VIRY.CZ

Dobrý den, ESET PROTECT mi na počítači nahlásil výskyt malware: Detekce potenciálně spojená se známým malwarem [I0115]
ale při kontrole na místě nic nenašel.
Posílám logy a prosím o kontrolu.
Děkuji.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2025
Ran by papepa (administrator) on W-ZAM-E-03 (Dell Inc. OptiPlex 7050) (13-01-2026 08:04:36)
Running from C:\Users\papepa\Desktop\FRST64.exe
Loaded Profiles: papepa
Platform: Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\119.0.2.0\crashpad_handler.exe
(C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.139\msedgewebview2.exe <8>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Google LLC -> Google LLC.) C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe <2>
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_bd81469b51147524\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_47d3698a1c94c55a\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b8e80a9b8772ee40\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b8e80a9b8772ee40\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wksprt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506144 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe [1222536 2018-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [285616 2025-08-21] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [0 2024-12-19] () <==== ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableLogonScriptDelay] 1
HKLM\Software\Policies\...\system: [AsyncScriptDelay] 2
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\Policies\Explorer: [NoDrives] 1048576
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\Run: [MicrosoftEdgeAutoLaunch_98BEB6ECDB83C00E7B5057E6C1061268] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4228176 2026-01-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [82654736 2024-11-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\RunOnce: [Uninstall 22.012.0117.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lokadmin\AppData\Local\Microsoft\OneDrive\22.012.0117.0003" [0 2024-11-13] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\119.0.2.0\GoogleDriveFS.exe [91836568 2026-01-13] (Google LLC -> Google LLC.)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\sxm4mPC: C:\Windows\System32\spool\prtprocs\x64\sxm4mpc.dll [53152 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Epson_Print_Admin: C:\Windows\system32\epscpmon.dll [831488 2019-05-31] (Seiko Epson Corporation) [File not signed]
HKLM\...\Print\Monitors\HP1100LM: C:\Windows\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\rica1Ilm: C:\Windows\system32\rica1Ilm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\sxm4m Langmon: C:\Windows\system32\sxm4mlm.dll [43936 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-11-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\143.0.7499.193\Installer\chrmstp.exe [2026-01-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2024-12-19]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {940D86DE-AF94-4699-B2DF-442E6C0991FA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{AB5F35C8-B165-4177-A6F6-8B34461CD98A} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {37B90D10-C3B5-4579-A357-6F598F4087E4} - System32\Tasks\GoogleUserPEH\RunPlatformExperienceHelper_CheckEligible => C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2630296 2025-11-06] (Google LLC -> Google LLC)
Task: {C59E7D62-B190-450A-8971-6B4C54E47B9C} - System32\Tasks\GoogleUserPEH\RunPlatformExperienceHelper_Metrics => C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2630296 2025-11-06] (Google LLC -> Google LLC)
Task: {653C6D85-3311-44BE-BBDA-FF5A16D4D0B7} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [91656 2025-11-19] (HP Inc. -> HP Inc.)
Task: {614A0CEB-67DC-4AB1-8CA5-BE76FFCDC232} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [91656 2025-11-19] (HP Inc. -> HP Inc.)
Task: {3F53230E-02B2-477D-9617-6ADA2A74FD54} - System32\Tasks\Leader Technologies\PowerRegister\Xerox Product Registration (kuchvl) => C:\Users\kuchvl\AppData\Roaming\Leadertech\PowerRegister\Xerox Product Registration.exe [1786880 2018-09-10] (Xerox/Leader Technologies) [File not signed] -> C:\Users\kuchvl\AppData\Roaming\Leadertech\PowerRegister\/remind /language=CSY /MODL="WorkCentre 3025" /PRTP="USB" /PRNM="XRTK"
Task: {18F8EB77-C3EA-4612-B9E2-04D6713D91C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {9D8531DC-2AA5-43B8-A747-617D2FFF6FD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {82D4B720-A130-4F03-B1E6-8060FFDBDC9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {29DDB791-7556-4AEC-B256-06C778645C28} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [53248 2025-04-08] (Microsoft Windows -> Microsoft Corporation)
Task: {05F8AEF2-E739-46C7-86D1-735C270321E3} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [53248 2025-04-08] (Microsoft Windows -> Microsoft Corporation)
Task: {2937C60F-7F84-4EA2-9E37-AD25E7144E4A} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Process policy => {E444E1B9-502C-44F9-B714-30DA330D0E8E} C:\Windows\System32\tsworkspace.dll [1179648 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {CF9A3D38-6A26-46AC-B700-D413DC8E7C3E} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Report update status => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,WorkspaceStatusNotify2
Task: {6CF8D11B-2637-49F3-B939-AF2A0B6A5115} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\Windows\system32\wksprt.exe [430080 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {37F6AF5B-B502-4764-B11C-713215531CCA} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\kuchvl@zs-vsechovice.local\Update connections => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,TaskUpdateWorkspaces2
Task: {8BA866B3-3824-492B-B2DF-73859C6D25FD} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Process policy => {E444E1B9-502C-44F9-B714-30DA330D0E8E} C:\Windows\System32\tsworkspace.dll [1179648 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {E8C36D55-443C-49D6-A58D-3FEDE9B3FA89} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Report update status => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,WorkspaceStatusNotify2
Task: {1A680C7F-77E0-4AF0-BB83-84352D00A424} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\Windows\system32\wksprt.exe [430080 2025-11-11] (Microsoft Windows -> Microsoft Corporation)
Task: {D3BC8585-18F7-45ED-9766-48190C81DF47} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\papepa@zs-vsechovice.local\Update connections => C:\Windows\system32\RUNDLL32.exe [73728 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,TaskUpdateWorkspaces2
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {1B46555E-6AD0-41AA-BC63-A1D3962C2028} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {CA0BE498-356F-4494-A42F-5F52036E27B7} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1285 => C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDriveLauncher.exe [746856 2026-01-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E05FA3B-F197-4E69-A111-8989BA0BEE75} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1487 => C:\Users\kuchvl\AppData\Local\Microsoft\OneDrive\25.224.1116.0003_1\OneDriveLauncher.exe [745832 2026-01-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {39758329-DD36-408E-A007-9B6853C376BC} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2774596813-2351541506-2060952939-1487 => C:\Users\kuchvl\AppData\Roaming\Zoom\bin\Zoom.exe [462768 2025-11-26] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.38.10.20 10.38.10.26
Tcpip\..\Interfaces\{7b1e00ec-73b2-4321-add9-921f177f1d4b}: [DhcpNameServer] 10.38.10.20 10.38.10.26
Tcpip\..\Interfaces\{7b1e00ec-73b2-4321-add9-921f177f1d4b}: [DhcpDomain] zs-vsechovice.local

