Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#1 Příspěvek od cerman »

f an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6FE37A1-1D14-4D1D-984E-5E79C2C55BD1}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{66DBF78D-7F33-413B-A784-8BB554FFBD06}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E3972142-1428-4B40-93A7-479B4EA9CF3D}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{60B11243-D286-4A87-A86D-2B083836908E}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E9C860-4CC5-48E0-BA99-079BCDC6F42A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E58E12F-0CA7-442C-9A8F-04BBCA046A13}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74EF2E72-8999-4C9D-B3C9-45C71A20E2AB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8AD5C1B0-4316-4CFE-A003-4C9099F9D275}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{27D8CC21-59B4-4206-8E71-4D7D04B68A9A}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{85CDAB00-8A8C-4601-92E8-737E46FD87CE}] => (Allow) LPort=5357
FirewallRules: [{E284F53D-7B83-4FC4-96C3-B1D53163CE89}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{A2492D2F-CAD6-42FB-B6BE-F1E0F5213805}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{973784AC-3C10-4CC2-A6EC-14618B4E8884}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{20659D71-2ED4-4A69-B291-AE289623B913}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{042D4FB7-32E2-4C3B-BC9B-3FDE7EF07EED}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8E423AD2-509D-402C-B180-1F6EAF3BF7DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ED181480-39C5-40DD-BEEC-21E3B135F706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC70D577-A9F8-4065-9208-78C8531EA168}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{428D4519-758F-430B-BFDB-76D3DA169E42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{94D30273-EE3D-4474-B927-A6C6CBF3F9C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{03F11D38-2F5A-4286-B8C3-500386FD3219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E88FC328-2386-4CA7-953D-1465185B4327}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{642A033F-7F45-4902-AFA2-C135FFABE257}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6503B5CD-0E9F-4321-BA30-FAB82F11F850}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8AB44E49-9FA3-4B73-91E2-523B164A5BC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A5408503-D489-4A18-B959-E864252B5BCB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A89B24FD-32EC-44CA-9ADE-9124A42CEB06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C26CE84-B060-424F-BA00-CE593B605066}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E5FDF43-89C2-4930-9D3A-4C7B55AD189E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

26-02-2025 08:10:55 Instalační služba modulů systému Windows
11-03-2025 13:14:41 Naplánovaný kontrolní bod
12-03-2025 07:48:13 Instalační služba modulů systému Windows
21-03-2025 08:01:30 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/21/2025 08:01:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/21/2025 07:31:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 7.225.2131.0, časové razítko: 0x67ae29f1
Název chybujícího modulu: GameBar.exe, verze: 7.225.2131.0, časové razítko: 0x67ae29f1
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000408b6
ID chybujícího procesu: 0x24f8
Čas spuštění chybující aplikace: 0x01db9a2af187ee01
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
ID zprávy: d4737338-4916-40e8-90e2-1c6aa517c138
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (03/23/2025 07:47:43 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (03/23/2025 07:44:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (03/23/2025 07:44:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/23/2025 07:44:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (03/23/2025 07:42:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_6bdd6 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (03/22/2025 07:27:05 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (03/22/2025 07:24:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (03/22/2025 07:24:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
================
Date: 2020-12-06 10:14:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {388A04F6-1781-437E-BCC1-6D9A722BF871}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-06 07:18:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5D7C26DB-716E-4592-94E5-50101B0BED4E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 15:14:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BAA004E1-8477-4695-9CB6-DF8FDCA4F1B7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 12:35:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {76996594-6B4E-4B25-8E9B-C101E076753D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 10:14:07
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C01D6D25-4571-4111-BFD6-03BAA402C7CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2025-03-23 12:24:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. C.70 05/23/2016
Motherboard: MSI B150 PC MATE (MS-7971)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8155.09 MB
Available physical RAM: 3599.63 MB
Total Virtual: 9435.09 MB
Available Virtual: 2668.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.52 GB) (Free:79.43 GB) (Model: KINGSTON SUV400S37240G) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:337.4 GB) (Model: WDC WD10EZEX-00WN4A0) NTFS

\\?\Volume{dda794df-29ce-4260-955c-5d488ec41ee3}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
\\?\Volume{b390ac81-48ab-40dc-b785-5bc87a2d3889}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{0e88439b-e7a7-474c-b178-fade1ac6c8f1}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(explorer.exe ->) (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> ) C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.11.0_x64__y5c4dfz5b21fm\FileWatcher\FileWatcher.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [196520 2024-10-30] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [Spotify] => C:\Users\o\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-21] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [259912 2024-11-07] (eM Client s.r.o. -> eM Client s.r.o.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291144 2025-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 5820 series): C:\WINDOWS\system32\HPDiscoPMEE11.dll [807056 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP EE11 Status Monitor: C:\WINDOWS\system32\hpinkstsEE11LM.dll [383496 2015-08-31] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.118\Installer\chrmstp.exe [2025-03-20] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2018-08-06]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D7CC2C5-2A19-4AD9-829C-FF33715DC1F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {F4FC5CE8-6F8D-4C06-B44C-4A41DAB6DF52} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {58BE21AC-B925-4E5C-96D5-A6E1ED08A8F6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e2cd71d7-1b0f-431f-9e15-b7e0ab2840d3" --version "6.33.0.11465" --silent
Task: {BDB3C620-56B7-4357-8C51-DC3F1A3DA378} - System32\Tasks\CCleanerSkipUAC - o => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DCA244DE-D595-4A13-9AF9-6DBA80CD5FBF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.5{D5900B53-7F8C-4A5E-9474-02154D54DDB2} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.5\updater.exe [5745760 2025-03-03] (Google LLC -> Google LLC)
Task: {908F6C75-3F37-44AC-9B6F-7512DA2DE27E} - System32\Tasks\HPCustParticipation HP DeskJet 5820 series => C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPCustPartic.exe [6104720 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {CC3B15F9-3A5C-4A7C-9EE1-604E5BF343C3} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe [855664 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
Task: {8606ED69-96C9-4A95-A195-D6936EEE70AF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {830EA260-1BCF-49A1-9BDA-06A7D5D261D1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2671679121-1364000227-736312402-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F892EB1D-E204-49A5-AE30-86EF7F19252F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {266D3F8B-3DED-4418-B8B4-36E3CD64F4CB} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003 => C:\Users\o\AppData\Local\Microsoft\OneDrive\25.020.0202.0001\OneDriveLauncher.exe /startInstances (No File)
Task: {83A11FF9-2712-46E1-A4AD-8FBE7E89A8FA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2671679121-1364000227-736312402-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {8D424971-306B-4B76-BB17-3B94343CA126} - System32\Tasks\PowerToys\Autorun for o => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC9A022-4A35-4131-92FE-2DA98AB1AF8F} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7ca960af-b27a-4434-a2b9-ddc5ddff558b}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-23]
Edge Notifications: Default -> hxxps://www.eurosport.com; hxxps://www.facebook.com
Edge Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-03]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF DefaultProfile: wztggr6w.default-1642687018808
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 [2025-03-23]
FF Homepage: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://atlas.centrum.cz/?redirected=1533474501
FF Notifications: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://messages.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\adblockultimate@adblockultimate.net.xpi [2025-02-15]
FF Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\browserextension@eset.com.xpi [2024-12-20]
FF Extension: (Forget Me Not - Forget cookies & other data) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\forget-me-not@lusito.info.xpi [2022-01-20]
FF Extension: (HTTPS Everywhere) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\https-everywhere@eff.org.xpi [2022-01-20]
FF Extension: (Privacy Badger) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-03-12]
FF Extension: (JavaScript-Java Bridge) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jsjbridge@advancedcontrols.com.au.xpi [2022-01-20]
FF Extension: (Firefox Relay) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\private-relay@firefox.com.xpi [2024-02-21]
FF Extension: (Video DownloadHelper) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-02-01]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-03-19]
FF Extension: (javascript) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2023-03-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2025-03-23]

