VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na virus

https://forum.viry.cz:443/viewtopic.php?t=160410

Stránka 1 z 1

Podezření na virus

Napsal: 30 čer 2025 07:32
od pavel123
Dobrý den,
včera jsem se koukal na video na iPrima a klikl jsem dole na liště videa na ikonku s otazníkem. krátce se objevilo cosi o měření a od té chvíle se notebook dramaticky zpomalil, několikrát jsem se snažil ho restartovat, hlásilo to i problém s Windows, pak se umoudřil natolik, že funguje na pohled normálně, ale v Tsak manageru vidím téměř pořád odesílání přes Wi-fi.
Popravdě nevím, jestli notebook něco neodesílá pořád, dokud nebyl ten včerejší problém, tak jsem to nezkoumal.
Raději posílám FRSR. RSIT jsem nedělal, mám Win 10.
Prosím o kontrolu logu a předem děkuji.
Pavel

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2025
Ran by trew1 (administrator) on DESKTOP-UM04K9K (HP HP Pavilion Gaming Laptop 15-ec2xxx) (30-06-2025 08:14:41)
Running from C:\Users\trew1\Desktop\FRST64.exe
Loaded Profiles: trew1
Platform: Microsoft Windows 10 Home Version 22H2 19045.5965 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AppleMobileDeviceProcess.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\BridgeCommunication.exe
(DriverStore\FileRepository\u0367686.inf_amd64_8619bf9fd6ff97a0\B366682\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367686.inf_amd64_8619bf9fd6ff97a0\B366682\atieclxx.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe
(explorer.exe ->) (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP DeskJet 5000 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <25>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367686.inf_amd64_8619bf9fd6ff97a0\B366682\atiesrxx.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_bdc4c744cf4529f4\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_f1b47696babae655\x64\OmenCap\OmenCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_5c197d2d97068bef\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b022f456c858acec\RtkAudUService64.exe <2>
(SlySoft, Inc.) [File not signed] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_b022f456c858acec\RtkAudUService64.exe [1269656 2021-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [292064 2025-05-12] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2704875781-386717825-2673586809-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966720 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2704875781-386717825-2673586809-1001\...\Run: [HP DeskJet 5000 (NET)] => C:\Program Files\HP\HP DeskJet 5000 series\Bin\ScanToPCActivationApp.exe [4065416 2018-04-19] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\137.0.7151.122\Installer\chrmstp.exe [2025-06-27] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk [2022-03-13]
ShortcutTarget: Akcelerátor spuštění AutoCADu.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc -> Autodesk, Inc)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7EFC8197-6FF8-4F86-9CD1-3F65DB1028C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {E44C2F62-D825-4172-9ED5-7C3013F0FCDC} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{CBA40BFB-96B9-40EB-A18E-66710EF3BC34} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {F61615A7-072F-40F1-9FE1-63E4B3664DF3} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-08] (HP Inc. -> HP Inc.)
Task: {35580093-43AE-4D0D-BAB6-A239C9166564} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-08] (HP Inc. -> HP Inc.)
Task: {6608CA28-E150-4366-9726-24188D3A4ADA} - System32\Tasks\HPCustParticipation HP DeskJet 5000 series => C:\Program Files\HP\HP DeskJet 5000 series\Bin\HPCustPartic.exe [6660744 2018-04-19] (Hewlett Packard -> HP Inc.)
