc -> Google Inc.)
Task: {908F6C75-3F37-44AC-9B6F-7512DA2DE27E} - System32\Tasks\HPCustParticipation HP DeskJet 5820 series => C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPCustPartic.exe [6104720 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {CC3B15F9-3A5C-4A7C-9EE1-604E5BF343C3} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {8606ED69-96C9-4A95-A195-D6936EEE70AF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-10-25] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {0F86FB9A-C347-4ACF-9CF4-8266C1463B6D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [723872 2023-10-25] (Mozilla Corporation -> Mozilla Foundation)
Task: {83A11FF9-2712-46E1-A4AD-8FBE7E89A8FA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2671679121-1364000227-736312402-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {AD14C816-214E-4AF4-8458-F04E9F977CA2} - System32\Tasks\PowerToys\Autorun for o => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7ca960af-b27a-4434-a2b9-ddc5ddff558b}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-27]
Edge Notifications: Default -> hxxps://www.eurosport.com; hxxps://www.facebook.com
Edge Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-26]
Edge Extension: (Edge relevant text changes) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-26]

FireFox:
========
FF DefaultProfile: wztggr6w.default-1642687018808
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 [2023-10-27]
FF Homepage: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://atlas.centrum.cz/?redirected=1533474501
FF Notifications: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://messages.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\adblockultimate@adblockultimate.net.xpi [2023-10-24]
FF Extension: (Forget Me Not - Forget cookies & other data) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\forget-me-not@lusito.info.xpi [2022-01-20]
FF Extension: (HTTPS Everywhere) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\https-everywhere@eff.org.xpi [2022-01-20]
FF Extension: (Privacy Badger) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-09-16]
FF Extension: (JavaScript-Java Bridge) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jsjbridge@advancedcontrols.com.au.xpi [2022-01-20]
FF Extension: (Video DownloadHelper) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-25]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21]
FF Extension: (javascript) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2023-03-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-10-09] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2023-10-27]

Chrome:
=======
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\Default [2023-10-27]
CHR Notifications: Default -> hxxps://comment-reparer.com; hxxps://mail.google.com; hxxps://messages.google.com; hxxps://www.eurosport.com; hxxps://www.global-sport.cz; hxxps://www.semena-marihuany.cz
CHR Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\System Profile [2023-07-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2022-08-24] (ESET, spol. s r.o. -> ESET)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2528888 2023-09-25] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3860080 2023-09-25] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3860080 2023-09-25] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-05] (HP Inc. -> HP Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2022-09-21] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2022-08-24] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2022-08-24] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [208704 2023-07-24] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [118904 2023-07-24] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [122560 2023-07-24] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [249544 2023-07-24] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [55424 2023-07-24] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81712 2023-07-24] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [123040 2023-07-24] (ESET, spol. s r.o. -> ESET)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 shimano64; C:\WINDOWS\System32\shimano64.sys [14848 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2022-08-24] (DESlock Limited -> DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 umpusbwin8; \SystemRoot\system32\DRIVERS\umpusbvista.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-27 16:46 - 2023-10-27 16:46 - 002383360 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2023-10-27 16:46 - 2023-10-27 16:46 - 000020997 _____ C:\Users\o\Downloads\FRST.txt
2023-10-25 12:25 - 2023-10-25 12:25 - 000000000 _____ C:\Users\o\Downloads\gzIRI4hx.htm
2023-10-25 07:46 - 2023-10-26 07:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-22 16:11 - 2023-10-22 16:11 - 000256224 _____ C:\Users\o\Downloads\SML_00398_2017_d.pdf
2023-10-22 16:11 - 2023-10-22 16:11 - 000256224 _____ C:\Users\o\Downloads\SML_00398_2017_d (3).pdf
2023-10-22 16:11 - 2023-10-22 16:11 - 000256224 _____ C:\Users\o\Downloads\SML_00398_2017_d (2).pdf
2023-10-22 16:11 - 2023-10-22 16:11 - 000256224 _____ C:\Users\o\Downloads\SML_00398_2017_d (1).pdf
2023-10-17 10:12 - 2023-10-17 10:12 - 000174562 _____ C:\Users\o\Desktop\Scan.pdf
2023-10-12 12:30 - 2023-10-12 12:30 - 000000000 ____D C:\ProgramData\PLUG
2023-10-12 07:30 - 2023-10-12 07:30 - 000000000 ____D C:\Users\o\AppData\Local\Backup
2023-10-12 07:24 - 2023-10-12 07:24 - 000000000 ____D C:\Program Files\RUXIM
2023-10-11 16:20 - 2023-10-11 16:20 - 000016059 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-11 16:08 - 2023-10-11 16:08 - 000000000 ___HD C:\$WinREAgent
2023-10-01 08:04 - 2023-10-27 12:36 - 000000000 ____D C:\Users\o\AppData\Roaming\eM Client
2023-09-28 13:02 - 2023-09-28 13:02 - 000000000 ____D C:\Program Files (x86)\eM Client
2023-09-28 13:00 - 2023-09-28 13:02 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2023-09-28 13:00 - 2023-09-28 13:00 - 000000000 ____D C:\Users\o\AppData\Local\eM Client
2023-09-28 10:40 - 2023-09-28 10:40 - 000000000 ___HD C:\$SysReset
2023-09-28 09:52 - 2023-10-01 17:03 - 000000000 ____D C:\Users\o\Documents\eM Client