Chrome:
=======
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\Default [2025-03-23]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://comment-reparer.com; hxxps://eurosport.pissedconsumer.com; hxxps://mail.google.com; hxxps://messages.google.com; hxxps://www.autodoc.cz; hxxps://www.eurosport.com; hxxps://www.global-sport.cz; hxxps://www.lavuelta.es; hxxps://www.megaknihy.cz; hxxps://www.nasejablonecko.cz; hxxps://www.semena-marihuany.cz
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-12-15]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\System Profile [2024-11-09]
CHR HKU\S-1-5-21-2671679121-1364000227-736312402-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2023-06-27] (ESET, spol. s r.o. -> ESET)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5563760 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-05] (HP Inc. -> HP Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-11-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2023-06-27] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [220520 2024-10-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [121864 2024-10-22] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [124456 2024-10-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [268568 2024-10-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [57872 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [87784 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [128552 2024-10-22] (ESET, spol. s r.o. -> ESET)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 shimano64; C:\WINDOWS\System32\shimano64.sys [14848 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2023-06-27] (DESlock Limited -> DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\VLC media player.lnk"
Error Reading file: "C:\ProgramData\Desktop\UploaderForCiG.lnk"
Error Reading file: "C:\ProgramData\Desktop\Revo Uninstaller.lnk"
Error Reading file: "C:\ProgramData\Desktop\Pracujeme s pocitacem.pdf"
Error Reading file: "C:\ProgramData\Desktop\Picture Style Editor.lnk"
Error Reading file: "C:\ProgramData\Desktop\paint.net.lnk"
Error Reading file: "C:\ProgramData\Desktop\OpenOffice 4.1.5.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImageBrowser EX.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Photo Creations.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP DeskJet 5820 series.lnk"
Error Reading file: "C:\ProgramData\Desktop\Google Chrome.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\ESET Zabezpečené bankovnictví a prohlížení webu.lnk"
Error Reading file: "C:\ProgramData\Desktop\EOS Utility.lnk"
Error Reading file: "C:\ProgramData\Desktop\Double Commander.lnk"
Error Reading file: "C:\ProgramData\Desktop\Digital Photo Professional.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\CCleaner.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-03-23 12:48 - 2025-03-23 12:48 - 000023169 _____ C:\Users\o\Downloads\FRST.txt
2025-03-23 12:46 - 2025-03-23 12:46 - 002404352 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2025-03-19 07:30 - 2025-03-20 07:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-12 07:19 - 2025-03-12 07:19 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-23 12:48 - 2019-01-15 16:30 - 000000000 ____D C:\FRST
2025-03-23 12:27 - 2022-02-08 16:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-23 12:26 - 2024-10-02 05:22 - 000000000 ____D C:\Users\o\AppData\Roaming\eM Client
2025-03-23 12:24 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-23 12:23 - 2018-08-05 09:15 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2025-03-23 10:15 - 2020-07-29 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-23 07:49 - 2020-06-08 06:27 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-23 07:49 - 2020-06-08 06:27 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-23 07:48 - 2022-09-30 20:19 - 000003326 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-03-23 07:48 - 2022-09-30 20:19 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-03-23 07:46 - 2022-05-11 11:30 - 000713246 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-23 07:46 - 2022-05-11 11:30 - 000143964 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-23 07:46 - 2020-07-29 17:29 - 001683940 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-23 07:46 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-23 07:42 - 2023-03-08 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2025-03-23 07:42 - 2020-07-29 17:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-23 07:42 - 2020-07-29 17:25 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-23 07:42 - 2018-08-05 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2025-03-22 17:30 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-21 07:32 - 2024-02-29 08:01 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2025-03-21 07:31 - 2018-08-05 09:58 - 000000000 ____D C:\Users\o\AppData\Local\D3DSCache
2025-03-20 21:51 - 2021-12-17 07:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-20 21:51 - 2018-08-05 15:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-20 21:51 - 2018-08-05 15:13 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-20 15:41 - 2020-07-29 17:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-20 07:08 - 2018-08-05 14:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-19 07:34 - 2021-10-09 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-03-19 07:34 - 2018-08-05 14:06 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-18 07:30 - 2021-12-14 07:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 17:30 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 12:54 - 000002365 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-12 08:13 - 2022-05-05 05:59 - 000305408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-12 07:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-10 13:00 - 2018-08-05 09:25 - 000000000 ____D C:\ProgramData\Packages
2025-03-10 13:00 - 2018-08-05 09:18 - 000000000 ____D C:\Users\o\AppData\Local\Packages
2025-03-10 12:55 - 2018-08-05 09:19 - 000000000 ____D C:\Users\o\AppData\Local\PlaceholderTileLogoFolder
2025-03-08 07:03 - 2020-07-29 17:30 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 07:03 - 2020-07-29 17:30 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-04 07:14 - 2025-02-18 13:37 - 000003562 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-03 07:40 - 2018-08-05 15:13 - 000000000 ____D C:\Program Files\CCleaner
2025-03-02 07:03 - 2020-07-29 17:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-02-26 08:35 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-26 08:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-26 08:16 - 2020-07-29 17:28 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-10-04 06:54 - 2022-10-04 06:54 - 000003584 _____ () C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-12-15 09:57 - 2024-12-15 09:57 - 000000877 _____ () C:\Users\o\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

