VIRY.CZ

Ahoj, prosím o pomoc,
už před nějakou dobu jsem si všiml zpomalení Opery, což nevím jestli souvisí. Dnes mi win zahlasil nalez trojana, ale za chvili to změnil na to, že nic nenašel. Použil jsem 3 programy (v nazvu tématu),
které našly několik problémů. SpyHunter po scanování - Trojan.Lamer.CB, Trojan.Agent.ENA, HEUR.Malware.Malpack.Win32.Generic. Ostatní programy našly 2 další trojany. Jednoho jsem myslím v KasperskyVRT odstranil.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2025
Ran by Uživatel (administrator) on WIN-PBR78CABI5O (Micro-Star International Co., Ltd MS-7C02) (06-06-2025 22:54:41)
Running from C:\Users\Uživatel\Downloads\FRST64.exe
Loaded Profiles: Uživatel
Platform: Microsoft Windows 10 Home Version 22H2 19045.5854 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe ->) (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(explorer.exe ->) (ZONER software, a.s. -> ZONER software) C:\Users\Uživatel\AppData\Local\Programs\Zoner\ZPS X\binary\Program32\ZPSTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(services.exe ->) (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe
(services.exe ->) (RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe
(services.exe ->) (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio) C:\Program Files\PDFsam Enhanced 7\activation-service.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2410.13017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2504.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [180448 2019-07-30] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [746440 2018-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-25] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Users\Uživatel\AppData\Local\Programs\Zoner\ZPS X\binary\Program32\ZPSTRAY.EXE [804336 2020-12-02] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\Run: [MicrosoftEdgeAutoLaunch_83C387DA30640047C508B0EE92F9D83E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\Run: [Opera Browser Assistant] => C:\Users\Uživatel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3996064 2024-03-04] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [90457896 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\RunOnce: [Uninstall 25.085.0504.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\25.085.0504.0002" [0 2025-06-06] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\MountPoints2: {3d75fdca-2f8c-11ea-ac45-00d86116a3cf} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\MountPoints2: {822612cd-cbc3-11eb-acaa-00d86116a3cf} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\MountPoints2: {822612d5-cbc3-11eb-acaa-00d86116a3cf} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [36176 2016-09-20] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\PDFsam Enhanced 7 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\brand_solution_name_pdfpmon_v.6.11.0.7.dll [960120 2022-08-01] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\137.0.7151.69\Installer\chrmstp.exe [2025-06-06] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {E4C6330B-99E5-47E4-A7AD-032D4FF7E945} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {B59BF9E2-33A1-4334-87D7-225459C6FAEA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {23DF4D9B-83D7-4797-A6B0-DC6028B15CC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {571C9E01-83D6-49CF-8F88-E5743DC0B6B3} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Uživatel\Desktop\adwcleaner_8.0.6.exe /r (No File)
Task: {D03FFEDC-BD5A-4217-A053-1E624603B1E4} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [672064 2023-11-21] (Advanced Micro Devices Inc. -> )
Task: {004A3B7C-B9A8-4A9D-8A76-64F4A86C3164} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe -AMDLinkUpdate (No File)
Task: {1AD8D5B2-B621-4B8D-BC25-3D6D78980E8F} - System32\Tasks\Andrea Vacondio\PDFsam Enhanced 7\App Notification => C:\Program Files\PDFsam Enhanced 7\sam-launcher.exe [1868696 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
Task: {EC490771-7B44-4B08-900E-FF554F152EED} - System32\Tasks\Andrea Vacondio\PDFsam Enhanced 7\App Notification Logon => C:\Program Files\PDFsam Enhanced 7\sam-launcher.exe [1868696 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
Task: {1B51C472-E808-45B6-A673-AE5CBE36B326} - System32\Tasks\Andrea Vacondio\PDFsam Enhanced 7\Update => C:\Program Files\PDFsam Enhanced 7\sam.exe [3418520 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
Task: {1C70BA41-FD1B-4AED-93FB-83536CBECFFA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{65514811-E82F-4854-AD0D-A8C2D48DCEE5} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {02867E47-8569-4541-A98D-3D97375C7D25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB52D677-1C85-427D-A29D-86AB0D95AB6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2D5558A-8210-408D-86F3-F51678084C52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B377F453-502C-490D-A994-C80CD3D1036A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52102280-C32A-4EC0-B467-B2F18E5D089F} - System32\Tasks\ModifyLinkUpdate => "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" -UpdateCurrentUser (No File)