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-27 16:46 - 2019-01-15 17:30 - 000000000 ____D C:\FRST
2023-10-27 16:42 - 2021-12-17 08:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-27 16:42 - 2018-08-05 16:12 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-27 16:19 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-27 13:47 - 2022-02-08 17:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-10-27 13:45 - 2018-08-05 16:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-27 13:45 - 2018-08-05 16:13 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-10-27 12:30 - 2020-07-29 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-27 12:30 - 2018-08-05 10:15 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2023-10-27 10:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-27 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-27 08:34 - 2018-08-30 10:31 - 000000000 ____D C:\Users\o\Documents\Platby od 8. 2018 a důležité zprávy
2023-10-27 08:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-27 07:44 - 2022-05-11 12:30 - 000713078 _____ C:\WINDOWS\system32\perfh005.dat
2023-10-27 07:44 - 2022-05-11 12:30 - 000143796 _____ C:\WINDOWS\system32\perfc005.dat
2023-10-27 07:44 - 2020-07-29 18:29 - 001683936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-27 07:44 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-10-27 07:40 - 2023-03-08 14:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2023-10-27 07:40 - 2022-09-30 21:19 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-10-27 07:40 - 2020-07-29 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-27 07:40 - 2020-07-29 18:25 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-27 07:40 - 2018-08-05 16:13 - 000000000 ____D C:\Program Files\CCleaner
2023-10-27 07:40 - 2018-08-05 10:15 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-26 17:24 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-10-26 07:44 - 2020-06-08 07:27 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-26 07:44 - 2020-06-08 07:27 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-10-26 07:37 - 2022-09-30 21:19 - 000003474 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-10-26 07:37 - 2020-07-29 18:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-10-26 07:36 - 2018-08-05 15:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-25 10:24 - 2018-08-05 15:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-10-25 10:21 - 2022-01-14 17:05 - 000000000 ____D C:\Program Files\dotnet
2023-10-25 10:21 - 2018-08-05 16:07 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-21 12:47 - 2021-12-14 08:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2671679121-1364000227-736312402-1003
2023-10-21 12:47 - 2020-07-29 18:30 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2671679121-1364000227-736312402-1003
2023-10-21 12:47 - 2020-07-29 13:54 - 000002365 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-20 07:52 - 2022-10-11 15:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-10-20 07:52 - 2022-10-11 15:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-10-20 07:52 - 2020-07-29 18:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-10-20 07:52 - 2018-08-05 10:18 - 000000000 ____D C:\Users\o\AppData\Local\Packages
2023-10-12 07:24 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-12 07:22 - 2022-05-05 06:59 - 000305312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-11 16:29 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-10-11 16:29 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-10-11 16:29 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-10-11 16:29 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-10-11 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-10-11 16:29 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2023-10-11 16:27 - 2019-12-07 16:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-10-11 16:27 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-10-11 16:27 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-10-11 16:19 - 2020-07-29 18:28 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-11 09:52 - 2018-08-05 17:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-11 09:50 - 2018-08-05 17:39 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-08 18:29 - 2018-09-15 12:38 - 000000000 ____D C:\Users\o\AppData\Roaming\doublecmd
2023-10-08 15:25 - 2018-08-05 10:19 - 000000000 ____D C:\Users\o\AppData\Local\PlaceholderTileLogoFolder
2023-09-27 07:41 - 2018-08-05 10:25 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2022-10-04 07:54 - 2022-10-04 07:54 - 000003584 _____ () C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-06-08 17:23 - 2020-06-08 17:23 - 000000917 _____ () C:\Users\o\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2671679121-1364000227-736312402-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2671679121-1364000227-736312402-503 - Limited - Disabled)
Guest (S-1-5-21-2671679121-1364000227-736312402-501 - Limited - Disabled)
o (S-1-5-21-2671679121-1364000227-736312402-1003 - Administrator - Enabled) => C:\Users\o
OEM (S-1-5-21-2671679121-1364000227-736312402-1001 - Administrator - Enabled) => C:\Users\OEM
WDAGUtilityAccount (S-1-5-21-2671679121-1364000227-736312402-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20360 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Balíček ovladače systému Windows - SIGMA Elektro GmbH (usbser) Ports (02/20/2017 1.7.0000.0000) (HKLM\...\F11095F081576CA0F709F279E5FC84AC50628B78) (Version: 02/20/2017 1.7.0000.0000 - SIGMA Elektro GmbH)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
Canon Utilities Uploader for CANON iMAGE GATEWAY (HKLM-x32\...\Uploader for CANON iMAGE GATEWAY Plugin) (Version: 10.0.1.2 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.17 - Piriform)
Double Commander 1.0.8 beta (HKLM\...\Double Commander_is1) (Version: 1.0.8 - Alexander Koblov)
eM Client (HKLM-x32\...\{0A8D083B-E7DD-4CBF-B378-7B2679F062E7}) (Version: 9.2.2093.0 - eM Client Inc.)
ESET Premium Line Encryption (HKLM\...\{764DBB66-954B-498B-A8F0-5674FF309BAC}) (Version: 2.0.0.29 - ESET) Hidden
ESET Security (HKLM\...\{C26AA376-9D1B-4B7B-A1F0-DC41E8530176}) (Version: 16.2.15.0 - ESET, spol. s r.o.)
E-tube Project Normal V4 (HKLM-x32\...\{2F7F3743-DD5B-4C39-9686-2E82359D021A}) (Version: 4.0.4.11 - SHIMANO INC.) Hidden
E-tube Project Normal V4 (HKLM-x32\...\InstallShield_{2F7F3743-DD5B-4C39-9686-2E82359D021A}) (Version: 4.0.4.11 - SHIMANO INC.)
E-TUBE PROJECT Professional V5 (HKLM-x32\...\{A2566088-E4D7-4212-9030-838DED11FEEE}) (Version: 5.1.2.12 - SHIMANO INC.) Hidden
E-TUBE PROJECT Professional V5 (HKLM-x32\...\InstallShield_{A2566088-E4D7-4212-9030-838DED11FEEE}) (Version: 5.1.2.12 - SHIMANO INC.)
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.118 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP DeskJet 5820 series Nápověda (HKLM-x32\...\{89D0B45E-D5AC-4B97-9C7D-6F0D2308A0CA}) (Version: 36.0.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{9FF252C8-B146-47A2-9336-3A1A83056F51}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BBF796CE-5068-47C7-8A6D-4120C0CE47E5}) (Version: 36.0.39.57346 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{95548B78-8547-4E91-B0DA-1CBB82150917}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