Task: {B6F52653-6996-4759-812F-2715A8AADB2E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28952664 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBCC028D-DD8F-4AB5-9277-040244552F62} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [60392 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5B00D6B-7F62-4174-91D6-28FC341B1ECE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28952664 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {55989CE6-72F4-4A45-B18E-76ED07DBED41} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222688 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D9B70BB-53F0-4977-9793-9CBAA779019C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222688 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC7D044F-3515-48B2-BBF9-91CD19C6AB81} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222688 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A4F4192-8BDA-44D7-A278-8E62246939AD} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222688 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {1AEDFD6C-ADC0-42DF-8873-74E51B89BC2F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223784 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7A9F0D6-F6E9-47A0-A338-F40E5369ABD1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2704875781-386717825-2673586809-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223784 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A4F5C90-ABB2-44EB-B7B3-C8FA31FF1A9C} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2704875781-386717825-2673586809-1001 => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\OneDriveLauncher.exe [684352 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{35379157-0ba1-4a3f-aa4c-68d7027ab254}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35379157-0ba1-4a3f-aa4c-68d7027ab254}: [DhcpDomain] home
Tcpip\..\Interfaces\{c48cec14-6f9e-453e-8bb3-b4d27ff20075}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{c48cec14-6f9e-453e-8bb3-b4d27ff20075}\255646D69602E4F647560283020527F6: [DhcpNameServer] 192.168.43.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\trew1\AppData\Local\Microsoft\Edge\User Data\Default [2025-06-30]
Edge Extension: (Dokumenty Google offline) - C:\Users\trew1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-28]
Edge Extension: (Edge relevant text changes) - C:\Users\trew1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-12]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-06-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\trew1\AppData\Local\Google\Chrome\User Data\Default [2025-06-29]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\trew1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\trew1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\trew1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-06]
CHR HKU\S-1-5-21-2704875781-386717825-2673586809-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2022-03-13] (Autodesk, Inc -> Autodesk)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13725240 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5559152 2025-05-12] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4582480 2025-05-12] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4582480 2025-05-12] (ESET, spol. s r.o. -> ESET)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncHelper.exe [3620168 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\AppHelperCap.exe [928888 2025-05-06] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\DiagsCap.exe [927328 2025-05-06] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\NetworkCap.exe [923256 2025-05-06] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_f1b47696babae655\x64\OmenCap\OmenCap.exe [755152 2023-10-19] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-05-08] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f2bc3e822f15dc0b\x64\SysInfoCap.exe [928352 2025-05-06] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_bdc4c744cf4529f4\x64\TouchpointAnalyticsClientService.exe [631448 2025-03-26] (HP Inc. -> HP Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_5c197d2d97068bef\Display.NvContainer\NVDisplay.Container.exe [1275016 2024-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.105.0601.0002\OneDriveUpdaterService.exe [3873096 2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\system32\drivers\AmUStorU.sys [143904 2020-05-11] (Alcorlink Corp. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [227224 2025-05-12] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [121816 2025-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [266944 2025-05-12] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [57304 2025-05-12] (ESET, spol. s r.o. -> ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [86200 2025-05-12] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [128512 2025-05-12] (ESET, spol. s r.o. -> ESET)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [33464 2018-12-19] (HP Inc. -> HP Inc.)
S3 Ser2pl; C:\Windows\system32\DRIVERS\ser2pl64.sys [328784 2023-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-18] (Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus; C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_8a927fc43d8a7838\x64\ViGEmBus.sys [91432 2020-04-21] (HP Inc. -> Benjamin Hoeglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-30 08:14 - 2025-06-30 08:15 - 000020668 _____ C:\Users\trew1\Desktop\FRST.txt
2025-06-30 08:14 - 2025-06-30 08:15 - 000000000 ____D C:\FRST
2025-06-30 08:11 - 2025-06-30 08:12 - 002407936 _____ (Farbar) C:\Users\trew1\Desktop\FRST64.exe
2025-06-29 23:14 - 2025-06-29 23:14 - 996698027 _____ C:\Windows\MEMORY.DMP
2025-06-29 23:14 - 2025-06-29 23:14 - 001430884 _____ C:\Windows\Minidump\062925-9062-01.dmp
2025-06-27 21:30 - 2025-06-27 21:30 - 000000090 _____ C:\logUploaderSettings_temp.ini
2025-06-27 21:30 - 2025-06-27 21:30 - 000000090 _____ C:\logUploaderSettings.ini
2025-06-23 14:31 - 2025-06-23 14:31 - 000000000 ____D C:\Users\trew1\AppData\Local\FreeCAD
2025-06-23 14:23 - 2025-06-23 14:23 - 000001930 _____ C:\Users\Public\Desktop\FreeCAD 1.0.lnk
2025-06-23 14:23 - 2025-06-23 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 1.0
2025-06-23 14:21 - 2025-06-23 14:23 - 000000000 ____D C:\Program Files\FreeCAD 1.0
2025-06-23 13:33 - 2025-06-23 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2025-06-23 13:33 - 2025-06-23 13:33 - 000000000 ____D C:\Program Files\7-Zip
2025-06-23 13:32 - 2025-06-23 13:33 - 000000000 ____D C:\Users\trew1\Documents\ZIP
2025-06-23 13:27 - 2025-06-23 14:19 - 000000000 ____D C:\Users\trew1\Documents\FreeCAD
2025-06-23 13:27 - 2025-06-23 13:27 - 000000000 ____D C:\Users\trew1\Documents\Nová složka
2025-06-13 21:35 - 2025-06-13 21:35 - 000000000 ___HD C:\$WinREAgent
2025-06-11 17:39 - 2025-06-11 17:41 - 000000000 ____D C:\Users\trew1\Documents\Máma
2025-06-11 17:28 - 2025-06-11 17:28 - 000000000 ____D C:\Users\trew1\Documents\Fax
2025-06-08 13:04 - 2025-06-08 13:04 - 007754473 _____ C:\Users\trew1\Downloads\navod-na-pouziti.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-30 08:12 - 2022-05-11 13:38 - 000714500 _____ C:\Windows\system32\perfh005.dat
2025-06-30 08:12 - 2022-05-11 13:38 - 000144182 _____ C:\Windows\system32\perfc005.dat
2025-06-30 08:12 - 2022-03-06 13:55 - 000005620 _____ C:\Windows\system32\PerfStringBackup.INI
2025-06-30 08:09 - 2022-03-06 14:03 - 000000000 ___RD C:\Users\trew1\OneDrive
2025-06-30 08:09 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-30 08:07 - 2022-03-06 13:57 - 000000000 ____D C:\ProgramData\NVIDIA
2025-06-30 08:07 - 2022-03-06 13:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-06-30 08:07 - 2022-03-06 13:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-06-30 08:07 - 2021-06-25 20:10 - 000008192 ___SH C:\DumpStack.log.tmp