Task: {701FA523-6B72-45F3-9F48-5E40FB870D6A} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2039987659-3835639047-893020778-1002 => C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\OneDriveLauncher.exe [684880 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC6E4F48-5717-49D7-AEE0-7BB61BA19675} - System32\Tasks\Opera scheduled assistant Autoupdate 1582785698 => C:\Users\Uživatel\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Uživatel\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D7F81642-D767-4B26-8230-877288054FC2} - System32\Tasks\Opera scheduled Autoupdate 1567013306 => C:\Users\Uživatel\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [6071704 2025-05-28] (Opera Norway AS -> Opera Software)
Task: {B860D62A-8A8E-4B4E-81DD-1C22209486E9} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [728504 2023-08-04] (Advanced Micro Devices Inc. -> AMD)
Task: {69907014-DE23-4A1F-A706-84612AD33F19} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BD9B9F1A-29AC-429C-A8E6-6AF99BBD3894} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5E06797E-FAB1-47F9-AB17-C989DFE05457} - System32\Tasks\Zoner.Updater.S-1-5-21-2039987659-3835639047-893020778-1002 => C:\ProgramData\Zoner\Zoner.Installer.Core\updater.exe [1589568 2025-06-03] (ZONER a.s. -> ZONER a.s.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2039987659-3835639047-893020778-1002] => 185.211.193.174:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.5.254
Tcpip\..\Interfaces\{2273f300-ce63-42c9-b1f3-ee51f2729c56}: [DhcpNameServer] 192.168.5.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default [2025-06-06]
Edge Session Restore: Default -> is enabled.
Edge Extension: (AHA Music - Song Finder for Browser) - C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejfccgmelcclnoadalcepdmnpgcnglfc [2023-12-03]
Edge Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-03]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-06-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-31]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.333.2 -> C:\Program Files\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1.dll [2022-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.333.2 -> C:\Program Files\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2022-05-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default [2025-06-06]
CHR Extension: (Temporary Phone Number Generator) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepddifjfnckmfkheigcdfdeofjmahco [2024-02-19]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-06]
CHR Extension: (Dočasné telefonní číslo) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephafbplmnnoliangkcghhopgcincnec [2025-06-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-17]
CHR HKU\S-1-5-21-2039987659-3835639047-893020778-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-04] (Advanced Micro Devices Inc. -> AMD)
R3 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [145128 2024-09-05] (RCS LT UAB -> RCS LT)
R3 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [152296 2024-09-05] (RCS LT UAB -> RCS LT)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-30] (ESET, spol. s r.o. -> ESET)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [17987096 2025-06-06] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-03-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3445560 2020-03-21] (Electronic Arts, Inc. -> Electronic Arts)
R3 PDFsam Enhanced 7; C:\Program Files\PDFsam Enhanced 7\activation-service.exe [3210648 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S3 PDFsam Enhanced 7 Creator; C:\Program Files\PDFsam Enhanced 7\creator-ws.exe [514456 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S3 PDFsam Enhanced 7 Update Service; C:\Program Files\PDFsam Enhanced 7\update-service.exe [267672 2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [2540568 2025-06-06] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51224 2016-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ahcix64s; C:\WINDOWS\System32\drivers\ahcix64s.sys [293720 2012-12-10] (Promise Technology, Inc. -> Advanced Micro Devices, Inc)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [58136 2018-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800672 2023-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [149144 2019-07-30] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [102464 2019-07-30] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2019-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [189232 2019-07-30] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50488 2019-07-30] (ESET, spol. s r.o. -> ESET)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [84640 2025-06-06] (Microsoft Windows Hardware Compatibility Publisher -> EnigmaSoft Limited)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [76896 2019-07-30] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [113336 2019-07-30] (ESET, spol. s r.o. -> ESET)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
S3 ibtuart; C:\WINDOWS\System32\drivers\ibtuart.sys [756464 2016-09-03] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 IFCoEMP; C:\WINDOWS\System32\drivers\ifM63x64.sys [494568 2016-10-07] (Intel(R) INTELND1617 -> Intel(R) Corporation)
S3 IFCoEVB; C:\WINDOWS\System32\drivers\ifp63x64.sys [198632 2016-10-07] (Intel(R) INTELND1617 -> Intel(R) Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
S3 MTsensor; C:\WINDOWS\System32\drivers\ASACPI.sys [15416 2009-07-16] (ASUSTeK Computer Inc. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-06 22:39 - 2025-06-06 22:55 - 000023467 _____ C:\Users\Uživatel\Downloads\FRST.txt
2025-06-06 22:04 - 2025-06-06 22:05 - 002405888 _____ (Farbar) C:\Users\Uživatel\Downloads\FRST64.exe
2025-06-06 21:24 - 2025-06-06 21:24 - 000000000 ____D C:\Users\Uživatel\AppData\Local\RCS_LT
2025-06-06 21:23 - 2025-06-06 21:30 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
2025-06-06 21:23 - 2025-06-06 21:23 - 000001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2025-06-06 21:23 - 2025-06-06 21:23 - 000001960 _____ C:\Users\Public\Desktop\Combo Cleaner.lnk
2025-06-06 19:57 - 2025-06-06 21:30 - 000000000 ____D C:\KVRT2020_Data
2025-06-06 19:56 - 2025-06-06 19:56 - 003607328 _____ (RCS LT) C:\Users\Uživatel\Downloads\CCSetup.exe
2025-06-06 19:55 - 2025-06-06 19:56 - 115069800 _____ (AO Kaspersky Lab) C:\Users\Uživatel\Downloads\KVRT.exe
2025-06-06 19:43 - 2025-06-06 19:43 - 000001086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2025-06-06 19:43 - 2025-06-06 19:43 - 000001062 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2025-06-06 19:43 - 2025-06-06 19:43 - 000000000 ____D C:\sh5ldr
2025-06-06 19:43 - 2025-06-06 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2025-06-06 19:43 - 2025-06-06 19:43 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2025-06-06 19:43 - 2025-06-06 19:43 - 000000000 ____D C:\Program Files\EnigmaSoft
2025-06-06 19:41 - 2025-06-06 19:41 - 007287832 _____ (EnigmaSoft Limited) C:\Users\Uživatel\Downloads\SpyHunter-5.20-103-12123-Installer.exe
2025-06-05 13:28 - 2025-06-05 13:28 - 000001098 _____ C:\Users\Uživatel\Downloads\francieproblemy.txt
2025-06-03 11:39 - 2025-06-03 11:39 - 000027888 _____ C:\Users\Uživatel\Downloads\ona.jpeg
2025-06-01 20:03 - 2025-06-01 20:03 - 000211904 _____ C:\Users\Uživatel\Downloads\media.webp
2025-05-24 22:39 - 2025-05-24 22:39 - 000104001 _____ C:\Users\Uživatel\Downloads\Hellboy.2019.1080p.BluRay.H264.AAC-RARBG.srt
2025-05-24 19:24 - 2025-05-24 20:23 - 1259730345 _____ C:\Users\Uživatel\Downloads\Hellboy (2019) CZ titulky.mkv
2025-05-24 18:08 - 2025-05-24 18:08 - 000249080 _____ (Gen Digital Inc.) C:\Users\Uživatel\Downloads\online_instalační_soubor_aplikace_avast_free_antivirus.exe
2025-05-14 08:55 - 2025-05-14 08:55 - 000022680 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 08:55 - 2025-05-14 08:55 - 000022680 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-05-14 08:49 - 2025-05-14 08:49 - 000000000 ___HD C:\$WinREAgent
2025-05-13 17:32 - 2025-05-13 17:32 - 002783764 _____ C:\Users\Uživatel\Downloads\pdfkaufland.pdf
2025-05-12 18:27 - 2025-05-12 18:27 - 000124416 _____ C:\Users\Uživatel\Downloads\vyuka_bak._a_mag._neuroticke_poruchy.ppt
2025-05-12 18:23 - 2025-05-12 18:23 - 000440634 _____ C:\Users\Uživatel\Downloads\130720-DB73035.pdf
2025-05-12 18:21 - 2025-05-12 18:21 - 000332062 _____ C:\Users\Uživatel\Downloads\PS.pdf
2025-05-11 20:43 - 2025-05-11 20:43 - 000607671 _____ C:\Users\Uživatel\Downloads\DPTX_2009_2_11210_0_129699_0_87169.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-06 22:54 - 2020-06-11 14:56 - 000000000 ____D C:\FRST
2025-06-06 22:50 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-06 22:09 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-06-06 22:03 - 2025-02-06 10:38 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2039987659-3835639047-893020778-1002
2025-06-06 22:03 - 2021-12-12 23:32 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2039987659-3835639047-893020778-1002
2025-06-06 22:03 - 2020-08-26 01:04 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2039987659-3835639047-893020778-1002
2025-06-06 22:03 - 2020-08-26 00:59 - 000002393 _____ C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-06 22:02 - 2019-07-31 01:28 - 000000000 ____D C:\Users\Uživatel\AppData\Local\D3DSCache
2025-06-06 21:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-06-06 21:27 - 2020-08-26 01:06 - 001693816 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-06-06 21:27 - 2019-12-07 16:41 - 000716932 _____ C:\WINDOWS\system32\perfh005.dat
2025-06-06 21:27 - 2019-12-07 16:41 - 000145110 _____ C:\WINDOWS\system32\perfc005.dat