=================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2671679121-1364000227-736312402-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2671679121-1364000227-736312402-503 - Limited - Disabled)
Guest (S-1-5-21-2671679121-1364000227-736312402-501 - Limited - Disabled)
o (S-1-5-21-2671679121-1364000227-736312402-1003 - Administrator - Enabled) => C:\Users\o
OEM (S-1-5-21-2671679121-1364000227-736312402-1001 - Administrator - Enabled) => C:\Users\OEM
WDAGUtilityAccount (S-1-5-21-2671679121-1364000227-736312402-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Balíček ovladače systému Windows - SIGMA Elektro GmbH (usbser) Ports (02/20/2017 1.7.0000.0000) (HKLM\...\F11095F081576CA0F709F279E5FC84AC50628B78) (Version: 02/20/2017 1.7.0000.0000 - SIGMA Elektro GmbH)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.10.0 - Canon Inc.)
Canon Utilities Uploader for CANON iMAGE GATEWAY (HKLM-x32\...\Uploader for CANON iMAGE GATEWAY Plugin) (Version: 10.0.1.2 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.33 - Piriform)
Double Commander (HKLM\...\Double Commander_is1) (Version: 1.1.22 - Alexander Koblov)
eM Client (HKLM-x32\...\{57DB06E1-8F88-4835-8DA4-3F07ED4C2BD9}) (Version: 10.1.4588.0 - eM Client s.r.o.)
ESET Premium Line Encryption (HKLM\...\{43C2B3A3-AAF7-401A-9049-5139EABE10F9}) (Version: 2.0.36.0 - ESET) Hidden
ESET Security (HKLM\...\{C26AA376-9D1B-4B7B-A1F0-DC41E8530176}) (Version: 18.0.12.0 - ESET, spol. s r.o.)
E-tube Project Normal V4 (HKLM-x32\...\{2F7F3743-DD5B-4C39-9686-2E82359D021A}) (Version: 4.0.4.11 - SHIMANO INC.) Hidden
E-tube Project Normal V4 (HKLM-x32\...\InstallShield_{2F7F3743-DD5B-4C39-9686-2E82359D021A}) (Version: 4.0.4.11 - SHIMANO INC.)
E-TUBE PROJECT Professional V5 (HKLM-x32\...\{A2566088-E4D7-4212-9030-838DED11FEEE}) (Version: 5.1.2.12 - SHIMANO INC.) Hidden
E-TUBE PROJECT Professional V5 (HKLM-x32\...\InstallShield_{A2566088-E4D7-4212-9030-838DED11FEEE}) (Version: 5.1.2.12 - SHIMANO INC.)
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 134.0.6998.118 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP DeskJet 5820 series Nápověda (HKLM-x32\...\{89D0B45E-D5AC-4B97-9C7D-6F0D2308A0CA}) (Version: 36.0.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{9FF252C8-B146-47A2-9336-3A1A83056F51}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BBF796CE-5068-47C7-8A6D-4120C0CE47E5}) (Version: 36.0.39.57346 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{95548B78-8547-4E91-B0DA-1CBB82150917}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
LenovoUsbDriver 1.0.16 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.16 - Lenovo)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.83 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.72 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2671679121-1364000227-736312402-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\OneDriveSetup.exe) (Version: 25.031.0217.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212 (HKLM-x32\...\{844ECB74-9B63-3D5C-958C-30BD23F19EE4}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212 (HKLM-x32\...\{37B55901-995A-3650-80B1-BBFD047E2911}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 136.0.2 (x64 cs)) (Version: 136.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 128.1.1 - Mozilla)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
paint.net (HKLM\...\{019781E7-35CF-47A0-BD56-B1099A3E92EF}) (Version: 5.0.11 - dotPDN LLC)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Pomocník s instalací Windows 11 (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.5003 - Microsoft Corporation)
PowerToys (Preview) (HKLM\...\{7F0C3584-ED21-4282-9931-50D173C2CCE5}) (Version: 0.68.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{51efee50-0959-4cb6-8958-e1c1ba33fbdf}) (Version: 0.68.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7811 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.5.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Sigma Data Center 5.6 (HKLM-x32\...\Sigma Data Center5.6) (Version: 5.6 - Sigma Elektro GmbH)
Sigma Data Center 5.7 (HKLM-x32\...\Sigma Data Center5.7) (Version: 5.7 - Sigma Elektro GmbH)
Sigma Data Center 5.8 (HKLM-x32\...\Sigma Data Center5.8) (Version: 5.8 - Sigma Elektro GmbH)
Spotify (HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Spotify) (Version: 1.2.9.743.g85d9593d - Spotify AB)
Studie vylepšování produktu HP DeskJet 5820 series (HKLM\...\{CAE450AC-801B-44FC-A200-0244F6AD5479}) (Version: 36.1.108.65692 - Hewlett-Packard Co.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Základní software zařízení HP DeskJet 5820 series (HKLM\...\{322E6CCD-0436-478E-A61B-EB11869234C3}) (Version: 36.1.108.65692 - Hewlett-Packard Co.)

Chrome apps:
============
Google Drive (HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\749a381c7a98f1bb8bca8312078d93d6) (Version: 1.0 - Google\Chrome)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-12] ()
Adobe Photoshop Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.16.0.0_x64__ynb6jyjzte8ga [2025-03-21] (Adobe Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_9.9.1.0_x64__kgqvnymyfvs32 [2025-03-06] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2982.2.0_x64__kgqvnymyfvs32 [2025-03-23] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.288.300.0_x64__kgqvnymyfvs32 [2025-03-07] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_8.4.202.0_x64__h6adky7gbf63m [2025-02-23] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.81.8100.0_x64__ytsefhwckbdv6 [2025-03-19] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation) [MS Ad]
MyWhoosh HD -> C:\Program Files\WindowsApps\MyWhooshTechnologyService.MyWhoosh_4.0.1.0_x64__eps1123pz0kt0 [2025-03-22] (My Whoosh Technology Services L.L.C)
Neat Office -> C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.11.0_x64__y5c4dfz5b21fm [2025-03-01] (Any DVD &amp; Office App) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-25] (NVIDIA Corp.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm [2025-03-06] (WhatsApp Inc.) [Startup Task]
Windows App Runtime DDLM 3.469.1654.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x6_3.469.1654.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
Windows App Runtime DDLM 3.469.1654.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x8_3.469.1654.0_x86__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)
WindowsAppRuntime.Main.1.0 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsAppRuntime.Main.1.0_4.528.1755.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corp.)
WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2023-06-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xDBF08D9C069DD901DBF08D9C069DD901010000000300000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{dd5cacda-7c2e-4997-a62a-04a597b58f76}\localserver32 -> C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2023-06-27] (DESlock Limited -> DESlock Limited)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\nvshext.dll [2024-11-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-30] (ESET, spol. s r.o. -> ESET)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [475672 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2008-07-26] (Logitech Inc -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-03 15:22 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2020-03-03 15:22 - 2017-03-20 16:13 - 000087552 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2020-03-03 15:22 - 2017-03-20 16:13 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) =============

SearchScopes: HKU\S-1-5-21-2671679121-1364000227-736312402-1003 -> {96F7DBBC-8149-4334-AC47-E15E9020321E} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-08-05 10:09 - 2018-08-05 10:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\OEM\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Tatra podzim 2017 192 (4).JPG
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\Wallpaper -> c:\users\o\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\img_20241017_092312.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6FE37A1-1D14-4D1D-984E-5E79C2C55BD1}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{66DBF78D-7F33-413B-A784-8BB554FFBD06}] => (Block) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E3972142-1428-4B40-93A7-479B4EA9CF3D}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{60B11243-D286-4A87-A86D-2B083836908E}C:\users\o\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\o\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E9C860-4CC5-48E0-BA99-079BCDC6F42A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E58E12F-0CA7-442C-9A8F-04BBCA046A13}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74EF2E72-8999-4C9D-B3C9-45C71A20E2AB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8AD5C1B0-4316-4CFE-A003-4C9099F9D275}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{27D8CC21-59B4-4206-8E71-4D7D04B68A9A}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{85CDAB00-8A8C-4601-92E8-737E46FD87CE}] => (Allow) LPort=5357
FirewallRules: [{E284F53D-7B83-4FC4-96C3-B1D53163CE89}] => (Allow) C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{A2492D2F-CAD6-42FB-B6BE-F1E0F5213805}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{973784AC-3C10-4CC2-A6EC-14618B4E8884}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{20659D71-2ED4-4A69-B291-AE289623B913}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{042D4FB7-32E2-4C3B-BC9B-3FDE7EF07EED}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8E423AD2-509D-402C-B180-1F6EAF3BF7DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ED181480-39C5-40DD-BEEC-21E3B135F706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC70D577-A9F8-4065-9208-78C8531EA168}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{428D4519-758F-430B-BFDB-76D3DA169E42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{94D30273-EE3D-4474-B927-A6C6CBF3F9C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{03F11D38-2F5A-4286-B8C3-500386FD3219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E88FC328-2386-4CA7-953D-1465185B4327}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{642A033F-7F45-4902-AFA2-C135FFABE257}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6503B5CD-0E9F-4321-BA30-FAB82F11F850}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8AB44E49-9FA3-4B73-91E2-523B164A5BC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A5408503-D489-4A18-B959-E864252B5BCB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A89B24FD-32EC-44CA-9ADE-9124A42CEB06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C26CE84-B060-424F-BA00-CE593B605066}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E5FDF43-89C2-4930-9D3A-4C7B55AD189E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

26-02-2025 08:10:55 Instalační služba modulů systému Windows
11-03-2025 13:14:41 Naplánovaný kontrolní bod
12-03-2025 07:48:13 Instalační služba modulů systému Windows
21-03-2025 08:01:30 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/22/2025 05:24:11 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/21/2025 05:07:56 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/21/2025 08:01:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/21/2025 07:31:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 7.225.2131.0, časové razítko: 0x67ae29f1
Název chybujícího modulu: GameBar.exe, verze: 7.225.2131.0, časové razítko: 0x67ae29f1
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000408b6
ID chybujícího procesu: 0x24f8
Čas spuštění chybující aplikace: 0x01db9a2af187ee01
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
ID zprávy: d4737338-4916-40e8-90e2-1c6aa517c138
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (03/23/2025 07:47:43 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (03/23/2025 07:44:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (03/23/2025 07:44:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/23/2025 07:44:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (03/23/2025 07:42:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_6bdd6 byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (03/22/2025 07:27:05 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (03/22/2025 07:24:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (03/22/2025 07:24:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
================
Date: 2020-12-06 10:14:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {388A04F6-1781-437E-BCC1-6D9A722BF871}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-06 07:18:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5D7C26DB-716E-4592-94E5-50101B0BED4E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 15:14:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BAA004E1-8477-4695-9CB6-DF8FDCA4F1B7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 12:35:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {76996594-6B4E-4B25-8E9B-C101E076753D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-04 10:14:07
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C01D6D25-4571-4111-BFD6-03BAA402C7CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2025-03-23 12:24:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. C.70 05/23/2016
Motherboard: MSI B150 PC MATE (MS-7971)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8155.09 MB
Available physical RAM: 3599.63 MB
Total Virtual: 9435.09 MB
Available Virtual: 2668.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.52 GB) (Free:79.43 GB) (Model: KINGSTON SUV400S37240G) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:337.4 GB) (Model: WDC WD10EZEX-00WN4A0) NTFS

\\?\Volume{dda794df-29ce-4260-955c-5d488ec41ee3}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
\\?\Volume{b390ac81-48ab-40dc-b785-5bc87a2d3889}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{0e88439b-e7a7-474c-b178-fade1ac6c8f1}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =========================================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119309
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#3 Příspěvek od cerman »

-------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-23-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5608)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1343 octets] - [17/01/2019 09:50:06]
AdwCleaner[C00].txt - [1489 octets] - [17/01/2019 09:50:26]
AdwCleaner_Debug.log - [7908 octets] - [03/10/2019 13:20:26]
AdwCleaner[S01].txt - [1706 octets] - [03/10/2019 13:20:48]
AdwCleaner[C01].txt - [1767 octets] - [03/10/2019 13:22:28]
AdwCleaner[S02].txt - [2030 octets] - [25/07/2022 15:58:46]
AdwCleaner[S03].txt - [2091 octets] - [25/07/2022 16:17:45]
AdwCleaner[S04].txt - [2152 octets] - [25/07/2022 16:18:28]
AdwCleaner[C04].txt - [2379 octets] - [25/07/2022 16:19:11]
AdwCleaner[S05].txt - [1970 octets] - [23/03/2025 15:45:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119309
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#4 Příspěvek od Rudy »

Toto je OK.Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
FirewallRules: [{8E423AD2-509D-402C-B180-1F6EAF3BF7DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ED181480-39C5-40DD-BEEC-21E3B135F706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC70D577-A9F8-4065-9208-78C8531EA168}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{428D4519-758F-430B-BFDB-76D3DA169E42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{94D30273-EE3D-4474-B927-A6C6CBF3F9C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{03F11D38-2F5A-4286-B8C3-500386FD3219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E88FC328-2386-4CA7-953D-1465185B4327}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{642A033F-7F45-4902-AFA2-C135FFABE257}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CustomCLSID: HKU\S-1-5-21-2671679121-1364000227-736312402-1003_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xDBF08D9C069DD901DBF08D9C069DD901010000000300000000000000 => No File
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Software\Classes\.cmd: => <==== ATTENTION
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte do C:\Users\o\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#5 Příspěvek od cerman »

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> ) C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.11.0_x64__y5c4dfz5b21fm\FileWatcher\FileWatcher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [196520 2024-10-30] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [Spotify] => C:\Users\o\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-21] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [259912 2024-11-07] (eM Client s.r.o. -> eM Client s.r.o.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291144 2025-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 5820 series): C:\WINDOWS\system32\HPDiscoPMEE11.dll [807056 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP EE11 Status Monitor: C:\WINDOWS\system32\hpinkstsEE11LM.dll [383496 2015-08-31] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.118\Installer\chrmstp.exe [2025-03-20] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2018-08-06]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D7CC2C5-2A19-4AD9-829C-FF33715DC1F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {F4FC5CE8-6F8D-4C06-B44C-4A41DAB6DF52} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {46CA14A9-DCFE-4193-BCF5-6B5CE010B42B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e2cd71d7-1b0f-431f-9e15-b7e0ab2840d3" --version "6.33.0.11465" --silent
Task: {BDB3C620-56B7-4357-8C51-DC3F1A3DA378} - System32\Tasks\CCleanerSkipUAC - o => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DCA244DE-D595-4A13-9AF9-6DBA80CD5FBF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.5{D5900B53-7F8C-4A5E-9474-02154D54DDB2} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.5\updater.exe [5745760 2025-03-03] (Google LLC -> Google LLC)
Task: {908F6C75-3F37-44AC-9B6F-7512DA2DE27E} - System32\Tasks\HPCustParticipation HP DeskJet 5820 series => C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPCustPartic.exe [6104720 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {CC3B15F9-3A5C-4A7C-9EE1-604E5BF343C3} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe [855664 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
Task: {8606ED69-96C9-4A95-A195-D6936EEE70AF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {830EA260-1BCF-49A1-9BDA-06A7D5D261D1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2671679121-1364000227-736312402-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F892EB1D-E204-49A5-AE30-86EF7F19252F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {266D3F8B-3DED-4418-B8B4-36E3CD64F4CB} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003 => C:\Users\o\AppData\Local\Microsoft\OneDrive\25.020.0202.0001\OneDriveLauncher.exe /startInstances (No File)
Task: {83A11FF9-2712-46E1-A4AD-8FBE7E89A8FA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2671679121-1364000227-736312402-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {0D3E8CCA-10A7-4928-81C2-C4F2C8773E6F} - System32\Tasks\PowerToys\Autorun for o => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC9A022-4A35-4131-92FE-2DA98AB1AF8F} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7ca960af-b27a-4434-a2b9-ddc5ddff558b}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-24]
Edge Notifications: Default -> hxxps://www.eurosport.com; hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-03-23]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-03]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF DefaultProfile: wztggr6w.default-1642687018808
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 [2025-03-24]
FF Homepage: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://atlas.centrum.cz/?redirected=1533474501
FF Notifications: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://messages.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\adblockultimate@adblockultimate.net.xpi [2025-02-15]
FF Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\browserextension@eset.com.xpi [2024-12-20]
FF Extension: (Forget Me Not - Forget cookies & other data) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\forget-me-not@lusito.info.xpi [2022-01-20]
FF Extension: (HTTPS Everywhere) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\https-everywhere@eff.org.xpi [2022-01-20]
FF Extension: (Privacy Badger) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-03-12]
FF Extension: (JavaScript-Java Bridge) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jsjbridge@advancedcontrols.com.au.xpi [2022-01-20]
FF Extension: (Firefox Relay) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\private-relay@firefox.com.xpi [2024-02-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2025-03-23]
FF Extension: (Video DownloadHelper) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-02-01]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-03-19]
FF Extension: (javascript) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2023-03-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2025-03-24]

Chrome:
=======
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\Default [2025-03-23]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://comment-reparer.com; hxxps://eurosport.pissedconsumer.com; hxxps://mail.google.com; hxxps://messages.google.com; hxxps://www.autodoc.cz; hxxps://www.eurosport.com; hxxps://www.global-sport.cz; hxxps://www.lavuelta.es; hxxps://www.megaknihy.cz; hxxps://www.nasejablonecko.cz; hxxps://www.semena-marihuany.cz
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-12-15]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\System Profile [2024-11-09]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2671679121-1364000227-736312402-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2023-06-27] (ESET, spol. s r.o. -> ESET)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5563760 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-05] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9484384 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-11-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2023-06-27] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [220520 2024-10-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [121864 2024-10-22] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [124456 2024-10-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [268568 2024-10-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [57872 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [87784 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [128552 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [202856 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-03-24] (Malwarebytes Inc. -> Malwarebytes)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 shimano64; C:\WINDOWS\System32\shimano64.sys [14848 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2023-06-27] (DESlock Limited -> DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\VLC media player.lnk"
Error Reading file: "C:\ProgramData\Desktop\UploaderForCiG.lnk"
Error Reading file: "C:\ProgramData\Desktop\Revo Uninstaller.lnk"
Error Reading file: "C:\ProgramData\Desktop\Pracujeme s pocitacem.pdf"
Error Reading file: "C:\ProgramData\Desktop\Picture Style Editor.lnk"
Error Reading file: "C:\ProgramData\Desktop\paint.net.lnk"
Error Reading file: "C:\ProgramData\Desktop\OpenOffice 4.1.5.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\Malwarebytes.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImageBrowser EX.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Photo Creations.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP DeskJet 5820 series.lnk"
Error Reading file: "C:\ProgramData\Desktop\Google Chrome.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\ESET Zabezpečené bankovnictví a prohlížení webu.lnk"
Error Reading file: "C:\ProgramData\Desktop\EOS Utility.lnk"
Error Reading file: "C:\ProgramData\Desktop\Double Commander.lnk"
Error Reading file: "C:\ProgramData\Desktop\Digital Photo Professional.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\CCleaner.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-03-24 07:43 - 2025-03-24 07:43 - 000002139 _____ C:\Users\o\Download.txt
2025-03-24 07:20 - 2025-03-24 07:20 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-03-23 15:44 - 2025-03-23 15:44 - 008790880 _____ (Malwarebytes) C:\Users\o\Downloads\AdwCleaner.exe
2025-03-23 15:43 - 2025-03-23 15:43 - 000096238 _____ C:\Users\o\Desktop\5LQR_2mD.htm
2025-03-23 15:28 - 2025-03-23 15:28 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup(1).exe
2025-03-23 15:27 - 2025-03-24 07:41 - 000000000 ____D C:\Users\o\AppData\Local\Malwarebytes
2025-03-23 15:27 - 2025-03-23 15:30 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-03-23 15:27 - 2025-03-23 15:30 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\Program Files\Malwarebytes
2025-03-23 15:25 - 2025-03-23 15:25 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup.exe
2025-03-23 15:22 - 2025-03-23 15:22 - 000170448 _____ C:\Users\o\Desktop\adwcleaner.htm
2025-03-23 12:49 - 2025-03-23 12:50 - 000038677 _____ C:\Users\o\Downloads\Addition.txt
2025-03-23 12:48 - 2025-03-24 07:45 - 000026042 _____ C:\Users\o\Downloads\FRST.txt
2025-03-23 12:46 - 2025-03-23 12:46 - 002404352 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2025-03-19 07:30 - 2025-03-20 07:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-12 07:19 - 2025-03-12 07:19 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-24 07:44 - 2019-01-15 16:30 - 000000000 ____D C:\FRST
2025-03-24 07:43 - 2020-07-29 12:54 - 000000000 ____D C:\Users\o
2025-03-24 07:41 - 2022-02-08 16:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-24 07:25 - 2022-05-11 11:30 - 000713246 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-24 07:25 - 2022-05-11 11:30 - 000143964 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-24 07:25 - 2020-07-29 17:29 - 001683940 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-24 07:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-24 07:24 - 2024-10-02 05:22 - 000000000 ____D C:\Users\o\AppData\Roaming\eM Client
2025-03-24 07:24 - 2021-12-17 07:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-24 07:23 - 2022-09-30 20:19 - 000003326 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-03-24 07:23 - 2022-09-30 20:19 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-03-24 07:21 - 2023-03-08 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2025-03-24 07:21 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-24 07:20 - 2020-07-29 17:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-24 07:20 - 2020-07-29 17:25 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-24 07:20 - 2018-08-05 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2025-03-24 07:20 - 2018-08-05 09:15 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2025-03-23 15:56 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-23 15:27 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-03-23 15:25 - 2024-02-29 08:01 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2025-03-23 10:15 - 2020-07-29 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-23 07:49 - 2020-06-08 06:27 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-23 07:49 - 2020-06-08 06:27 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-21 07:31 - 2018-08-05 09:58 - 000000000 ____D C:\Users\o\AppData\Local\D3DSCache
2025-03-20 21:51 - 2018-08-05 15:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-20 21:51 - 2018-08-05 15:13 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-20 15:41 - 2020-07-29 17:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-20 07:08 - 2018-08-05 14:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-19 07:34 - 2021-10-09 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-03-19 07:34 - 2018-08-05 14:06 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-18 07:30 - 2021-12-14 07:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 17:30 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 12:54 - 000002365 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-12 08:13 - 2022-05-05 05:59 - 000305408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-12 07:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-10 13:00 - 2018-08-05 09:25 - 000000000 ____D C:\ProgramData\Packages
2025-03-10 13:00 - 2018-08-05 09:18 - 000000000 ____D C:\Users\o\AppData\Local\Packages
2025-03-10 12:55 - 2018-08-05 09:19 - 000000000 ____D C:\Users\o\AppData\Local\PlaceholderTileLogoFolder
2025-03-08 07:03 - 2020-07-29 17:30 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 07:03 - 2020-07-29 17:30 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-04 07:14 - 2025-02-18 13:37 - 000003562 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-03 07:40 - 2018-08-05 15:13 - 000000000 ____D C:\Program Files\CCleaner
2025-03-02 07:03 - 2020-07-29 17:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-02-26 08:35 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-26 08:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-26 08:16 - 2020-07-29 17:28 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-10-04 06:54 - 2022-10-04 06:54 - 000003584 _____ () C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-12-15 09:57 - 2024-12-15 09:57 - 000000877 _____ () C:\Users\o\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119309
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#6 Příspěvek od Rudy »

Potřebuji vidět obsah souboru fixlog.txt. Je v C:\Users\o\Downloads . Tohle je k ničemu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#7 Příspěvek od cerman »