2025-06-29 23:14 - 2022-07-22 16:08 - 000000000 ____D C:\Windows\Minidump
2025-06-29 23:14 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2025-06-29 23:12 - 2022-03-06 13:57 - 000000000 ____D C:\Users\trew1
2025-06-29 23:08 - 2022-04-01 13:42 - 000000000 ____D C:\Windows\SystemTemp
2025-06-29 23:08 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2025-06-29 23:03 - 2022-03-06 15:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-06-29 23:03 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-29 23:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2025-06-29 23:02 - 2022-03-26 11:12 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-06-29 23:02 - 2022-03-06 14:01 - 000000000 ____D C:\Users\trew1\AppData\Local\Packages
2025-06-29 20:02 - 2022-03-06 13:49 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-29 20:02 - 2022-03-06 13:49 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-06-28 00:24 - 2022-03-06 15:00 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-06-28 00:24 - 2022-03-06 15:00 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-06-27 21:30 - 2025-02-07 21:06 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2704875781-386717825-2673586809-1001
2025-06-27 21:30 - 2022-03-22 12:32 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-06-27 21:30 - 2022-03-22 12:32 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-27 21:30 - 2022-03-06 14:03 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2704875781-386717825-2673586809-1001
2025-06-27 20:03 - 2022-03-29 15:37 - 000000000 ____D C:\Users\trew1\AppData\Roaming\Microsoft\Excel
2025-06-27 19:55 - 2022-03-13 12:29 - 000000000 ____D C:\Users\trew1\Documents\Byt_SVJ_Údržba v domě
2025-06-23 22:31 - 2025-02-04 21:07 - 000000000 ____D C:\Users\trew1\AppData\Local\LightBurn
2025-06-23 16:07 - 2024-03-07 15:51 - 000000000 ____D C:\Users\trew1\AppData\Local\CrashDumps
2025-06-23 15:06 - 2022-09-21 14:41 - 000000000 ____D C:\Users\trew1\AppData\Roaming\FreeCAD
2025-06-23 14:10 - 2022-09-18 18:24 - 000000000 ____D C:\Users\trew1\AppData\Local\cache
2025-06-22 15:12 - 2022-03-06 15:05 - 000000000 ____D C:\Users\trew1\AppData\Roaming\vlc
2025-06-15 23:08 - 2022-03-06 14:01 - 000000000 ____D C:\Users\trew1\AppData\Local\D3DSCache
2025-06-14 06:42 - 2023-06-17 01:08 - 000000000 ____D C:\Users\trew1\AppData\Local\Notepad
2025-06-14 00:16 - 2022-11-08 22:47 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-06-14 00:16 - 2022-11-08 22:47 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-06-14 00:16 - 2022-08-03 21:08 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-06-14 00:02 - 2022-05-29 19:57 - 000428304 _____ C:\Windows\system32\FNTCACHE.DAT
2025-06-14 00:01 - 2024-07-11 02:18 - 000000000 ____D C:\Windows\system32\compatrel
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2025-06-14 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2025-06-13 21:47 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2025-06-13 21:44 - 2022-03-06 13:52 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-06-13 21:35 - 2022-03-15 13:06 - 000000000 ____D C:\Windows\system32\MRT
2025-06-13 21:28 - 2022-03-15 13:06 - 216824056 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-06-13 14:39 - 2022-09-14 17:09 - 000000000 ____D C:\Users\trew1\AppData\Roaming\PrusaSlicer
2025-06-11 18:22 - 2022-03-21 13:56 - 000000000 ____D C:\Users\trew1\AppData\Roaming\Microsoft\Word
2025-06-11 17:35 - 2023-12-18 16:22 - 000000000 ___RD C:\Users\trew1\Documents\Scanned Documents
2025-06-11 17:25 - 2025-03-26 23:19 - 000001717 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2025-06-07 20:30 - 2025-02-01 22:18 - 000000000 ____D C:\Users\trew1\Documents\Výlety