Edge:
=======
Edge Profile: C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-15]
Edge Extension: (Dokumenty Google offline) - C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-19]
Edge Extension: (Edge relevant text changes) - C:\Users\papepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-13]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2026-01-13]

Chrome:
=======
CHR Profile: C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default [2026-01-13]
CHR Extension: (Set Character Encoding) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2024-12-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-15]
CHR Extension: (Verifee) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaamlhinjaceanpdanmagllfeoelcfhl [2024-12-09]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2025-01-15]
CHR Extension: (Rozšíření Google Keep pro Chrome) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2024-12-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\papepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-09]
CHR HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5631928 2025-10-30] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe [74392 2025-10-31] (Google LLC -> Google LLC)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5538736 2025-08-21] (ESET, spol. s r.o. -> ESET)
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [346544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4804544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4804544 2025-08-21] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1559584 2025-10-14] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [244232 2025-11-19] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803096 2025-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [544768 2023-12-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2023-12-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [124800 2017-04-24] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232416 2025-09-17] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2025-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [270144 2025-09-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [86776 2025-09-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [126520 2025-09-17] (ESET, spol. s r.o. -> ESET)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [152608 2024-11-19] (WDKTestCert andy.miller,132291778652267126 -> Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [101520 2024-11-19] (WDKTestCert andy.miller,132291778652267126 -> Future Technology Devices International Ltd.)
R2 googledrivefs31931; C:\Program Files\Google\Drive File Stream\Drivers\31931\googledrivefs31931.sys [386256 2025-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [14224 2021-06-07] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslce6926eb; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B88030C7-2D58-4BEF-90BD-987857E92682}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-01-13 08:04 - 2026-01-13 08:05 - 000025537 _____ C:\Users\papepa\Desktop\FRST.txt
2026-01-13 08:04 - 2026-01-13 08:04 - 000000000 ____D C:\FRST
2026-01-13 08:00 - 2026-01-13 08:00 - 002444288 _____ (Farbar) C:\Users\papepa\Desktop\FRST64.exe
2026-01-12 14:10 - 2026-01-12 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2026-01-12 12:15 - 2026-01-12 12:15 - 000112254 _____ C:\Users\kuchvl\Downloads\2026011537 (1).pdf
2026-01-12 11:37 - 2026-01-12 11:37 - 000112254 _____ C:\Users\kuchvl\Downloads\2026011537.pdf
2026-01-12 00:28 - 2026-01-12 00:28 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Work Resources (RADC)
2026-01-09 14:44 - 2026-01-09 14:44 - 000012196 __RSH C:\ProgramData\ntuser.pol
2026-01-09 11:02 - 2026-01-09 11:02 - 000000000 ____D C:\Windows\system32\appmgmt
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Xerox