2025-06-06 21:23 - 2023-04-24 16:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-06-06 21:20 - 2020-08-26 01:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-06-06 21:20 - 2020-08-26 00:59 - 000008192 ___SH C:\DumpStack.log.tmp
2025-06-06 21:20 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-06-06 21:20 - 2019-07-24 19:01 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-06-06 21:12 - 2021-07-10 22:50 - 000000000 ____D C:\Users\Uživatel\Desktop\Photoshop_CS2
2025-06-06 18:17 - 2020-08-26 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-06-06 04:21 - 2021-12-18 02:04 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-06-06 03:31 - 2024-02-17 14:08 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-06-06 03:31 - 2024-02-17 14:08 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-06-05 14:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-05 13:32 - 2020-06-04 06:46 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-05 13:32 - 2019-07-31 01:28 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Packages
2025-06-03 19:37 - 2020-08-26 01:04 - 000004290 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1567013306
2025-06-03 19:37 - 2019-08-28 19:28 - 000001466 _____ C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2025-06-03 19:36 - 2021-01-19 18:12 - 000000000 ____D C:\ProgramData\Zoner
2025-06-01 05:02 - 2023-10-10 00:37 - 000000000 ____D C:\Program Files\RUXIM
2025-05-29 09:59 - 2024-08-01 09:34 - 000000000 ____D C:\Users\Uživatel\Desktop\1.8.2024 ŽIVOTOPIS
2025-05-24 18:34 - 2022-11-23 21:31 - 000000000 ____D C:\Users\Uživatel\AppData\Local\CrashDumps
2025-05-24 18:34 - 2020-03-20 18:22 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\uTorrent
2025-05-24 17:18 - 2019-07-31 17:16 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Microsoft\MMC
2025-05-22 03:30 - 2018-05-31 14:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-19 18:25 - 2020-08-26 01:04 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-19 18:25 - 2020-08-26 01:04 - 000003514 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-18 15:21 - 2022-08-01 09:33 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-05-18 15:21 - 2022-08-01 09:31 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\PDFsam Enhanced 7
2025-05-17 00:15 - 2020-08-26 00:59 - 000269256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-05-17 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-17 00:14 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2025-05-14 09:00 - 2019-07-30 19:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-14 08:58 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-14 08:58 - 2019-07-30 19:49 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-14 08:55 - 2020-08-26 01:04 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2005-03-09 04:07 - 2005-03-09 04:07 - 000630784 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\ACE.dll
2005-02-11 13:45 - 2005-02-11 13:45 - 000013842 _____ () C:\Program Files (x86)\Activation ReadMe.htm
2005-03-09 17:59 - 2005-03-09 17:59 - 001560169 _____ (Adobe Systems, Inc.) C:\Program Files (x86)\AdobeLM.dll
2005-03-22 05:49 - 2005-03-22 05:49 - 000287232 _____ (Adobe Systems) C:\Program Files (x86)\Adobelmsvc Installer.dll
2005-03-03 15:39 - 2005-03-03 15:39 - 000425984 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\AdobeUpdater.dll
2005-03-09 04:17 - 2005-03-09 04:17 - 000475136 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\AdobeXMP.dll
2005-02-07 08:45 - 2005-02-07 08:45 - 000005632 _____ (IBM Corporation and others) C:\Program Files (x86)\agldt28l.dll
2005-03-13 12:01 - 2005-03-13 12:01 - 001805824 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\AGM.dll
2005-03-09 04:07 - 2005-03-09 04:07 - 000266240 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\ARE.dll
2004-08-24 15:55 - 2004-08-24 15:55 - 000126976 _____ (Adobe Systems Inc.) C:\Program Files (x86)\asneu.dll
2005-03-09 04:32 - 2005-03-09 04:32 - 000151552 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\AXE16SharedExpat.dll
2005-03-09 04:32 - 2005-03-09 04:32 - 000151552 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\AXE8SharedExpat.dll
2005-03-09 04:07 - 2005-03-09 04:07 - 000180224 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\Bib.dll
2005-03-09 04:07 - 2005-03-09 04:07 - 000217088 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\BIBUtils.dll
2005-03-09 04:07 - 2005-03-09 04:07 - 002162688 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\CoolType.dll
2005-02-10 13:36 - 2005-02-10 13:36 - 000143360 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\epic_eula.dll
2005-01-18 12:31 - 2005-01-18 12:31 - 000114688 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\epic_pers.dll
2005-01-19 14:31 - 2005-01-19 14:31 - 000155648 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\epic_regs.dll