==================== Files in the root of some directories ========

2024-12-27 19:25 - 2024-12-27 19:25 - 000006102 _____ () C:\Program Files (x86)\unins000.dat
2024-12-27 19:25 - 2024-12-27 19:25 - 000905381 _____ () C:\Program Files (x86)\unins000.exe
2022-06-15 08:37 - 2022-08-02 21:07 - 000000745 _____ () C:\Users\trew1\AppData\Local\CastleLinkProps.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Podezření na virus

Napsal: 30 čer 2025 07:44
od Rudy
Zdravím! Ještě potřebuji vidět log Addition. Je na ploše v souboru addition.txt. Děkuji.

Re: Podezření na virus

Napsal: 30 čer 2025 08:16
od pavel123
Omlouvám se, měl jsem za to, že jsem ho vložil do 2. příspěvku, ale asi jsem ho neodeslal. Tady je:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2025
Ran by trew1 (30-06-2025 08:16:11)
Running from C:\Users\trew1\Desktop
Microsoft Windows 10 Home Version 22H2 19045.5965 (X64) (2022-03-06 11:51:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2704875781-386717825-2673586809-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2704875781-386717825-2673586809-503 - Limited - Disabled)
Guest (S-1-5-21-2704875781-386717825-2673586809-501 - Limited - Disabled)
trew1 (S-1-5-21-2704875781-386717825-2673586809-1001 - Administrator - Enabled) => C:\Users\trew1
WDAGUtilityAccount (S-1-5-21-2704875781-386717825-2673586809-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 24.09 (x64) (HKLM\...\7-Zip) (Version: 24.09 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20531 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AutoCAD 2007 - Český (HKLM-x32\...\{5783F2D7-5001-0405-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Autodesk Fusion 360 (HKU\S-1-5-21-2704875781-386717825-2673586809-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.14793 - Autodesk, Inc.)
Balíček ovladače systému Windows - Silicon Laboratories Inc. (silabser) Ports (01/08/2021 10.1.10.103) (HKLM\...\CD5610A5B20340323714AD1BA203E97E99E80C9A) (Version: 01/08/2021 10.1.10.103 - Silicon Laboratories Inc.)
Castle Link (HKLM-x32\...\{0BFFE9F8-D7A0-42EC-A72F-821D358971C5}) (Version: 3.85.00 - Castle Creations Inc.) Hidden
Castle Link 3.85.00 (HKLM-x32\...\Castle Link 3.85.00) (Version: 3.85.00 - Castle Creations Inc.)
CINEMA 4D 15.008 (HKLM\...\MAXON12664043) (Version: 15.008 - MAXON Computer GmbH)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
Corel Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
ESET Security (HKLM\...\{C8113C9E-3025-4DC5-89E8-71F7C080967A}) (Version: 18.1.13.0 - ESET, spol. s r.o.)
FreeCAD 0.16 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.16) (Version: 0.16.6700 - Juergen Riegel)
FreeCAD 1.0.0 (HKLM\...\FreeCAD100) (Version: 1.0.0 - FreeCAD Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 137.0.7151.122 - Google LLC)
Google SketchUp 6 (HKLM-x32\...\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}) (Version: 6.4.112 - Google) Hidden
Google SketchUp 6 (HKLM-x32\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
HP DeskJet 5000 series Nápověda (HKLM-x32\...\{6DC9CFE5-48BB-41D3-9127-AF239C4FD8D4}) (Version: 44.0.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{2B241F10-5647-4C07-B982-CC0B81682A59}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{FBCFDA37-DD90-4465-9E8B-26C2D2260EFF}) (Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{5B4F8499-E03E-4A81-850D-81B27CC8EC9C}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{489527CD-23E4-4F60-82CB-F85DF758049F}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{904BE479-2821-419D-B44F-C963042CB6FD}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{86B04693-5E1B-4A2A-8715-6E1E1B5AE8C2}) (Version: 43.0.0.0 - HP)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{10764165-E41B-4A08-B2B0-950EA48A27AC}) (Version: 19.0.281 - Intel Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LaserGRBL Rhydon (HKLM-x32\...\{4BF69C31-8363-4935-9804-CCDD623E7C1F}_is1) (Version: 7.12.0 - LaserGRBL)