LenovoUsbDriver 1.0.16 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.16 - Lenovo)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.24 (x64) (HKLM\...\{D3A225CD-8D33-41B4-A171-BD75FA1CBC43}) (Version: 48.96.4014 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.24 (x64) (HKLM\...\{1FACB768-CB68-43B5-BB26-1898E1959990}) (Version: 48.96.4014 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.24 (x64) (HKLM\...\{666FEAD5-547D-451D-B0A7-4DCB3648D53D}) (Version: 48.96.4014 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671679121-1364000227-736312402-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\OneDriveSetup.exe) (Version: 23.204.1001.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212 (HKLM-x32\...\{844ECB74-9B63-3D5C-958C-30BD23F19EE4}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212 (HKLM-x32\...\{37B55901-995A-3650-80B1-BBFD047E2911}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.24 (x64) (HKLM\...\{956E923F-CC4F-423A-BE6C-18F5FA7D8D5B}) (Version: 48.96.4015 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.24 (x64) (HKLM-x32\...\{09d31d87-6c77-48e4-a640-870603e16c20}) (Version: 6.0.24.33018 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 119.0 (x64 cs)) (Version: 119.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.2 - Mozilla)
NVIDIA Ovladače grafiky 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
PowerToys (Preview) (HKLM\...\{7F0C3584-ED21-4282-9931-50D173C2CCE5}) (Version: 0.68.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{51efee50-0959-4cb6-8958-e1c1ba33fbdf}) (Version: 0.68.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7811 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Sigma Data Center 5.6 (HKLM-x32\...\Sigma Data Center5.6) (Version: 5.6 - Sigma Elektro GmbH)
Sigma Data Center 5.7 (HKLM-x32\...\Sigma Data Center5.7) (Version: 5.7 - Sigma Elektro GmbH)
Sigma Data Center 5.8 (HKLM-x32\...\Sigma Data Center5.8) (Version: 5.8 - Sigma Elektro GmbH)
Spotify (HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Spotify) (Version: 1.2.9.743.g85d9593d - Spotify AB)
Studie vylepšování produktu HP DeskJet 5820 series (HKLM\...\{CAE450AC-801B-44FC-A200-0244F6AD5479}) (Version: 36.1.108.65692 - Hewlett-Packard Co.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Základní software zařízení HP DeskJet 5820 series (HKLM\...\{322E6CCD-0436-478E-A61B-EB11869234C3}) (Version: 36.1.108.65692 - Hewlett-Packard Co.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-10-20] ()
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.430.0_x64__ynb6jyjzte8ga [2023-07-21] (Adobe Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.39.18.0_x64__kgqvnymyfvs32 [2023-10-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2630.1.0_x64__kgqvnymyfvs32 [2023-10-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.254.200.0_x64__kgqvnymyfvs32 [2023-10-19] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_7.6.101.0_x64__h6adky7gbf63m [2023-10-13] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.63.6301.0_x86__ytsefhwckbdv6 [2023-10-20] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation) [MS Ad]
Neat Office -> C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.3.0_x86__y5c4dfz5b21fm [2023-06-12] (Any DVD &amp; Office App)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-17] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-10-08] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-20] (Microsoft Studios) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2342.7.0_x64__cv1g1gvanyjgm [2023-10-27] (WhatsApp Inc.) [Startup Task]
Windows App Runtime DDLM 3.469.1654.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x6_3.469.1654.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Windows App Runtime DDLM 3.469.1654.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x8_3.469.1654.0_x86__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.928.502.235_neutral__8wekyb3d8bbwe [2023-09-28] (Microsoft Corporation)
WindowsAppRuntime.Main.1.0 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsAppRuntime.Main.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corp.)
WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xDBF08D9C069DD901DBF08D9C069DD901010000000300000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{dd5cacda-7c2e-4997-a62a-04a597b58f76}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2022-08-24] (DESlock Limited -> DESlock Limited)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-09-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-09-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\nvshext.dll [2020-12-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-09-25] (ESET, spol. s r.o. -> ESET)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [475672 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2008-07-26] (Logitech Inc -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-03 16:22 - 2015-02-27 11:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2020-03-03 16:22 - 2017-03-20 17:13 - 000087552 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2020-03-03 16:22 - 2017-03-20 17:13 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2671679121-1364000227-736312402-1003 -> {96F7DBBC-8149-4334-AC47-E15E9020321E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-08-05 11:09 - 2018-08-05 11:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\OEM\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Tatra podzim 2017 192 (4).JPG
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\o\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Dolená Tatry podzim 2019 050 (2).jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6FE37A1-1D14-4D1D-984E-5E79C2C55BD1}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{66DBF78D-7F33-413B-A784-8BB554FFBD06}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E3972142-1428-4B40-93A7-479B4EA9CF3D}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{60B11243-D286-4A87-A86D-2B083836908E}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E9C860-4CC5-48E0-BA99-079BCDC6F42A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E58E12F-0CA7-442C-9A8F-04BBCA046A13}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74EF2E72-8999-4C9D-B3C9-45C71A20E2AB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{8AD5C1B0-4316-4CFE-A003-4C9099F9D275}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{27D8CC21-59B4-4206-8E71-4D7D04B68A9A}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{85CDAB00-8A8C-4601-92E8-737E46FD87CE}] => (Allow) LPort=5357
FirewallRules: [{E284F53D-7B83-4FC4-96C3-B1D53163CE89}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{9204C48B-D29B-45DD-9B35-6123AA1AAB00}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{F7458CE1-5154-4D50-AAC8-4676CD1F778C}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{E7523CD4-A155-40BA-BFF4-0E82664B2145}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B7005B0-DFDA-469A-A700-E2F2355BE2F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{35E6F87C-0AD7-43DF-A7EA-CF271FB50DB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D809DDAC-BB6B-4E83-ADC2-BD75C30C1F05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C19D6121-F0F0-4A90-BD3C-C0BF5525E8D0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DB81841-5C3E-4A63-B334-3E6964972171}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-10-2023 16:10:35 Instalační služba modulů systému Windows
19-10-2023 07:44:18 Naplánovaný kontrolní bod
26-10-2023 16:42:26 Naplánovaný kontrolní bod
27-10-2023 08:03:57 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/27/2023 08:03:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/26/2023 05:12:38 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (10/26/2023 05:12:38 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (10/26/2023 05:12:38 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (10/26/2023 07:37:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.3570, časové razítko: 0x52a5fade
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x712a81f0
ID chybujícího procesu: 0x2ce8
Čas spuštění chybující aplikace: 0x01da07ce84e7fbad
Cesta k chybující aplikaci: C:\WINDOWS\SysWOW64\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2febd9a8-1d89-4386-8f9d-eb2612e492ff
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/25/2023 05:18:13 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (10/25/2023 05:18:13 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (10/25/2023 05:18:13 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (10/27/2023 09:45:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.