2005-02-08 13:43 - 2005-02-08 13:43 - 000045056 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\eularesen_US.dll
2005-02-17 11:28 - 2005-02-17 11:28 - 000663552 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\FileInfo.dll
2005-03-22 03:41 - 2005-03-22 03:41 - 019980288 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\ImageReady.exe
2021-07-10 22:52 - 2021-07-10 22:52 - 000000820 _____ () C:\Program Files (x86)\install.adb
2005-02-15 02:03 - 2005-02-15 02:03 - 000561152 _____ (Adobe system Incorporated) C:\Program Files (x86)\JP2KLib.dll
2005-02-25 13:50 - 2005-02-25 13:50 - 000157035 _____ () C:\Program Files (x86)\LegalNotices.pdf
2004-06-22 12:57 - 2004-06-22 12:57 - 000589824 _____ (IBM Corporation and others) C:\Program Files (x86)\libagluc28.dll
2005-03-10 20:31 - 2005-03-10 20:31 - 003715072 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\MPS.dll
2000-08-29 00:19 - 2000-08-29 00:19 - 000401462 _____ (Microsoft Corporation) C:\Program Files (x86)\MSVCP60.DLL
2003-05-08 18:34 - 2003-05-08 18:34 - 000499712 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp71.dll
2003-05-08 18:32 - 2003-05-08 18:32 - 000348160 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr71.dll
1999-02-02 00:00 - 1999-02-02 00:00 - 000266293 _____ (Microsoft Corporation) C:\Program Files (x86)\Msvcrt.dll
2005-03-13 13:10 - 2005-03-13 13:10 - 004096000 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\PDFL70.dll
2005-01-12 14:23 - 2005-01-12 14:23 - 000180224 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\pdfsettings.dll
2005-02-08 13:43 - 2005-02-08 13:43 - 000049152 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\persresen_US.dll
2005-03-01 16:46 - 2005-03-01 16:46 - 000045486 _____ () C:\Program Files (x86)\Photoshop Read Me.wri
2005-03-22 03:48 - 2005-03-22 03:48 - 001323008 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\Photoshop.dll
2005-03-22 04:29 - 2005-03-22 04:29 - 019533824 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\Photoshop.exe
2005-02-17 18:34 - 2005-02-17 18:34 - 024971130 _____ () C:\Program Files (x86)\Photoshop_9.0_en-us.zip
2005-03-22 03:13 - 2005-03-22 03:13 - 000041984 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\Plugin.dll
2005-03-22 03:48 - 2005-03-22 03:48 - 002142208 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\PSArt.dll
2005-03-22 03:48 - 2005-03-22 03:48 - 001748992 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\PSViews.dll
2005-03-16 18:57 - 2005-03-16 18:57 - 000061440 _____ (Adobe Systems Incorporated) C:\Program Files (x86)\regsresen_US.dll
1999-12-03 06:01 - 1999-12-03 06:01 - 000022800 _____ (Microsoft Corporation) C:\Program Files (x86)\Shfolder.dll
2005-03-22 03:43 - 2005-03-22 03:43 - 001144622 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\Tw10122.dat
2005-03-22 03:48 - 2005-03-22 03:48 - 000150644 _____ () C:\Program Files (x86)\TypeLibrary.tlb
2005-03-08 07:23 - 2005-03-08 07:23 - 004153344 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\VersionCue.dll
2005-03-08 07:23 - 2005-03-08 07:23 - 003170304 _____ (Adobe Systems, Incorporated) C:\Program Files (x86)\VersionCueUI.dll
2020-12-19 22:19 - 2023-04-26 10:59 - 000000684 _____ () C:\Users\Uživatel\AppData\Roaming\OEMSDKHASH.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2025
Ran by Uživatel (06-06-2025 22:55:36)
Running from C:\Users\Uživatel\Downloads
Microsoft Windows 10 Home Version 22H2 19045.5854 (X64) (2020-08-25 23:04:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2039987659-3835639047-893020778-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2039987659-3835639047-893020778-503 - Limited - Disabled)
Guest (S-1-5-21-2039987659-3835639047-893020778-501 - Limited - Disabled)
Uživatel (S-1-5-21-2039987659-3835639047-893020778-1002 - Administrator - Enabled) => C:\Users\Uživatel
WDAGUtilityAccount (S-1-5-21-2039987659-3835639047-893020778-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3.26837 - emc, uTorrent.CZ)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AKVIS Magnifier AI (HKLM\...\{52AE08DB-B40C-4459-B22B-696E7FB736D0}) (Version: 11.0.1466.20875 - AKVIS) Hidden
AKVIS Magnifier AI (HKLM-x32\...\{1099068d-d346-4156-a26a-6e77a89031bc}) (Version: 11.0.1466.20875 - AKVIS)
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.12.0.2806 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.12.0.2806 - Advanced Micro Devices, Inc.)
ApowerRecover (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - Apowersoft)
Audacity 3.4.2 (HKLM\...\Audacity_is1) (Version: 3.4.2 - Audacity Team)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.67.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.67.0 - RCS LT)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 9.08 - NCH Software)
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
ESET Security (HKLM\...\{37E67F0A-50BB-430A-A2A5-F5E2F6EE96DB}) (Version: 12.2.23.0 - ESET, spol. s r.o.)
Flashback Express 6 (HKLM\...\{7FE4CA6B-BBC7-4763-B10E-3F6D016EBFE3}) (Version: 6.13.0.467 - Blueberry Software)
GetDataBack Simple version 5.00 (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}_is1) (Version: 5.00 - Runtime Software, LLC)
GetFLV 30.2210.22 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 137.0.7151.69 - Google LLC)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
iSkysoft Data Recovery(Build 5.0.0.9) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 5.0.0.9 - iSkysoft Software Co.,Ltd.)
Java 8 Update 333 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180333F0}) (Version: 8.0.3330.2 - Oracle Corporation)
Kingsoft Office 2013 (9.1.0.4480) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4480 - Kingsoft Corp.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\OneDriveSetup.exe) (Version: 25.091.0512.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Movavi Screen Recorder 23 (HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\Movavi Screen Recorder 23) (Version: 23.1.0 - Movavi)
Opera Stable 119.0.5497.56 (HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\Opera 119.0.5497.56) (Version: 119.0.5497.56 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.65.38147 - Electronic Arts, Inc.)
PDF Juggler (HKLM\...\{0D65ECB4-F48D-39DD-BF56-DAF948B3961C}) (Version: 1.0 - Paolo Bernardi)
PDF Reader for Windows 10 (HKLM\...\PDF Reader for Windows 10_is1) (Version: - PDFLogic Corporation)
PDF to PDF 3.0 (HKLM-x32\...\PDF to PDF_is1) (Version: - Best PDF Tools)
PDFChef 2022 (HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\PDFChef 2022) (Version: 22.2.0 - Movavi)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PDFsam Enhanced 7 (HKLM-x32\...\PDFsam Enhanced 7) (Version: 7.0.70.1815 - Sober Lemur S.a.s. di Vacondio Andrea)
PDFsam Enhanced 7 Edit Module (HKLM\...\{63380AAA-0783-42BC-B807-471E0BC00907}) (Version: 7.0.70.15196 - Andrea Vacondio) Hidden
PDFsam Enhanced 7 View Module (HKLM\...\{A1DD96C4-2ADF-4A7E-AA8B-D9362106B553}) (Version: 7.0.70.15196 - Andrea Vacondio) Hidden
PDFTools Version 1.3 (08/26/2007) (HKLM-x32\...\PDFTools_is1) (Version: 1.3 - www.SheelApps.com - Sheel Khanna)
PhotoRestorer (HKLM-x32\...\PhotoRestorer_is1) (Version: 2.1 - PhotoRestorer)
PhotoWorks 16.5 (HKLM-x32\...\{56427331-F94A-4C86-9C96-C8928EB5478B}_is1) (Version: 16.5 - AMS Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8470 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.54 - Piriform)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version: - SafeIP)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.20.7.361 - EnigmaSoft Limited)
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 9.0.0.5 - Stellar Information Technology Pvt Ltd.)
Swapface 1.1.0 (HKLM\...\ba6e16a1-8594-5664-9ccb-2a68630cd5db) (Version: 1.1.0 - Swapface)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 10.51 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wise Data Recovery 5.1.8 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 5.1.8 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Recoverit(Build 9.0.10.11) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 9.0.10.11 - Wondershare Software Co.,Ltd.)
Zoner Photo Studio X CS (HKU\S-1-5-21-2039987659-3835639047-893020778-1002\...\ZPS X) (Version: 19.2009.2.286 - ZONER software)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-13] ()
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_10.1.2.0_x64__kgqvnymyfvs32 [2025-04-29] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_4.12.0.0_x64__kgqvnymyfvs32 [2025-05-22] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3041.1.0_x64__kgqvnymyfvs32 [2025-06-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-09-15] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-05-11] (Microsoft Corporation) [MS Ad]
Pomocník pro hry v Microsoft Edgi -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-06-05] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-04-24] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-07] (Skype)
Spotify – hudba a podcasty -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0 [2025-06-05] (Spotify AB) [Startup Task]
Temp Phone Number - Unlimited Texting -> C:\Program Files\WindowsApps\44500SecurityDevelopment.22613CA272AF9_1.1.3.0_x64__bwnhf38m94m8e [2024-09-21] (SecurityDevelopment)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2022-05-11] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2039987659-3835639047-893020778-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2039987659-3835639047-893020778-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2039987659-3835639047-893020778-1002_Classes\CLSID\{60349223-D450-4318-A9C7-63C42F5DA6A4}\InprocServer32 -> C:\Program Files (x86)\PhotoWorks\ShellMenu64.dll (AMS Software -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PDFsamEnhanced7_ManagerExt] -> {91D6DCFE-A19D-41CC-8940-46C21D26CF83} => C:\Program Files\PDFsam Enhanced 7\context-menu.dll [2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2024-05-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2024-05-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2039987659-3835639047-893020778-1002: [!PhotoWorks] -> {60349223-D450-4318-A9C7-63C42F5DA6A4} => C:\Program Files (x86)\PhotoWorks\ShellMenu64.dll [2019-02-21] (AMS Software -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-15 21:13 - 2019-08-15 21:13 - 001265664 _____ () [File not signed] C:\Program Files (x86)\Combo Cleaner\runtimes\win-x64\native\e_sqlite3.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-06-28 18:32 - 2019-06-28 18:32 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-06-30 14:37 - 2020-06-30 14:37 - 000460288 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDFsam Enhanced 7\libcurl.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-03-21 09:44 - 2020-03-21 09:44 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-08-16 12:49 - 2019-08-16 12:49 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E2FFC7FB [101]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_333\bin\ssv.dll [2022-05-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_333\bin\jp2ssv.dll [2022-05-16] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2020-07-11 08:25 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2039987659-3835639047-893020778-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.5.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C86DA7B4-E9B3-47D9-ADD9-CE0D2053E6E9}] => (Allow) LPort=57209
FirewallRules: [{F9B3C67C-6082-4132-BA22-87A6BC8DF3F1}] => (Allow) LPort=57209
FirewallRules: [{AFF9425C-B91A-4B60-B4FB-CA321EA99093}] => (Allow) C:\Program Files (x86)\Apowersoft\RecCloud LightEditor\RecCloud LightEditor.exe => No File
FirewallRules: [{5D8F4500-C7CA-4433-B8E9-997E2D59D7E8}] => (Allow) C:\Program Files (x86)\Apowersoft\RecCloud LightEditor\RecCloud LightEditor.exe => No File
FirewallRules: [TCP Query User{AB25022E-695B-427D-BBF5-EBF523749399}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B9559D74-6984-4657-8A6F-8A7FB3E8EB0A}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{A32C0399-BCA9-48E7-8C2C-A59DE282FEBA}] => (Block) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{3B156A1A-E348-4033-9BFB-701F61EDE818}] => (Block) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{5D987AE6-A04B-494D-AA2C-332F20229093}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{EAA43015-4862-40D0-B70D-511D2F504606}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{1AD64E30-F583-4E8B-B418-294DD1DAE82E}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{32C03372-2E32-4E2C-86F4-5A74EA94A13C}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{2E229576-192E-4532-8E61-B5B0291BCC62}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{DF0C41EA-5D6E-4CE6-B373-F6556AB3EFD5}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [TCP Query User{271FED48-C698-44A7-BAF8-291F707B0BF1}C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CF74010D-1E9C-43EE-AE0A-AC66AE21D709}C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{0A71FB3F-D649-4C70-9182-BE27EFC3EF29}] => (Block) C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{35F513C9-DD93-4EAF-AFE5-59E358B8005E}] => (Block) C:\users\uživatel\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C0406FAD-AABA-49AF-A34C-8FD80D87CF13}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3FDD836A-B9A3-4DD5-97CB-B19303A5D59F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DF6D5128-637E-4039-BE54-035F64480FE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B9F04C23-27A8-4D07-9BFC-60E83617D3EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{05B9B4E6-4663-4F89-ABDC-D9E940CD9401}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4F4BC2E8-239C-435C-AC6F-E899A8EFEE80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6FD8B9AB-6B97-4A93-8842-596F4932050E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9214CCDE-B30D-4847-B64C-439A905EA9EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4C0C766A-5BBD-4024-84FC-6138774D2A57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C283BEC9-2CFA-4906-898E-1A038AFB9D70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{064FB0FD-3B8F-4D49-8E85-126A1A982321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AD4574D9-5674-4471-8C92-917B10156E0E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/04/2025 05:43:30 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (06/02/2025 10:51:41 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (06/01/2025 02:43:08 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (05/31/2025 02:40:08 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (05/29/2025 09:41:14 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (05/29/2025 10:33:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: WIN-PBR78CABI5O)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe-2147023878