LightBurn version 1.7.06 (HKLM\...\LightBurn_is1) (Version: 1.7.06 - )
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 3.5 - Autodesk, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 138.0.3351.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 137.0.3296.93 - Microsoft Corporation) Hidden
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.18827.20176 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.105.0601.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
MULTIFlight (HKLM-x32\...\MULTIFlight) (Version: - Multiplex Modellsport GmbH & Co.KG)
NVIDIA Ovladače grafiky 561.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 561.19 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.20 (HKLM\...\{CD6E345E-ECBC-4F98-BB28-276ACBBCD4DE}) (Version: 5.1.20 - Oracle Corporation)
Programming Editor (HKLM-x32\...\{428A38D6-791D-4FE5-BA82-D093D26D1D9F}) (Version: 5.5.5 - Revolution Education Ltd)
PrusaSlicer 2.6.1 (HKLM\...\{1C723A3F-6971-46A6-B6A2-AFAB5C5A1C21}) (Version: 2.6.1 - Prusa Research) Hidden
PrusaSlicer 2.6.1 (HKLM\...\PrusaSlicer 2.6.1 2.6.1) (Version: 2.6.1 - Prusa Research)
Silhouette Studio (HKLM-x32\...\{3DEA4727-1481-4BEE-AC88-128FB57CAA76}) (Version: 3.8.118 - Silhouette America)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Spirit Settings verze 3.5.0 (HKLM-x32\...\Spirit Settings_is1) (Version: 3.5.0 - Spirit System)
Studie vylepšování produktu HP DeskJet 5000 series (HKLM\...\{E58A151A-D58A-4C9A-B5D9-5939C6F78F31}) (Version: 44.3.2218.18109 - HP Inc.)
Těžiště 1.0 (HKLM-x32\...\Těžiště_is1) (Version: - Pavel König)
UltiMaker Cura 5.6.0 (HKLM-x32\...\UltiMaker Cura 5.6.0-5.6.0) (Version: 5.6.0 - UltiMaker)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VBar Control Manager 2.1 (HKLM-x32\...\VBar Control Manager 2.1_is1) (Version: 2.1 - VStabi Support Center)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Základní software zařízení HP DeskJet 5000 series (HKLM\...\{3AA0D498-49DD-44EC-8AA8-9AFC670DB249}) (Version: 44.3.2218.18109 - HP Inc.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-06-13] ()
Apple Devices -> C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa [2025-05-11] (Apple Inc.) [Startup Task]
B&O Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-10] (HP Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-20] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_159.2.1145.0_x64__v10z8vjag6ke6 [2025-06-04] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa [2025-04-01] (Apple Inc.) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-06-13] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16 [2025-06-29] ()
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-08] (Skype)
Spotify – hudba a podcasty -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0 [2025-06-19] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2704875781-386717825-2673586809-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2704875781-386717825-2673586809-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\trew1\AppData\Local\Autodesk\webdeploy\production\f0f1459572ae987db1490b82e7990102aa92065e\NPreview10.dll (Autodesk, Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll [2005-11-15] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-05-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-05-12] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.105.0601.0002\FileSyncShell64.dll [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-05-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_5c197d2d97068bef\nvshext.dll [2024-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-05-12] (ESET, spol. s r.o. -> ESET)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2025-06-23 13:33 - 2024-11-29 20:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2704875781-386717825-2673586809-1001\Software\Classes\.scr: AutoCADScriptFile => "C:\Windows\system32\NOTEPAD.EXE" "%1"