2026-01-08 13:13 - 2026-01-08 13:13 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2026-01-08 13:12 - 2026-01-08 13:13 - 000000000 ____D C:\Program Files (x86)\Xerox
2026-01-08 13:11 - 2026-01-13 07:43 - 000000000 ____D C:\Users\papepa\AppData\Roaming\Xerox
2026-01-08 13:11 - 2026-01-08 13:11 - 000000000 ____D C:\Users\lokadmin\AppData\Roaming\Xerox
2026-01-08 12:59 - 2026-01-08 13:13 - 000000000 ____D C:\Windows\system32\Tasks\Leader Technologies
2026-01-08 12:58 - 2026-01-08 13:13 - 000000000 ____D C:\ProgramData\Xerox
2026-01-08 12:58 - 2026-01-08 12:58 - 000000000 ____D C:\Windows\LastGood
2026-01-08 12:58 - 2026-01-08 12:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Leadertech
2026-01-08 12:58 - 2018-09-10 17:42 - 001786880 ____N (Xerox/Leader Technologies) C:\Windows\Xreg.exe
2026-01-08 12:58 - 2018-09-10 17:42 - 000146432 _____ C:\Windows\Wiainst64.exe
2026-01-08 12:57 - 2026-01-08 12:57 - 224291194 _____ C:\Users\kuchvl\Downloads\WorkCentre_3025_Windows_Software_Installer-Package.exe
2026-01-08 12:57 - 2026-01-08 12:57 - 000000000 ____D C:\Xerox
2026-01-08 12:56 - 2026-01-08 12:57 - 243984288 _____ C:\Users\kuchvl\Downloads\Xerox_WorkCentre_3025_Windows_Print_Drivers_Utilities_V1.10.exe
2026-01-05 10:03 - 2026-01-05 10:03 - 000057453 _____ C:\Users\kuchvl\Downloads\Přehled odebraných jednotek za I. pololetí (4).xlsx
2026-01-01 12:22 - 2026-01-01 12:22 - 000013167 _____ C:\Users\kuchvl\Downloads\Smolár_2025-12.xlsx
2025-12-29 15:11 - 2025-12-29 15:11 - 000018629 _____ C:\Users\kuchvl\Downloads\month_export_2025-12.xlsx
2025-12-19 14:34 - 2025-12-19 14:34 - 000018700 _____ C:\Users\kuchvl\Downloads\month_export_2025-12 (1).xlsx
2025-12-18 11:51 - 2025-12-18 11:51 - 000725758 _____ C:\Windows\system32\perfh005.dat
2025-12-18 11:51 - 2025-12-18 11:51 - 000151026 _____ C:\Windows\system32\perfc005.dat
2025-12-16 09:22 - 2025-12-16 09:22 - 016078448 _____ C:\Users\kuchvl\Downloads\VID_20251215_130036.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-01-13 07:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-01-13 07:47 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2026-01-13 07:45 - 2025-11-10 07:50 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUserPEH
2026-01-13 07:45 - 2024-12-02 17:40 - 000000000 ____D C:\Users\papepa\AppData\Local\D3DSCache
2026-01-13 07:45 - 2024-11-13 17:54 - 000000000 ____D C:\Users\papepa\AppData\Local\Packages
2026-01-13 07:43 - 2025-01-15 11:38 - 000003578 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-12-19 09:12 - 000000000 ____D C:\ProgramData\AnyDesk
2026-01-13 07:43 - 2024-12-19 09:11 - 000000000 ____D C:\Users\papepa\AppData\Roaming\AnyDesk
2026-01-13 07:43 - 2024-11-13 17:54 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-11-13 17:54 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2774596813-2351541506-2060952939-1285
2026-01-13 07:43 - 2024-11-13 17:54 - 000002393 _____ C:\Users\papepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-01-13 07:43 - 2024-11-13 17:54 - 000000000 ___SD C:\Users\papepa\AppData\Roaming\Microsoft\Credentials
2026-01-13 07:42 - 2025-01-15 12:02 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002091 _____ C:\Users\papepa\Desktop\Google Slides.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002091 _____ C:\Users\papepa\Desktop\Google Sheets.lnk
2026-01-13 07:42 - 2025-01-15 12:02 - 000002079 _____ C:\Users\papepa\Desktop\Google Docs.lnk
2026-01-13 07:42 - 2025-01-15 11:15 - 000000000 ____D C:\Users\kuchvl
2026-01-13 07:42 - 2024-11-13 17:54 - 000000000 __SHD C:\Users\papepa\IntelGraphicsProfiles
2026-01-13 07:42 - 2024-11-13 15:03 - 000000152 _____ C:\Windows\system32\config\netlogon.ftl
2026-01-13 07:42 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2026-01-13 07:42 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2026-01-12 14:10 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Local\Packages
2026-01-12 14:10 - 2024-11-13 16:07 - 000000000 ____D C:\Program Files\ESET
2026-01-12 14:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2026-01-12 14:10 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2026-01-12 14:09 - 2024-11-13 16:07 - 000000000 ____D C:\ProgramData\ESET
2026-01-12 13:38 - 2024-06-25 13:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2026-01-12 12:51 - 2025-01-15 11:41 - 000000000 ____D C:\TEMP
2026-01-12 12:23 - 2025-01-15 13:21 - 000000000 ____D C:\Users\kuchvl\AppData\Local\CrashDumps
2026-01-12 08:57 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Local\D3DSCache
2026-01-11 11:56 - 2025-01-15 11:16 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\AnyDesk
2026-01-10 21:34 - 2024-06-25 13:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-01-10 21:34 - 2024-06-25 13:03 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-01-09 07:12 - 2024-11-13 16:30 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-01-09 07:12 - 2024-11-13 16:30 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2026-01-08 13:18 - 2025-01-15 13:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Word
2026-01-08 13:18 - 2025-01-15 13:58 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Šablony
2026-01-08 13:04 - 2025-11-26 10:13 - 000000000 ____D C:\Users\kuchvl\AppData\Local\ElevatedDiagnostics
2026-01-08 13:04 - 2025-01-16 12:12 - 000000000 ____D C:\Users\kuchvl\AppData\Roaming\Microsoft\Excel
2026-01-07 12:43 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\Prodej vyřazených věcí
2026-01-06 15:26 - 2025-01-15 11:18 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000003582 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2774596813-2351541506-2060952939-1487
2026-01-06 15:26 - 2025-01-15 11:18 - 000002393 _____ C:\Users\kuchvl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-01-05 10:16 - 2025-10-30 09:02 - 000057522 _____ C:\Users\kuchvl\Desktop\Přehled odebraných jednotek za I. pololetí.xlsx
2026-01-05 09:54 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\HACCP
2025-12-31 10:14 - 2024-11-13 15:57 - 000001988 _____ C:\Users\Public\Desktop\STRAVNÉ.net.lnk
2025-12-29 14:27 - 2025-01-15 12:38 - 000000000 ____D C:\Users\kuchvl\Desktop\Kalkulační vzorce
2025-12-22 01:29 - 2024-06-25 13:03 - 000003638 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-12-22 01:29 - 2024-06-25 13:03 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-12-18 11:53 - 2025-01-15 11:15 - 000000000 __SHD C:\Users\kuchvl\IntelGraphicsProfiles
2025-12-18 11:51 - 2024-06-25 15:15 - 001718036 _____ C:\Windows\system32\PerfStringBackup.INI
2025-12-18 11:47 - 2024-06-25 15:13 - 000000000 ____D C:\Intel
2025-12-18 11:47 - 2024-06-25 13:02 - 000012288 ___SH C:\DumpStack.log.tmp
2025-12-18 11:47 - 2024-06-25 13:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-12-18 11:46 - 2022-05-07 06:17 - 000786432 _____ C:\Windows\system32\config\BBI
2025-12-16 11:32 - 2025-01-15 12:38 - 000002403 _____ C:\Users\kuchvl\Desktop\Vladimíra (Osoba 2) - Chrome.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by papepa (13-01-2026 08:05:41)
Running from C:\Users\papepa\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) (2024-06-25 14:08:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3684620303-3985011473-1177193340-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3684620303-3985011473-1177193340-503 - Limited - Disabled)
Guest (S-1-5-21-3684620303-3985011473-1177193340-501 - Limited - Disabled)
lokadmin (S-1-5-21-3684620303-3985011473-1177193340-1002 - Administrator - Enabled) => C:\Users\lokadmin
WDAGUtilityAccount (S-1-5-21-3684620303-3985011473-1177193340-504 - Limited - Disabled)

ATTENTION: Domain

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 9.0.9 - AnyDesk Software GmbH)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Dálková správa VIS TV (HKLM-x32\...\DSpravaTV) (Version: - )
Epson Print Admin Driver (HKLM-x32\...\{beb4b9b0-1b06-44ab-b492-d9e29ea4901a}) (Version: 3.1.4 - Seiko Epson Corporation)
ESET Endpoint Security (HKLM\...\{5E44C9E2-CA66-44F6-8F33-48C9F844790D}) (Version: 12.1.2057.3 - ESET, spol. s r.o.)
ESET Management Agent (HKLM\...\{45E32117-E90E-4558-917E-8E45B306EF4F}) (Version: 12.5.2104.0 - ESET, spol. s r.o.)
FreeCommander XE Build 901 32-bit (HKLM-x32\...\{D3C705DC-9743-4FEF-8358-E1AC9FA69C73}_is1) (Version: 2024.0.0.901 - Marek Jasinski)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 119.0.2.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 143.0.7499.193 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Chrome Remote Desktop Host (HKLM-x32\...\{55E2698F-22F7-4AAF-8F5B-5CB55252BB37}) (Version: 143.0.7499.7 - Google LLC)
IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9434.5 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 143.0.3650.139 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 143.0.3650.139 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Czech) 2016 (HKLM-x32\...\{90160000-0016-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2016 (HKLM-x32\...\{90160000-00BA-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2016 (HKLM-x32\...\{90160000-00E1-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2016 (HKLM-x32\...\{90160000-00E2-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2016 (HKLM-x32\...\{90160000-002C-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2016 (HKLM\...\{90160000-002A-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2016 (HKLM-x32\...\{90160000-006E-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\{90160000-0012-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Standard 2016 (HKLM-x32\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\...\OneDriveSetup.exe) (Version: 25.238.1204.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\...\OneDriveSetup.exe) (Version: 24.206.1013.0004 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2016 (HKLM-x32\...\{90160000-00A1-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2016 (HKLM-x32\...\{90160000-001A-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2016 (HKLM-x32\...\{90160000-0018-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2016 (HKLM-x32\...\{90160000-0019-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2016 (HKLM-x32\...\{90160000-001B-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 91.0.1 (x64 cs)) (Version: 91.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM-x32\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM-x32\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.7.775 - Jan Fiala)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8555 - Realtek Semiconductor Corp.)
Runtime VFP 9 (1.07) (HKLM-x32\...\{B3F398EF-7459-4462-BA67-793679D647C3}) (Version: 1.07.0000 - PROVIS)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (12.05.2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(06.06.2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3025 (HKLM-x32\...\Xerox WorkCentre 3025) (Version: V1.10 (11.04.2022) - Xerox Corporation)

Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-04-16] (INTEL CORP) [Startup Task]
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2026-01-13] (Sparse Package)
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2521.8.2.0_x64__8j3eq9eme6ctt [2026-01-13] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2026-01-13] (INTEL CORP)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2025-01-15] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{6e1f4e4d-65f7-4c83-be2e-9e6683cda268}\localserver32 -> C:\Program Files\ESET\ESET Security\egui.exe (ESET, spol. s r.o. -> ESET)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\papepa\AppData\Local\Microsoft\OneDrive\25.238.1204.0001\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2774596813-2351541506-2060952939-1285_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\119.0.2.0\drivefsext.dll [2026-01-13] (Google LLC -> Google LLC.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2025-08-21] (ESET, spol. s r.o. -> ESET)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-05-21 20:09 - 2009-05-21 20:09 - 000554496 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2024-11-13 15:58 - 2018-10-22 11:49 - 005592064 _____ (Microsoft) [File not signed] C:\Windows\System32\casablanca120.dll
2024-11-13 15:58 - 2019-05-31 09:25 - 000831488 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\System32\epscpmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 10.38.10.20 - 10.38.10.26
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel(R) Ethernet Connection (5) I219-LM -> e1d68x64.sys