Error: (05/25/2025 05:31:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..

Error: (05/25/2025 05:31:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]


System errors:
=============
Error: (06/06/2025 09:25:37 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/06/2025 09:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (06/06/2025 09:22:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (06/06/2025 09:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (06/06/2025 09:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (06/06/2025 09:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (06/06/2025 09:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (06/06/2025 09:19:46 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: Ovladač nelze vytvořit.


Windows Defender:
================
Date: 2025-06-06 22:12:14
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {F767B0B4-A2B2-48EE-AFA0-48E79F6CAF1F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: WIN-PBR78CABI5O\Uživatel
Důvod zastavení: Åъőřτèđ вŷ ŧħé ¢ŀϊэʼnť

Date: 2025-06-06 19:50:03
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Uživatel\AppData\Local\Temp\scoped_dir7192_1327410497\ai-image-enlarger-2.0.0-installer_oxE-dh1.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
Verze bezpečnostních informací: AV: 1.429.384.0, AS: 1.429.384.0, NIS: 1.429.384.0
Verze modulu: AM: 1.1.25040.1, NIS: 1.1.25040.1

Date: 2025-06-06 03:59:50
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {227DE6FE-7AC4-4A45-9FD3-14D1069E8648}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş

Date: 2025-06-05 08:49:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {FE33E6ED-8CC2-4CDD-85BE-8F15D4412276}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş

Date: 2025-06-02 03:42:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {3A4928A2-927C-453C-A02C-29C2B487A722}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Event[0]:

Date: 2024-09-01 09:08:45
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.417.404.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24070.3
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2025-06-06 22:12:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-06-06 21:22:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-06-06 20:57:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgChrome.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.90 07/05/2019
Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK (MS-7C02)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 47%
Total physical RAM: 16334.94 MB
Available physical RAM: 8515.34 MB
Total Virtual: 26574.94 MB
Available Virtual: 16031.3 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.84 GB) (Free:227.24 GB) (Model: ADATA SX8200PNP) NTFS
Drive d: () (Fixed) (Total:1863 GB) (Free:1861.85 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

\\?\Volume{c7f49039-b133-4901-82c5-f3b9c2cf4d3e}\ (Recovery tools) (Fixed) (Total:0.88 GB) (Free:0.26 GB) NTFS
\\?\Volume{9f346bfc-27e1-4a6d-b462-c34f261edc8b}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 8662B597)

Partition: GPT.

==================== End of Addition.txt =======================

Zdravím!
Spusťrte tuto utilitu:

l

ozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-07-2025
# Duration: 00:00:05
# OS: Windows 10 (Build 19045.5854)
# Scanned: 32101
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1433 octets] - [12/06/2020 17:39:11]
AdwCleaner[C00].txt - [1603 octets] - [12/06/2020 17:40:13]
AdwCleaner[S01].txt - [1528 octets] - [08/07/2020 11:55:52]
AdwCleaner[S02].txt - [1589 octets] - [08/07/2020 11:57:17]
AdwCleaner[C02].txt - [1779 octets] - [08/07/2020 11:57:38]
AdwCleaner[S03].txt - [2100 octets] - [07/06/2025 13:42:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

Podle ADW by mělo být čisto. Zkusíme ještě toto: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte , nechte pracovat a po ukočení akce smažte vše, co najde. Pozor, popis v odkazu se vztahuje ke starší verzi.

Nějak jsem přehlédl, že jste již AVPTool použil. V tom případě vyčistěte PC CCleanerem: https://www.ccleaner.com/cs-cz/ccleaner ... gJskvD_BwE a odinstalujte ESET.

Děkuji. Takže je asi pravděpodobné, že už jsem AVP programem ten balast už odstranil předtím, že?
Eset odinstalován, jestli se nepletu, tak už prošlá free verze stejně k ničemu nesloužila. Snad Win 10 bez aktualizací nejsou moc velké bezpečnostní riziko.
Ccleaner nainstalován. Akorát mi chce vyčistit skoro 3 GB historie v Opeře, já s tím zatím počkal, potřebuju si některé stránky z historie uložit.
Ještě jednou děkuji.

Ano, AVPTool odstraní více než 99% šmejdů. Má nevýhodu, že je poměrně pomalý. Avast odstraňuje cache (mezipměť) v prohlížečích. Chtěl jsem ji původně odstranit, i tam by ser mohl virus skrývat a navíc zpomaluje chod aplikace. Nemáte zač!