==================== Internet Explorer (Whitelisted) =============

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files (x86)\google\googletoolbar1.dll [2022-03-14] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll [2022-03-14] (Google Inc -> Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-27] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.43.1
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Realtek RTL8852AE WiFi 6 802.11ax PCIe Adapter -> rtwlane6.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek Gaming GbE Family Controller -> rt640x64.sys
VirtualBox Host-Only Network: VirtualBox Host-Only Ethernet Adapter -> VBoxNetAdp6.sys

oracle_VBoxNetLwf: VirtualBox NDIS6 Bridged Networking Driver

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2704875781-386717825-2673586809-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\trew1\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\4798006981490664187\133955299346903834.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: )
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD9567D1-49B4-49F3-BA73-3BF22CD0A1EF}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2368\HP.EasyStart.exe => No File
FirewallRules: [{F3E00984-F5FA-4311-B760-9A33FECE28D8}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2A27\HP.EasyStart.exe => No File
FirewallRules: [{4D3C4973-E590-4BE1-90D5-8BC923797574}] => (Allow) C:\Program Files\HP\HP DeskJet 5000 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{322AFE33-DA9B-4A1F-8F35-E4017FB81CF2}] => (Allow) LPort=5357
FirewallRules: [{C55966E6-CA97-480F-BAE5-74C96B7530E3}] => (Allow) C:\Program Files\HP\HP DeskJet 5000 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B88EFA19-271F-4AFA-BA34-5C5100694E60}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{35026370-A7E2-4043-8E65-3D6380C53393}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EEB049B4-EF47-4FD9-A066-365A4E8B9D86}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C7B9A2DA-CB63-48E5-8ADE-A62223DBE541}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F57C59F5-BEFA-41F3-9EFC-6A9926CB90B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F83C5959-8CAA-45EF-B269-F6774BA4DA50}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FDD37379-CA3C-4C0B-8AD6-9E6BF9C14DC0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B71630EA-7C56-4E88-92FC-8CB2A15D750C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{44E12CD2-B736-4D42-9FF2-BAA6F75D8822}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{66723309-D7D2-420D-89E8-342F08E794FD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1AD07379-B26C-4827-A0D8-AA90CCED00CC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{150FB673-7F46-4A74-B3EC-C9609DF5A77A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1284.24577.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{33E03665-68CD-4DDD-8841-5E8959E30F7B}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{D552A60C-6EBB-4A5D-B6A9-D8732F1B1992}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{FB888304-5C8E-490D-A0A0-2B9EADB171A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7B1EF589-6CEC-4D49-85DF-DFEBFCD6130F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D181BA37-0241-4602-9E85-47F82E652433}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{639CD2BF-C932-4344-AE25-29CE066E788A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C700A2F-374B-4676-AA92-A87E975C263F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9FA42577-91FD-478B-86E7-9B4BE9AA340F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A4E73BE7-8888-464F-84F6-361DC5AD5A4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F618697C-9693-4298-8B20-019A0174A1CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8B855FB2-71F4-4F18-8394-38AF194FE7DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7700F942-0F26-4577-AB40-712DAEE47F37}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{92E88334-D89B-4127-A42C-5FEF5817BA62}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\137.0.3296.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15F1D2D3-C703-455E-8AEE-D7B521E4E7FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-06-2025 10:32:24 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/30/2025 08:11:36 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-UM04K9K$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 30 Jun 2025 06:11:35 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 15f5751f-2383-44a8-9149-007e93b16176

Metoda: GET(2312ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (06/30/2025 08:07:36 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-UM04K9K$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (06/29/2025 11:29:02 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (06/29/2025 11:29:02 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (06/29/2025 11:29:02 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (06/29/2025 11:25:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-UM04K9K$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(172ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (06/29/2025 11:09:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-UM04K9K$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 29 Jun 2025 21:09:11 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d7056fbc-eed1-4b26-aa55-0c187ff577e4

Metoda: GET(719ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (06/29/2025 11:03:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-UM04K9K$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 29 Jun 2025 21:03:05 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 522e408d-0f7d-42dd-ac24-b4ae835a32bc

Metoda: GET(594ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (06/30/2025 08:12:31 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -1878589247. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/30/2025 08:09:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (06/30/2025 08:09:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (06/30/2025 08:07:27 AM) (Source: IntcAzAudAddService) (EventID: 258) (User: )
Description: HAP AcpCreateAudioEngine fail with status (0xC00000BB)

Error: (06/30/2025 08:07:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:24:59, ‎29.‎06.‎2025) bylo neočekávané.

Error: (06/29/2025 11:29:59 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -1878589247. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/29/2025 11:27:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (06/29/2025 11:27:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).