Error: (10/27/2023 07:40:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba MessagingService_66535 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (10/26/2023 07:37:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_65879 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (10/25/2023 07:40:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_60131 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (10/24/2023 07:42:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_69989 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (10/23/2023 05:16:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/23/2023 05:16:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BAS7282)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/23/2023 07:10:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_68390 byla ukončena s následující chybou:
Zařízení není připraveno.


Windows Defender:
================
Date: 2020-12-06 10:14:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {388A04F6-1781-437E-BCC1-6D9A722BF871}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-06 07:18:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5D7C26DB-716E-4592-94E5-50101B0BED4E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 15:14:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BAA004E1-8477-4695-9CB6-DF8FDCA4F1B7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 12:35:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {76996594-6B4E-4B25-8E9B-C101E076753D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 10:14:07
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C01D6D25-4571-4111-BFD6-03BAA402C7CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2023-10-27 16:30:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2023-10-27 15:31:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. C.70 05/23/2016
Motherboard: MSI B150 PC MATE (MS-7971)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 53%
Total physical RAM: 8155.09 MB
Available physical RAM: 3800.87 MB
Total Virtual: 9435.09 MB
Available Virtual: 1360.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.52 GB) (Free:115.31 GB) (Model: KINGSTON SUV400S37240G) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:345.51 GB) (Model: WDC WD10EZEX-00WN4A0) NTFS