If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> ) C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.11.0_x64__y5c4dfz5b21fm\FileWatcher\FileWatcher.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.225.2131.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [196520 2024-10-30] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [Spotify] => C:\Users\o\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-21] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [259912 2024-11-07] (eM Client s.r.o. -> eM Client s.r.o.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291144 2025-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 5820 series): C:\WINDOWS\system32\HPDiscoPMEE11.dll [807056 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP EE11 Status Monitor: C:\WINDOWS\system32\hpinkstsEE11LM.dll [383496 2015-08-31] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.118\Installer\chrmstp.exe [2025-03-20] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2018-08-06]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D7CC2C5-2A19-4AD9-829C-FF33715DC1F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {F4FC5CE8-6F8D-4C06-B44C-4A41DAB6DF52} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {46CA14A9-DCFE-4193-BCF5-6B5CE010B42B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e2cd71d7-1b0f-431f-9e15-b7e0ab2840d3" --version "6.33.0.11465" --silent
Task: {BDB3C620-56B7-4357-8C51-DC3F1A3DA378} - System32\Tasks\CCleanerSkipUAC - o => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DCA244DE-D595-4A13-9AF9-6DBA80CD5FBF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.5{D5900B53-7F8C-4A5E-9474-02154D54DDB2} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.5\updater.exe [5745760 2025-03-03] (Google LLC -> Google LLC)
Task: {908F6C75-3F37-44AC-9B6F-7512DA2DE27E} - System32\Tasks\HPCustParticipation HP DeskJet 5820 series => C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPCustPartic.exe [6104720 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {CC3B15F9-3A5C-4A7C-9EE1-604E5BF343C3} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe [855664 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
Task: {8606ED69-96C9-4A95-A195-D6936EEE70AF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {830EA260-1BCF-49A1-9BDA-06A7D5D261D1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2671679121-1364000227-736312402-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F892EB1D-E204-49A5-AE30-86EF7F19252F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {266D3F8B-3DED-4418-B8B4-36E3CD64F4CB} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003 => C:\Users\o\AppData\Local\Microsoft\OneDrive\25.020.0202.0001\OneDriveLauncher.exe /startInstances (No File)
Task: {83A11FF9-2712-46E1-A4AD-8FBE7E89A8FA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2671679121-1364000227-736312402-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {0D3E8CCA-10A7-4928-81C2-C4F2C8773E6F} - System32\Tasks\PowerToys\Autorun for o => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC9A022-4A35-4131-92FE-2DA98AB1AF8F} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7ca960af-b27a-4434-a2b9-ddc5ddff558b}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-24]
Edge Notifications: Default -> hxxps://www.eurosport.com; hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-03-23]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-03]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF DefaultProfile: wztggr6w.default-1642687018808
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 [2025-03-24]
FF Homepage: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://atlas.centrum.cz/?redirected=1533474501
FF Notifications: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://messages.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\adblockultimate@adblockultimate.net.xpi [2025-02-15]
FF Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\browserextension@eset.com.xpi [2024-12-20]
FF Extension: (Forget Me Not - Forget cookies & other data) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\forget-me-not@lusito.info.xpi [2022-01-20]
FF Extension: (HTTPS Everywhere) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\https-everywhere@eff.org.xpi [2022-01-20]
FF Extension: (Privacy Badger) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-03-12]
FF Extension: (JavaScript-Java Bridge) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jsjbridge@advancedcontrols.com.au.xpi [2022-01-20]
FF Extension: (Firefox Relay) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\private-relay@firefox.com.xpi [2024-02-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2025-03-23]
FF Extension: (Video DownloadHelper) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-02-01]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-03-19]
FF Extension: (javascript) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2023-03-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2025-03-24]

Chrome:
=======
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\Default [2025-03-23]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://comment-reparer.com; hxxps://eurosport.pissedconsumer.com; hxxps://mail.google.com; hxxps://messages.google.com; hxxps://www.autodoc.cz; hxxps://www.eurosport.com; hxxps://www.global-sport.cz; hxxps://www.lavuelta.es; hxxps://www.megaknihy.cz; hxxps://www.nasejablonecko.cz; hxxps://www.semena-marihuany.cz
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-12-15]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\System Profile [2024-11-09]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2671679121-1364000227-736312402-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2023-06-27] (ESET, spol. s r.o. -> ESET)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5563760 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-05] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9484384 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-11-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2023-06-27] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [220520 2024-10-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [121864 2024-10-22] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [124456 2024-10-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [268568 2024-10-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [57872 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [87784 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [128552 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [202856 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-03-24] (Malwarebytes Inc. -> Malwarebytes)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 shimano64; C:\WINDOWS\System32\shimano64.sys [14848 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2023-06-27] (DESlock Limited -> DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\VLC media player.lnk"
Error Reading file: "C:\ProgramData\Desktop\UploaderForCiG.lnk"
Error Reading file: "C:\ProgramData\Desktop\Revo Uninstaller.lnk"
Error Reading file: "C:\ProgramData\Desktop\Pracujeme s pocitacem.pdf"
Error Reading file: "C:\ProgramData\Desktop\Picture Style Editor.lnk"
Error Reading file: "C:\ProgramData\Desktop\paint.net.lnk"
Error Reading file: "C:\ProgramData\Desktop\OpenOffice 4.1.5.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\Malwarebytes.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImageBrowser EX.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Photo Creations.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP DeskJet 5820 series.lnk"
Error Reading file: "C:\ProgramData\Desktop\Google Chrome.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\ESET Zabezpečené bankovnictví a prohlížení webu.lnk"
Error Reading file: "C:\ProgramData\Desktop\EOS Utility.lnk"
Error Reading file: "C:\ProgramData\Desktop\Double Commander.lnk"
Error Reading file: "C:\ProgramData\Desktop\Digital Photo Professional.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\CCleaner.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-03-24 07:43 - 2025-03-24 07:43 - 000002139 _____ C:\Users\o\Download.txt
2025-03-24 07:20 - 2025-03-24 07:20 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-03-23 15:44 - 2025-03-23 15:44 - 008790880 _____ (Malwarebytes) C:\Users\o\Downloads\AdwCleaner.exe
2025-03-23 15:43 - 2025-03-23 15:43 - 000096238 _____ C:\Users\o\Desktop\5LQR_2mD.htm
2025-03-23 15:28 - 2025-03-23 15:28 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup(1).exe
2025-03-23 15:27 - 2025-03-24 07:41 - 000000000 ____D C:\Users\o\AppData\Local\Malwarebytes
2025-03-23 15:27 - 2025-03-23 15:30 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-03-23 15:27 - 2025-03-23 15:30 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\Program Files\Malwarebytes
2025-03-23 15:25 - 2025-03-23 15:25 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup.exe
2025-03-23 15:22 - 2025-03-23 15:22 - 000170448 _____ C:\Users\o\Desktop\adwcleaner.htm
2025-03-23 12:49 - 2025-03-23 12:50 - 000038677 _____ C:\Users\o\Downloads\Addition.txt
2025-03-23 12:48 - 2025-03-24 07:45 - 000026042 _____ C:\Users\o\Downloads\FRST.txt
2025-03-23 12:46 - 2025-03-23 12:46 - 002404352 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2025-03-19 07:30 - 2025-03-20 07:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-12 07:19 - 2025-03-12 07:19 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-24 07:44 - 2019-01-15 16:30 - 000000000 ____D C:\FRST
2025-03-24 07:43 - 2020-07-29 12:54 - 000000000 ____D C:\Users\o
2025-03-24 07:41 - 2022-02-08 16:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-24 07:25 - 2022-05-11 11:30 - 000713246 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-24 07:25 - 2022-05-11 11:30 - 000143964 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-24 07:25 - 2020-07-29 17:29 - 001683940 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-24 07:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-24 07:24 - 2024-10-02 05:22 - 000000000 ____D C:\Users\o\AppData\Roaming\eM Client
2025-03-24 07:24 - 2021-12-17 07:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-24 07:23 - 2022-09-30 20:19 - 000003326 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-03-24 07:23 - 2022-09-30 20:19 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-03-24 07:21 - 2023-03-08 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2025-03-24 07:21 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-24 07:20 - 2020-07-29 17:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-24 07:20 - 2020-07-29 17:25 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-24 07:20 - 2018-08-05 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2025-03-24 07:20 - 2018-08-05 09:15 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2025-03-23 15:56 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-23 15:27 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-03-23 15:25 - 2024-02-29 08:01 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2025-03-23 10:15 - 2020-07-29 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-23 07:49 - 2020-06-08 06:27 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-23 07:49 - 2020-06-08 06:27 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-21 07:31 - 2018-08-05 09:58 - 000000000 ____D C:\Users\o\AppData\Local\D3DSCache
2025-03-20 21:51 - 2018-08-05 15:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-20 21:51 - 2018-08-05 15:13 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-20 15:41 - 2020-07-29 17:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-20 07:08 - 2018-08-05 14:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-19 07:34 - 2021-10-09 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-03-19 07:34 - 2018-08-05 14:06 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-18 07:30 - 2021-12-14 07:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 17:30 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 12:54 - 000002365 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-12 08:13 - 2022-05-05 05:59 - 000305408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-12 07:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-10 13:00 - 2018-08-05 09:25 - 000000000 ____D C:\ProgramData\Packages
2025-03-10 13:00 - 2018-08-05 09:18 - 000000000 ____D C:\Users\o\AppData\Local\Packages
2025-03-10 12:55 - 2018-08-05 09:19 - 000000000 ____D C:\Users\o\AppData\Local\PlaceholderTileLogoFolder
2025-03-08 07:03 - 2020-07-29 17:30 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 07:03 - 2020-07-29 17:30 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-04 07:14 - 2025-02-18 13:37 - 000003562 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-03 07:40 - 2018-08-05 15:13 - 000000000 ____D C:\Program Files\CCleaner
2025-03-02 07:03 - 2020-07-29 17:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-02-26 08:35 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-26 08:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-26 08:16 - 2020-07-29 17:28 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-10-04 06:54 - 2022-10-04 06:54 - 000003584 _____ () C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-12-15 09:57 - 2024-12-15 09:57 - 000000877 _____ () C:\Users\o\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#8 Příspěvek od cerman »

Omlovám se a doufám, že posílám to , co potřebujete. Cerman
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119309
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#9 Příspěvek od Rudy »

cerman píše: 24 bře 2025 12:47 Omlovám se a doufám, že posílám to , co potřebujete. Cerman
Stále špatně. V C:\Users\o\Downloads najdete soubor fixlog.txt.Ten otevřte a jeho obsah sem zkopírujte. Děkuji
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#10 Příspěvek od cerman »

Mán uloženo ,viz obrázek ,ale když kliknu na fix , tak hlásí , anglicky, že soubor neexistuje. Omlovám se ,ale jsem bohužel blbbý, tak navím jak dál ,děkuji , Cerman
Přílohy
viry.png
viry.png (35.68 KiB) Zobrazeno 9751 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119309
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#11 Příspěvek od Rudy »

To není možné. Do adresáře C:\Users\o\Downloads jste jako provní uložil soubor FRST.exe. Všechny ostatní soubory, kterém já (fixlist.txt a FRST vytvoří (frst.txt, addition.txt a fixlog.txt), jsou uloženy ve stejném adrresáři. Txt soubor snadno dvouklikem otevřete a kopírovat/vložit zkopírujete do fóra. Nechápu, jak můžete pracovat s PC, když neznáte ani základní věci. Pokud toho nejste schpoen, posaďte k vašemu PC někoho, kdo zná alespoň základí věci. Pak to bue možné dořešit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15640
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#12 Příspěvek od JaRon »

Pripojim sa :)
Ten subor podla obrazku fixlisttext nechaj premenovat na fixlist a spust FIX
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#13 Příspěvek od cerman »

Snažím se v té konstelaci v oddílu st. soubory jako na dříve poslaném snímku obrazovky ,znovu spustit FRST , což bohužel hlásí po kliku na FIX , že sobor neexistuje. Bohužel ani po přejmenování na fixlist./jak doporučil kolega/Bohužel tedy nejsem schopen nic zkopírovat a poslat. Uznávám , že jsem blbý a omlouvám se Vám za ztrátu času, Děkuji a přeji Vám pěkné a úspěšné dny , Cerman
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15640
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#14 Příspěvek od JaRon »

Ked sa pozries do adresara vlavo by malo byt fixlist a vpravo textovy dokument :James008:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
cerman
Návštěvník
Návštěvník
Příspěvky: 104
Registrován: 03 lis 2013 11:16

Re: Prosím o prev. kontrolu. PC mně hlasilo pokusy o neoprávnšné přihlášeí k mému účtu.

#15 Příspěvek od cerman »

Posílám tedy ten textový dokument,snad to bude tosprávné ,děkuji za zájem a pomoc.Cermancan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-03-2025
Ran by o (administrator) on DESKTOP-BAS7282 (MSI MS-7971) (24-03-2025 18:31:40)
Running from C:\Users\o\Downloads\FRST64.exe
Loaded Profiles: OEM & o
Platform: Microsoft Windows 10 Home Version 22H2 19045.5608 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\BrowserPrivacyAndSecurity.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> ) C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.4.11.0_x64__y5c4dfz5b21fm\FileWatcher\FileWatcher.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [196520 2024-10-30] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2671679121-1364000227-736312402-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [Spotify] => C:\Users\o\AppData\Roaming\Spotify\Spotify.exe [20475256 2023-04-21] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [259912 2024-11-07] (eM Client s.r.o. -> eM Client s.r.o.)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\...\Run: [MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291144 2025-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2671679121-1364000227-736312402-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [619520 2024-04-24] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 5820 series): C:\WINDOWS\system32\HPDiscoPMEE11.dll [807056 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP EE11 Status Monitor: C:\WINDOWS\system32\hpinkstsEE11LM.dll [383496 2015-08-31] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.118\Installer\chrmstp.exe [2025-03-20] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2018-08-06]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D7CC2C5-2A19-4AD9-829C-FF33715DC1F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {F4FC5CE8-6F8D-4C06-B44C-4A41DAB6DF52} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {46CA14A9-DCFE-4193-BCF5-6B5CE010B42B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e2cd71d7-1b0f-431f-9e15-b7e0ab2840d3" --version "6.33.0.11465" --silent
Task: {BDB3C620-56B7-4357-8C51-DC3F1A3DA378} - System32\Tasks\CCleanerSkipUAC - o => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DCA244DE-D595-4A13-9AF9-6DBA80CD5FBF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.5{D5900B53-7F8C-4A5E-9474-02154D54DDB2} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.5\updater.exe [5745760 2025-03-03] (Google LLC -> Google LLC)
Task: {908F6C75-3F37-44AC-9B6F-7512DA2DE27E} - System32\Tasks\HPCustParticipation HP DeskJet 5820 series => C:\Program Files\HP\HP DeskJet 5820 series\Bin\HPCustPartic.exe [6104720 2016-08-04] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {CC3B15F9-3A5C-4A7C-9EE1-604E5BF343C3} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe [855664 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
Task: {8606ED69-96C9-4A95-A195-D6936EEE70AF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {830EA260-1BCF-49A1-9BDA-06A7D5D261D1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2671679121-1364000227-736312402-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F892EB1D-E204-49A5-AE30-86EF7F19252F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {266D3F8B-3DED-4418-B8B4-36E3CD64F4CB} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003 => C:\Users\o\AppData\Local\Microsoft\OneDrive\25.020.0202.0001\OneDriveLauncher.exe /startInstances (No File)
Task: {83A11FF9-2712-46E1-A4AD-8FBE7E89A8FA} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2671679121-1364000227-736312402-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {0D3E8CCA-10A7-4928-81C2-C4F2C8773E6F} - System32\Tasks\PowerToys\Autorun for o => C:\Program Files\PowerToys\PowerToys.exe [1103296 2023-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC9A022-4A35-4131-92FE-2DA98AB1AF8F} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7ca960af-b27a-4434-a2b9-ddc5ddff558b}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-24]
Edge Notifications: Default -> hxxps://www.eurosport.com; hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-03-23]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-03]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\o\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF DefaultProfile: wztggr6w.default-1642687018808
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 [2025-03-24]
FF Homepage: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://atlas.centrum.cz/?redirected=1533474501
FF Notifications: Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808 -> hxxps://messages.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\adblockultimate@adblockultimate.net.xpi [2025-02-15]
FF Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\browserextension@eset.com.xpi [2024-12-20]
FF Extension: (Forget Me Not - Forget cookies & other data) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\forget-me-not@lusito.info.xpi [2022-01-20]
FF Extension: (HTTPS Everywhere) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\https-everywhere@eff.org.xpi [2022-01-20]
FF Extension: (Privacy Badger) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-03-12]
FF Extension: (JavaScript-Java Bridge) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\jsjbridge@advancedcontrols.com.au.xpi [2022-01-20]
FF Extension: (Firefox Relay) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\private-relay@firefox.com.xpi [2024-02-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2025-03-23]
FF Extension: (Video DownloadHelper) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-02-01]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-03-19]
FF Extension: (javascript) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\wztggr6w.default-1642687018808\Extensions\{d4bc778f-3a98-44f4-9b2e-45fab92a21db}.xpi [2023-03-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2025-03-24]