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2774596813-2351541506-2060952939-1285\Control Panel\Desktop\\Wallpaper -> C:\Users\papepa\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5925668582434200206\133782142142173128.jpg
HKU\S-1-5-21-3684620303-3985011473-1177193340-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5CB63FD-C0C7-4E7B-A77D-2FD8E615531F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{70D586B9-FA7C-4234-89C8-639838799186}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6C43E914-8C19-45EB-BB46-EBF64B08BD52}] => (Allow) C:\Users\kuchvl\AppData\Local\Temp\7zS5A0E\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [{377763BB-C674-4CB3-8E0A-4A9273CAC296}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A7CE3C40-219A-45F6-BA3B-D4EB594ECB05}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{13DAA438-9089-4D23-9AC8-669C8F00DB8A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\143.0.7499.7\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{B781ED6C-B9CD-4666-8698-A79AC2BC0259}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{820F1EEB-2BD3-40CF-9946-DE5BD09890ED}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3190E6AD-C824-4FAC-9324-16B55F9A6EF6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{4E87BEE2-6302-4A22-B9A5-9383FA8A0D33}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{58CC5E6B-DE7E-499E-A43C-ACFF4121422A}] => (Allow) C:\Windows\twain_32\Xerox\WC3025\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8AFF2586-BA67-49A4-949E-7D3888582C3D}] => (Allow) C:\Windows\twain_32\Xerox\WC3025\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8C640C5A-E889-41D7-B27E-E6F7508B6143}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{B3E97618-575F-44EC-81B7-D8C037C459FA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{317ABAF3-35D5-4FA5-8859-49D981DF2CB5}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{5029005D-3F6F-4E5C-93E9-77F9E60115EE}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B15D2883-39D0-4779-982C-1CAC172CC67E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A6DEF9E4-0888-4559-9C2C-8FE80F88B95D}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C153F95D-0A8D-4011-925B-792EEC54ADD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1E3ADC4C-2E60-4315-BF84-47C56D9517C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C8B21902-3D1A-47B6-9B72-C0B2A1DC7BF3}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{2A7E729B-45D4-4BA6-BCC2-B4CA7D1C983F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D11E43E3-52AA-4569-A032-45FC125714A5}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{DA2A0456-D786-41EB-AA0B-9BBAEB3ACA38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{58D07C67-5620-46C5-B68B-EDDFE8EAE43A}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{B976ED20-DD21-4D77-95DE-93C88B559EC2}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A54BB37B-B7FD-4B25-B224-E435F7F277D1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{6A2A6C9A-7A34-40EF-B493-7E57A80D0C15}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{09C1DAB2-91CC-438A-BB6D-BA583C1106A3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-12-2025 02:54:43 Windows Update
30-12-2025 05:24:21 Windows Update
05-01-2026 14:55:23 Windows Update
08-01-2026 17:30:19 Windows Update
12-01-2026 08:55:29 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/13/2026 07:50:41 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.22621.1, časové razítko: 0x3b1bcc5b
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ffda8d6200f
ID chybujícího procesu: 0x0x5684
Čas spuštění chybující aplikace: 0x0x1dc8458ee5f29c9
Cesta k chybující aplikaci: C:\Windows\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: f3a7bdab-d093-4e71-a273-a2ae33b73bdf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/13/2026 07:50:41 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (01/13/2026 07:50:40 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (01/12/2026 02:08:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Instalačky školní\ESET\ESET PROTECT\epi_win_live_installer.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_2712eda17382d24b.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_6ec0247887fefb51.manifest.

Error: (01/12/2026 02:08:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Instalačky školní\ESET\ESET PROTECT\epi_win_live_installer.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_2712eda17382d24b.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.6060_none_6ec0247887fefb51.manifest.

Error: (01/12/2026 12:23:48 PM) (Source: Application Error) (EventID: 1005) (User: ZS-VSECHOVICE)
Description: bakasql.exe0xc00000be0x0


System errors:
=============
Error: (01/12/2026 02:10:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba ESET Management Agent byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/12/2026 01:02:15 PM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 11:11:15 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 09:20:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 07:29:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 05:38:15 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 03:47:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.

Error: (01/12/2026 01:56:14 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: Nepodařilo se odebrat přiřazení aplikace ESET Management Agent uvedené v zásadách gpo-eset-deploy. Došlo k chybě: %gpo-eset-deploy.


Windows Defender:
================
Date: 2024-11-13 15:56:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DA957CDE-AF25-42FE-BF22-34A1986CE19D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-11-13 15:39:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F3FD2366-675D-4010-A158-B58821923398}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-11-13 14:59:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C28CE56E-C41D-42FE-B45A-51D6D476E50C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

CodeIntegrity:
===============
Date: 2026-01-13 08:06:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 09/18/2023
Motherboard: Dell Inc. 0NW6H5
Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 8050.23 MB
Available physical RAM: 2769.4 MB
Total Virtual: 9330.23 MB
Available Virtual: 4189.57 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.87 GB) (Free:166.87 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive e: (ADATA UFD) (Removable) (Total:28.89 GB) (Free:25.95 GB) FAT32
Drive g: (Google Drive) (Fixed) (Total:237.87 GB) (Free:158.53 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) FAT32
Drive k: (aplikace) (Network) (Total:99.98 GB) (Free:13.45 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive p: (ucitele) (Network) (Total:79.98 GB) (Free:15.25 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive t: (zaci) (Network) (Total:9.98 GB) (Free:9.9 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive u: (bakalari) (Network) (Total:9.98 GB) (Free:0.04 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS
Drive z: (zaloha) (Network) (Total:29.98 GB) (Free:29.69 GB) (Model: INTEL SSDSC2KF256G8 SATA 256GB) NTFS

\\?\Volume{fccdc097-f33a-431d-acfd-ebd4a16f93fa}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{c35373db-3e5d-4b90-876a-ca23f2422aea}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8DA7CC6B)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: 37E2B16E)
Partition 1: (Active) - (Size=28.9 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

Zdravím!
Nejprve spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-13-2026
# Duration: 00:00:01
# OS: Windows 11 (Build 22631.6199)
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\VIS

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT LEDM\BIN
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1930 octets] - [13/01/2026 09:12:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Stačí tento log? Počítač se nerestartoval...

Nerestartuje se, pokud nemá důvod. Většinou ale ano. Něco ADWC smazal. Teď dejte nové logy FRST+Addition.

K pc se dostanu až zítra ráno, pak to vložím, zatím děkuji.

OK. Zítra bych tu měl být také.

Ahoj, technická vsuvka - udělejme si pořádek v pojmech.

ESET Endpoint Security je antivir (AV) + FW,
ESET Protect (EPP) je centrální konzole na správu ESET produktů, takže když kolegyni antivir něco chytne, právě v té konzoli (na serveru) to uvidíš. Dá se s ní dělat plno nejrůznějších věcí a mám ji velmi rád.

Mluvíš o detekci "Detekce potenciálně spojená se známým malwarem [I0115]" - o co šlo?
- tato detekce ti v EPP dokonce vytvoří incident. Na incident se podíváš z centrální ESET Protect konzole.
- na počítači, na kterém byla hrozba detekována otevřeš antivir a skočíš do Nástroje -> Protokoly

Pokud nějaká detekce od ESETu obsahuje hranaté závorky - "[" a "]", nejedná se o detekci antiviru, ale z EPP (což velice jednoduše řečeno bude za pár měsíců i EDR (ESET Inspect), které pracuje úplně jinak než AV - hodně o něm uslyšíme) a tu prozkoumáš jen v centrální EPP konzoli.

[I0115] občas triggeruje i na mailových přílohách. Nějací profíci (APT) pošlou phishing mail, který AV chytne v Outlooku, detekuje jako (česky řečeno) "známý a velice nebezpečný bordel od známé skupiny", smaže a jste ochráněni. Já se k této variantě přikláním, protože malware v PC aktuálně nevidím. Sám si to ověříš v EPP (na serveru) nebo v logách antiviru na tomto PC viz výše (možná budeš muset skočit na správného usera). Pokud je cokoliv nejasného, dej vědět a rozepíšu se víc.