\\?\Volume{dda794df-29ce-4260-955c-5d488ec41ee3}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
\\?\Volume{b390ac81-48ab-40dc-b785-5bc87a2d3889}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{0e88439b-e7a7-474c-b178-fade1ac6c8f1}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >> •Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Přikládám vyžádané , snad jsem to udělal tak, jak jste chtěl, x result of Farbar Recovery Scan Tool (x64) Version: 28-10-2023
Ran by o (30-10-2023 10:43:42) Run:3
Running from C:\Users\o\Downloads
Loaded Profiles: OEM & o
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
S3 umpusbwin8; \SystemRoot\system32\DRIVERS\umpusbvista.sys [X]
Task: {B264AA78-FA47-455B-B666-03E007C88EC9} - System32\Tasks\GoogleUpdateTaskMachineCore{165D1C48-DC02-4E2F-A4A4-3A0EDA94F8AB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-05] (Google Inc -> Google Inc.)
Task: {369FBB7A-DCD0-487C-ADD8-DFFF4A14E043} - System32\Tasks\GoogleUpdateTaskMachineUA{09BB530A-706B-40A5-A0C2-F9CE813290EA} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-05] (Google Inc -> Google Inc.)


EmptyTemp:
Reboot:
*****************

Processes closed successfully.
HKLM\System\CurrentControlSet\Services\umpusbwin8 => removed successfully
umpusbwin8 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B264AA78-FA47-455B-B666-03E007C88EC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B264AA78-FA47-455B-B666-03E007C88EC9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{165D1C48-DC02-4E2F-A4A4-3A0EDA94F8AB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{165D1C48-DC02-4E2F-A4A4-3A0EDA94F8AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{369FBB7A-DCD0-487C-ADD8-DFFF4A14E043}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{369FBB7A-DCD0-487C-ADD8-DFFF4A14E043}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{09BB530A-706B-40A5-A0C2-F9CE813290EA} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{09BB530A-706B-40A5-A0C2-F9CE813290EA}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 586134594 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 3845290 B
Edge => 0 B
Chrome => 52250734 B
Firefox => 1184333833 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 610344 B
NetworkService => 610344 B
OEM => 610344 B
o => 198269856 B

RecycleBin => 2295272 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:45:17 ====

malo by byt cisto

Dějuji a přeji Vám jen samé pěkné dny, Cerman

Rado sa stalo - aj Tebe prajem fajn den