Chrome:
=======
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\Default [2025-03-23]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://comment-reparer.com; hxxps://eurosport.pissedconsumer.com; hxxps://mail.google.com; hxxps://messages.google.com; hxxps://www.autodoc.cz; hxxps://www.eurosport.com; hxxps://www.global-sport.cz; hxxps://www.lavuelta.es; hxxps://www.megaknihy.cz; hxxps://www.nasejablonecko.cz; hxxps://www.semena-marihuany.cz
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\o\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-12-15]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\o\AppData\Local\Google\Chrome\User Data\System Profile [2024-11-09]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2671679121-1364000227-736312402-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2023-06-27] (ESET, spol. s r.o. -> ESET)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5563760 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-30] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-05] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9484384 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-23] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_aa54f7a758543a0a\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-11-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [242168 2023-06-27] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121728 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98296 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [220520 2024-10-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [121864 2024-10-22] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [124456 2024-10-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [268568 2024-10-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [57872 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [87784 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [128552 2024-10-22] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [202856 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-03-24] (Malwarebytes Inc. -> Malwarebytes)
S3 qcusbwwan; C:\WINDOWS\System32\drivers\qcusbwwan.sys [557112 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 shimano64; C:\WINDOWS\System32\shimano64.sys [14848 2022-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135672 2023-06-27] (DESlock Limited -> DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\VLC media player.lnk"
Error Reading file: "C:\ProgramData\Desktop\UploaderForCiG.lnk"
Error Reading file: "C:\ProgramData\Desktop\Revo Uninstaller.lnk"
Error Reading file: "C:\ProgramData\Desktop\Pracujeme s pocitacem.pdf"
Error Reading file: "C:\ProgramData\Desktop\Picture Style Editor.lnk"
Error Reading file: "C:\ProgramData\Desktop\paint.net.lnk"
Error Reading file: "C:\ProgramData\Desktop\OpenOffice 4.1.5.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\Malwarebytes.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImageBrowser EX.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Photo Creations.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP DeskJet 5820 series.lnk"
Error Reading file: "C:\ProgramData\Desktop\Google Chrome.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\ESET Zabezpečené bankovnictví a prohlížení webu.lnk"
Error Reading file: "C:\ProgramData\Desktop\EOS Utility.lnk"
Error Reading file: "C:\ProgramData\Desktop\Double Commander.lnk"
Error Reading file: "C:\ProgramData\Desktop\Digital Photo Professional.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\CCleaner.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-03-24 18:25 - 2025-03-24 18:25 - 000002113 _____ C:\Users\o\Downloads\fixlist..txt
2025-03-24 18:20 - 2025-03-24 18:27 - 000000000 ____D C:\Users\o\Downloads\FRST-OlderVersion
2025-03-24 07:43 - 2025-03-24 07:43 - 000002139 _____ C:\Users\o\Download.txt
2025-03-24 07:20 - 2025-03-24 07:20 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-03-23 15:44 - 2025-03-23 15:44 - 008790880 _____ (Malwarebytes) C:\Users\o\Downloads\AdwCleaner.exe
2025-03-23 15:43 - 2025-03-23 15:43 - 000096238 _____ C:\Users\o\Desktop\5LQR_2mD.htm
2025-03-23 15:28 - 2025-03-23 15:28 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup(1).exe
2025-03-23 15:27 - 2025-03-24 18:32 - 000000000 ____D C:\Users\o\AppData\Local\Malwarebytes
2025-03-23 15:27 - 2025-03-23 15:30 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-03-23 15:27 - 2025-03-23 15:30 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-03-23 15:26 - 2025-03-23 15:29 - 000000000 ____D C:\Program Files\Malwarebytes
2025-03-23 15:25 - 2025-03-23 15:25 - 002834160 _____ (Malwarebytes) C:\Users\o\Downloads\MBSetup.exe
2025-03-23 15:22 - 2025-03-23 15:22 - 000170448 _____ C:\Users\o\Desktop\adwcleaner.htm
2025-03-23 12:49 - 2025-03-24 07:47 - 000039740 _____ C:\Users\o\Downloads\Addition.txt
2025-03-23 12:48 - 2025-03-24 18:32 - 000025676 _____ C:\Users\o\Downloads\FRST.txt
2025-03-23 12:46 - 2025-03-24 18:20 - 002404352 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2025-03-19 07:30 - 2025-03-20 07:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-12 07:19 - 2025-03-12 07:19 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-24 18:32 - 2019-01-15 16:30 - 000000000 ____D C:\FRST
2025-03-24 18:23 - 2022-02-08 16:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-24 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-24 18:09 - 2020-07-29 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-24 17:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-24 15:33 - 2018-08-05 09:15 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2025-03-24 12:25 - 2024-10-02 05:22 - 000000000 ____D C:\Users\o\AppData\Roaming\eM Client
2025-03-24 09:53 - 2018-08-05 09:58 - 000000000 ____D C:\Users\o\AppData\Local\D3DSCache
2025-03-24 08:00 - 2024-02-29 08:01 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2025-03-24 07:43 - 2020-07-29 12:54 - 000000000 ____D C:\Users\o
2025-03-24 07:25 - 2022-05-11 11:30 - 000713246 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-24 07:25 - 2022-05-11 11:30 - 000143964 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-24 07:25 - 2020-07-29 17:29 - 001683940 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-24 07:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-24 07:24 - 2021-12-17 07:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-24 07:23 - 2022-09-30 20:19 - 000003326 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-03-24 07:23 - 2022-09-30 20:19 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-03-24 07:21 - 2023-03-08 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2025-03-24 07:20 - 2020-07-29 17:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-24 07:20 - 2020-07-29 17:25 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-24 07:20 - 2018-08-05 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2025-03-23 15:56 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-23 15:27 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-03-23 08:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-23 07:49 - 2020-06-08 06:27 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-23 07:49 - 2020-06-08 06:27 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-20 21:51 - 2018-08-05 15:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-20 21:51 - 2018-08-05 15:13 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-20 15:41 - 2022-10-11 14:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-20 15:41 - 2020-07-29 17:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-20 07:08 - 2018-08-05 14:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-19 07:34 - 2021-10-09 11:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-03-19 07:34 - 2018-08-05 14:06 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-18 07:30 - 2021-12-14 07:41 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 17:30 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-18 07:30 - 2020-07-29 12:54 - 000002365 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-12 08:13 - 2022-05-05 05:59 - 000305408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-12 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-12 07:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-10 13:00 - 2018-08-05 09:25 - 000000000 ____D C:\ProgramData\Packages
2025-03-10 13:00 - 2018-08-05 09:18 - 000000000 ____D C:\Users\o\AppData\Local\Packages
2025-03-10 12:55 - 2018-08-05 09:19 - 000000000 ____D C:\Users\o\AppData\Local\PlaceholderTileLogoFolder
2025-03-08 07:03 - 2020-07-29 17:30 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 07:03 - 2020-07-29 17:30 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-04 07:14 - 2025-02-18 13:37 - 000003562 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2671679121-1364000227-736312402-1003
2025-03-03 07:40 - 2018-08-05 15:13 - 000000000 ____D C:\Program Files\CCleaner
2025-03-02 07:03 - 2020-07-29 17:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-02-26 08:35 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-26 08:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-26 08:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-26 08:16 - 2020-07-29 17:28 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-10-04 06:54 - 2022-10-04 06:54 - 000003584 _____ () C:\Users\o\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2024-12-15 09:57 - 2024-12-15 09:57 - 000000877 _____ () C:\Users\o\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“