CodeIntegrity:
===============
Date: 2025-06-30 08:09:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-06-30 08:09:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.15 08/18/2021
Motherboard: HP 88DE
Processor: AMD Ryzen 5 5600H with Radeon Graphics
Percentage of memory in use: 59%
Total physical RAM: 7524.56 MB
Available physical RAM: 3027.25 MB
Total Virtual: 17570.97 MB
Available Virtual: 12981.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.13 GB) (Free:27.52 GB) (Model: INTEL SSDPEKNW512G8H) NTFS

\\?\Volume{af7f70c7-9d84-4074-a830-7f46d9f4f29f}\ (Windows RE tools) (Fixed) (Total:0.53 GB) (Free:0.06 GB) NTFS
\\?\Volume{7e3714ff-7ed9-4b91-9d2a-ab7ebe1d41a5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 4EFC14A3)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Podezření na virus

Napsal: 30 čer 2025 14:09
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
FirewallRules: [{CD9567D1-49B4-49F3-BA73-3BF22CD0A1EF}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2368\HP.EasyStart.exe => No File
FirewallRules: [{F3E00984-F5FA-4311-B760-9A33FECE28D8}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2A27\HP.EasyStart.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Podezření na virus

Napsal: 30 čer 2025 17:27
od pavel123
Díky, vlkládám fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2025
Ran by trew1 (30-06-2025 18:22:47) Run:1
Running from C:\Users\trew1\Desktop
Loaded Profiles: trew1
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FirewallRules: [{CD9567D1-49B4-49F3-BA73-3BF22CD0A1EF}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2368\HP.EasyStart.exe => No File
FirewallRules: [{F3E00984-F5FA-4311-B760-9A33FECE28D8}] => (Allow) C:\Users\trew1\AppData\Local\Temp\7zS2A27\HP.EasyStart.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD9567D1-49B4-49F3-BA73-3BF22CD0A1EF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3E00984-F5FA-4311-B760-9A33FECE28D8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 125537651 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 123368940 B
Edge => 0 B
Chrome => 369938631 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 494460 B
NetworkService => 495856 B
trew1 => 319271934 B

RecycleBin => 1380860513 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:24:42 ====

Re: Podezření na virus

Napsal: 30 čer 2025 17:43
od Rudy
Smazáno. Nastala nějaká změna?

Re: Podezření na virus

Napsal: 30 čer 2025 17:54
od pavel123
Díky. Zatím pozoruju, že přestalo to trvalé odesílání dat.
Ukazuje se, že problém nebyl jenom SW, ale zřejmě se to sešlo i s problémem s HW, protože jsem během dne zjistil, že to zamykání displeje, popřípadě rozbití obrazu nebylo asi od zátěže, opakovalo se to když jsem vzal notebook do ruku, někdy stačilo i jenom pohnout displejem a nebo lehce zatlačit na tělo notebooku. Našel jsem nějaký servis a tam mi pán podle popisu chování řekl, že u notebooků s procesorem AMD Ryzen 5 5600H je prý problém s deskou pod procesorem, se spoji, prý to umí opravit. Nějakou dobu dneska byl displej jenom černý, odpoledne nějak ožil, od té doby jsem s notebookem nehýbal, pro jistotu
Takže teď si zálohuju nějaká poslední data, co jsem neměl zálohovaná a pak s ním hnu a uvidím.

Ale z pohledu SW to teď vypadá dobře. Bylo tam něco, kvůli čemu bych si měl raději změnit heslo třeba k mailu?

Re: Podezření na virus

Napsal: 30 čer 2025 18:51
od Rudy
Mohlo tam být něco v dočasných souborech internetu. Ty se mažou jediným příkazem (EmptyTemp), bylo jich tam více, než 2GB. Log mi však jmenovitě nepoví, co konkrétně. To ostaní byly jen zbytečnosti. Pokud se domníváte, že vaše heslo k mailu je profláknuté, změňte si ho. Pokud ne, může zůsta to stávající. S tím hardwarem musíte do servisu.

Re: Podezření na virus

Napsal: 30 čer 2025 18:53
od pavel123
Moc děkuju za rychlou pomoc, pošlu příspěvek na provoz fóra.
Zdravím
Pavel

Re: Podezření na virus

Napsal: 30 čer 2025 19:54
od Rudy
Za příspěvek děkujeme a vy nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz