Prosím o kontrolu logu Vyřešeno

[Pepajzl]

Ahoj, starý problém, píše mi to dva háčky, nebo dvě čárky, nevím ale, v čem to je...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:19, on 14.04.2025
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.26100.1882)
Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\svchost.exe
C:\Program Files (x86)\Microsoft Office\Root\Office16\SDXHelper.exe
C:\Users\Pepa\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\135.0.3179.73\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent -launchcontext=boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe
O23 - Service: AsusUpdateCheck - Unknown owner - C:\WINDOWS\System32\AsusUpdateCheck.exe (file missing)
O23 - Service: Slu ba Avast Browser Update (avast) (avast) - Gen Digital Inc. - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Slu ba Avast Browser Update (avastm) (avastm) - Gen Digital Inc. - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) (AvastSecureBrowserElevationService) - Gen Digital Inc. - C:\Program Files\AVAST Software\Browser\Application\133.0.29113.143\elevation_service.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_5a440 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: EaseUS UPDATE SERVICE - Unknown owner - C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epic Games Updater (EpicGamesUpdater) - Epic Games, Inc. - C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe
O23 - Service: Epic Online Services (EpicOnlineServices) - Epic Games, Inc. - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service: @%systemroot%\system32\GameInputSvc.exe,-101 (GameInputSvc) - Unknown owner - C:\WINDOWS\System32\GameInputSvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\135.0.7049.85\elevation_service.exe
O23 - Service: Intern aktualiza n slu ba Google (GoogleUpdaterInternalService137.0.7115.0) (GoogleUpdaterInternalService137.0.7115.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe
O23 - Service: Aktualiza n slu ba Google (GoogleUpdaterService137.0.7115.0) (GoogleUpdaterService137.0.7115.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\localkdcsvc.dll,-1 (LocalKdc) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ReFsDedupSvc.exe,-100 (refsdedupsvc) - Unknown owner - C:\WINDOWS\System32\ReFsDedupSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zakynthos Service (zksvc) - KRAFTON, Inc. - C:\Program Files\Common Files\PUBG\zksvc.exe

--
End of file - 9805 bytes

[Reklama]

[jaro3]

Service: Slu ba Avast Browser

Zkoušel si jinou klávesnici ( externí)?

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/
https://www.majorgeeks.com/files/detail ... eaner.html
https://www.majorgeeks.com/mg/get/temp_ ... ner,1.html

Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
(Po skončení scanu klikni na vidličku save result a vyber export to TXT. Po chvilce se objeví okno a uložíš si log v txt kam chceš. Pak ho zkopíruj a vlož sem).

[Pepajzl]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-14-2025
# Duration: 00:00:00
# OS: Windows 11 (Build 26100.3775)
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted petrovice.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1704 octets] - [14/04/2025 17:44:33]
AdwCleaner[C00].txt - [1626 octets] - [14/04/2025 17:45:11]
AdwCleaner[S01].txt - [1784 octets] - [14/04/2025 17:57:39]
AdwCleaner[C01].txt - [1978 octets] - [14/04/2025 17:58:07]
AdwCleaner[S02].txt - [1676 octets] - [14/04/2025 19:54:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 14.04.2025
Scan Time: 20:11
Log File: d7823eba-195b-11f0-a07a-cc4740f29cb8.json

-Software Information-
Version: 5.2.10.182
Components Version: 130.0.5212
Update Package Version: 1.0.98049
License: Trial

-System Information-
OS: Windows 11 (Build 26100.3775)
CPU: x64
File System: NTFS
User: moje_PC\Pepa

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 204533
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[jaro3]

Zkoušel si tu ext. klávesnici?

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
tutorial:
https://www.adlice.com/docs/roguekiller ... /tutorial/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- - klikni na „Scan“. V novém okně nic neměň a klikni dole na „Start“ ve sloupci „Quick Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Results “ , v dalším okně pak levým t. na „Report“ a vyber : „Text File“ , log nazvi třeba RK a ulož do dokumentů nebo na plochu. Otevři soubor a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Pokud nepůjde uložit log, vyfoť si nákazy z obrazovky a vlož sem.

[Pepajzl]

Externí klávesnice dělá to samý.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Pepa (Administrator) on 14.04.2025 at 20:17:31,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2025 at 20:19:27,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Program : RogueKillerSVC
Version : 3.1.2.0
x64 : Yes
Program Date : Apr 1 2025
Location : C:\Program Files\RogueKiller\RogueKillerSvc.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Operating System : Windows 11 (10.0.26100) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Pepa
User is Admin : Yes
Date : 2025/04/14 18:22:51
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 8
Found items : 0
Total scanned : 963
removed_count : 0
Signatures Version : 20250331_080504
Truesight Driver : Yes
Updates Count : 0

************************* Warnings *************************

************************* Updates *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

[Pepajzl]

Po spuštění JRT se to spraví ale jen na pár minut, pak to dělá znovu.

[jaro3]

Napiš něco s těmi dvěma háčky a čárkami sem. Ať mám představu.

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Pepajzl]

ˇˇn

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
Ran by Pepa (administrator) on MOJE_PC (ASUS System Product Name) (14-04-2025 21:01:42)
Running from C:\Users\Pepa\Desktop\FRST64.exe
Loaded Profiles: Pepa
Platform: Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(cmd.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(explorer.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe <19>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2025.11030.12002.0_x64__8wekyb3d8bbwe\Photos.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.40.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKU\S-1-5-21-18388365-1344367347-1764052335-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013816 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-18388365-1344367347-1764052335-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37357584 2025-04-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-18388365-1344367347-1764052335-1002\...\Run: [MicrosoftEdgeAutoLaunch_C3E2C2C6B460BB6A174F345EDFB272D7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4418112 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\us016PC: C:\Windows\System32\spool\prtprocs\x64\us016pc.dll [61736 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\us016 Langmon: C:\WINDOWS\system32\us016lm.dll [40744 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.85\Installer\chrmstp.exe [2025-04-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\133.0.29113.143\Installer\chrmstp.exe [2025-03-27] (Avast Software s.r.o. -> Gen Digital Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2369127F-4B38-4E8D-B169-5BA5626916C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {4041F8A6-2102-4324-BA8C-0EE6BD07D0E7} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3738496 2025-03-23] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {87ED8B4D-5D01-4098-BEE1-B70DAA14E284} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3738496 2025-03-23] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {8B0EC25B-AF49-4CD0-8337-0A6BF4959B56} - System32\Tasks\AvastBrowserProtectS-1-5-21-18388365-1344367347-1764052335-1002 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe [1690008 2024-12-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {B70B55F2-269A-4DC2-B78C-6D3DF7B3F2A0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {6A9CEB6A-DE76-49D9-B5C4-40C7C26BC735} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {E059EBAC-AFC0-4CBC-9973-A6990194E582} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{03F3DCE6-ACD0-4E77-83B4-E3DBABCB65E6} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Task: {A074EFD9-1755-4AFE-80F5-48CFD8ED5A96} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5C7E842-045F-4872-965C-7C08B1E98211} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4436C849-FC1A-4D8E-B1BB-18DBD71AB699} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFEA709A-2010-491C-87C1-A697ABA7A5F6} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [59600 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFA8C2C6-C8C1-4113-8915-BB2992A55F4A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {765EDC83-9B9F-44FA-951B-3220BE1AB04A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B3735A6-B5A7-47EA-A214-26249D813E6E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E56FC6B6-FD8A-4EFD-A34A-D18D6CA984D9} - System32\Tasks\Microsoft\Windows\.NET Framework\CNBP_ileq => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [58856 2024-04-01] (Microsoft Corporation -> Microsoft Corporation) -> C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\/unregister /silent "C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\prwvvXolicyMpdsvr.dll" <==== ATTENTION
Task: {D6666904-B224-4D06-B9BF-1B10BD51E9CA} - System32\Tasks\Microsoft\Windows\AccountHealth\RecoverabilityToastTask => {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492} C:\WINDOWS\system32\AccountHealth.dll [258048 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D439B32D-C3C4-4287-B37B-C567DC6286AB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E420EC9B-7D86-4CB7-AE80-524937125C0A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Task: {8D28FB62-DB50-41F7-93F3-965A7586687F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {20645D35-956F-4E65-8758-44D1AC382DC8} - System32\Tasks\OneDrive Startup Task-S-1-5-21-18388365-1344367347-1764052335-1002 => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\OneDriveLauncher.exe [676688 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{def4f3a5-8f08-4fdf-9362-1fde7004cadb}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{def4f3a5-8f08-4fdf-9362-1fde7004cadb}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pepa\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-14]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Pepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-04-14]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\Pepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-14]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Pepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-12-30]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default [2025-03-22]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://www.aliexpress.com; hxxps://www.antikvarium.hu; hxxps://www.autodoc.cz; hxxps://www.ceskestavby.cz
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/","hxxps://cz7.forgeofempires.com/game/index?ref=gob_cz_cz_foe_bra"
CHR Extension: (FoE - Helper) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkagcmloachflbbkfmfiggipaelfamdf [2025-01-16]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-02-21]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-21]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-30]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Guest Profile [2025-03-22]
CHR Profile: C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-04-14]
CHR Notifications: Profile 1 -> hxxps://www.aliexpress.com; hxxps://www.megaknihy.cz; hxxps://www.obeccitonice.cz; hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxps://www.seznam.cz/","hxxps://cz7.forgeofempires.com/game/index?ref=gob_cz_cz_sebr_e"
CHR Extension: (FoE - Helper) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkagcmloachflbbkfmfiggipaelfamdf [2025-03-06]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Audio Editor) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cilapnfooagkoenmeapclliipblhcjdm [2025-02-05]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-14]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-21]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-04-14]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-02-05]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\System Profile [2025-02-05]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-18388365-1344367347-1764052335-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2025-04-14] (ASUSTeK Computer Inc. -> )
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\133.0.29113.143\elevation_service.exe [2207056 2025-03-23] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18991400 2024-12-30] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13860056 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
S2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [36800 2024-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3064848 2025-04-10] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{BF8CE513-D6B2-4A22-9CDF-975F0F60F770} [50504 2024-10-05] (Microsoft Windows -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncHelper.exe [3545400 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9407072 2025-04-14] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-04-14] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.056.0324.0002\OneDriveUpdaterService.exe [3892560 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15953464 2025-04-01] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12583256 2025-03-27] (KRAFTON, Inc. -> KRAFTON, Inc.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [54792 2023-04-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\amdkmdag.sys [94467928 2023-04-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-10-05] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [200704 2024-10-05] (Microsoft Corporation) [File not signed]
S3 ebrntdrv; C:\WINDOWS\system32\ebrntdrv.sys [27728 2023-06-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [27728 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2022-12-29] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\system32\drivers\EUEDKEPM.sys [24656 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-04-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [236728 2025-04-14] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-04-14] (Malwarebytes Inc. -> Malwarebytes)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2023-01-31] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-10] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R3 usbscan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\usbscan.sys [90112 2024-10-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
S0 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-14 21:01 - 2025-04-14 21:02 - 000024455 _____ C:\Users\Pepa\Desktop\FRST.txt
2025-04-14 20:48 - 2025-04-14 21:01 - 000000000 ____D C:\FRST
2025-04-14 20:46 - 2025-04-14 20:46 - 000001622 _____ C:\WINDOWS\system32\gf.txt
2025-04-14 20:21 - 2025-04-14 20:22 - 000000000 ____D C:\ProgramData\RogueKiller
2025-04-14 20:21 - 2025-04-14 20:21 - 000001229 _____ C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adlice Protect.lnk
2025-04-14 20:21 - 2025-04-14 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-04-14 20:21 - 2025-04-14 20:21 - 000000000 ____D C:\Program Files\RogueKiller
2025-04-14 20:09 - 2025-04-14 20:09 - 000236728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2025-04-14 20:09 - 2025-04-14 20:09 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-04-14 19:59 - 2025-04-14 19:59 - 000677108 _____ C:\WINDOWS\system32\perfh005.dat
2025-04-14 19:59 - 2025-04-14 19:59 - 000144960 _____ C:\WINDOWS\system32\perfc005.dat
2025-04-14 19:58 - 2025-04-14 20:48 - 000000000 ____D C:\Users\Pepa\AppData\Local\Malwarebytes
2025-04-14 19:58 - 2025-04-14 19:58 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-04-14 19:57 - 2025-04-14 19:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-04-14 19:57 - 2025-04-14 19:57 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-14 19:24 - 2025-04-14 21:00 - 000000000 ____D C:\Users\Pepa\Desktop\Removals
2025-04-14 18:50 - 2025-04-14 18:50 - 000000175 _____ C:\Users\Pepa\BullseyeCoverageError.txt
2025-04-14 18:29 - 2025-04-14 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO Malware Bouncer
2025-04-14 18:29 - 2025-04-14 18:32 - 000000000 ____D C:\Program Files (x86)\EMCO Malware Bouncer
2025-04-14 17:57 - 2025-04-14 17:57 - 009568256 _____ (Malwarebytes) C:\Users\Pepa\Desktop\adwcleaner.exe
2025-04-14 17:44 - 2025-04-14 17:45 - 000000000 ____D C:\AdwCleaner
2025-04-14 13:46 - 2025-04-14 13:46 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher.lnk
2025-04-14 13:46 - 2025-04-14 13:46 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\aTubeCatcher_10
2025-04-14 13:46 - 2025-04-14 13:46 - 000000000 ____D C:\Users\Pepa\AppData\Local\DsNET_Corp
2025-04-14 13:46 - 2025-04-14 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2025-04-14 13:46 - 2025-04-14 13:46 - 000000000 ____D C:\ProgramData\aTubeCatcher
2025-04-14 13:45 - 2025-04-14 13:45 - 000000000 ____D C:\Program Files\DsNET Corp
2025-04-10 20:56 - 2025-04-10 20:56 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-10 20:56 - 2025-04-10 20:56 - 000000000 ____D C:\inetpub
2025-04-10 16:18 - 2025-04-14 17:05 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\discord
2025-04-10 16:18 - 2025-04-14 16:37 - 000000000 ____D C:\Users\Pepa\AppData\Local\Discord
2025-04-10 16:18 - 2025-04-10 16:18 - 107226856 _____ (Discord Inc.) C:\Users\Pepa\Downloads\DiscordSetup.exe
2025-04-10 16:18 - 2025-04-10 16:18 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2025-04-10 16:18 - 2025-04-10 16:18 - 000000000 ____D C:\Users\Pepa\AppData\Local\SquirrelTemp
2025-04-10 13:41 - 2025-04-14 19:19 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-10 13:39 - 2025-04-10 13:39 - 000029042 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-04-10 13:39 - 2025-04-10 13:39 - 000029042 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-04-07 11:56 - 2025-04-07 11:56 - 000161921 _____ C:\Users\Pepa\Documents\Informace o pojisteni vozidla na dalsi obdobi.zip
2025-04-04 05:35 - 2025-04-04 05:35 - 000222895 _____ C:\Users\Pepa\Documents\SDS_V05563_-_MOTIP_BRAKE_CLEANER_5_LTR_GB-EN.pdf
2025-04-04 05:33 - 2025-04-04 05:33 - 000344503 _____ C:\Users\Pepa\Documents\097 clean08010_bezpečnostní list.pdf
2025-04-04 05:32 - 2025-04-04 05:32 - 000261903 _____ C:\Users\Pepa\Documents\097 clean08010_technický list.pdf
2025-03-30 19:49 - 2025-03-30 19:49 - 000000000 ____D C:\Users\Pepa\.protocol-registry
2025-03-30 19:47 - 2025-03-30 19:47 - 005350952 _____ (Seznam.cz) C:\Users\Pepa\Documents\Seznam.cz-install__30.exe
2025-03-29 18:34 - 2025-03-29 18:34 - 000128154 _____ C:\Users\Pepa\Documents\icdnayapc63wpl6buurksbqkduavo_C5.pdf
2025-03-24 08:06 - 2025-03-24 08:06 - 000324096 _____ C:\Users\Pepa\Documents\Nebezpečný odpad.ppt
2025-03-23 18:53 - 2025-03-23 18:53 - 000459559 _____ C:\Users\Pepa\Documents\declaration-consent-of-property-owners.PDF
2025-03-23 06:55 - 2025-03-23 06:55 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Microsoft\PowerPoint
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\SystemAcCrux
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\Users\Pepa\AppData\Local\SpacePop
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\Users\Pepa\AppData\Local\EPMUI
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\Users\Pepa\AppData\Local\cache
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master
2025-03-21 08:22 - 2025-03-21 08:22 - 000000000 ____D C:\Program Files (x86)\EaseUS
2025-03-21 08:22 - 2024-09-04 04:00 - 000174024 _____ C:\WINDOWS\system32\setupdrvx64.exe
2025-03-21 08:22 - 2023-06-19 14:06 - 000000010 _____ C:\WINDOWS\system32\setupdrv.ini
2025-03-21 08:21 - 2025-03-21 08:22 - 000000000 ____D C:\Program Files\EaseUS
2025-03-21 08:21 - 2025-03-21 08:21 - 000000000 ____D C:\ProgramData\SystemAcCrux
2025-03-21 08:21 - 2024-11-19 14:01 - 000175040 _____ C:\WINDOWS\system32\setupepmdrvx64.exe
2025-03-21 08:21 - 2024-11-18 16:50 - 006631872 _____ C:\WINDOWS\system32\BootMan.exe
2025-03-21 08:21 - 2024-11-18 16:50 - 000021952 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2025-03-21 08:21 - 2022-12-29 14:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2025-03-21 08:21 - 2022-12-29 14:34 - 000000057 _____ C:\WINDOWS\system32\setupepmdrv.ini
2025-03-20 17:57 - 2025-03-22 15:33 - 000000000 ___HD C:\ProgramData\Afh
2025-03-20 10:35 - 2025-03-20 10:35 - 000186728 _____ C:\Users\Pepa\Documents\Dodatek.pdf
2025-03-20 10:35 - 2025-03-20 10:35 - 000114905 _____ C:\Users\Pepa\Documents\Informace pro zákazníka – spotřebitele.pdf
2025-03-20 10:33 - 2025-03-20 10:33 - 000424117 _____ C:\Users\Pepa\Documents\Ceník.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-14 20:59 - 2025-01-06 15:34 - 000000141 _____ C:\Users\Pepa\Desktop\Hesla_internet.txt
2025-04-14 20:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-14 20:54 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-14 20:48 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\Registration
2025-04-14 19:59 - 2024-12-30 12:52 - 001603790 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-04-14 19:59 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-04-14 19:58 - 2024-04-01 09:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-04-14 19:53 - 2024-12-30 12:37 - 000003796 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-04-14 19:53 - 2024-12-30 12:36 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2025-04-14 19:53 - 2024-12-30 12:36 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-14 19:53 - 2024-12-30 12:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-14 19:52 - 2024-12-30 12:51 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-04-14 19:52 - 2024-12-30 12:36 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2025-04-14 19:52 - 2024-04-01 09:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-14 19:45 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-14 18:50 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa
2025-04-14 18:40 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa\AppData\Local\VirtualStore
2025-04-14 17:58 - 2025-01-06 15:39 - 000000000 ____D C:\Program Files (x86)\Samsung
2025-04-14 17:19 - 2024-12-30 12:36 - 000471976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-14 17:06 - 2024-12-31 04:42 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-14 16:15 - 2024-12-30 18:09 - 000000000 ____D C:\Program Files\Common Files\PUBG
2025-04-14 13:54 - 2025-02-08 11:05 - 000000000 ____D C:\Users\Pepa\Desktop\Aukro
2025-04-14 13:50 - 2025-02-05 06:12 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\vlc
2025-04-14 13:45 - 2024-12-30 13:41 - 000000000 ____D C:\ProgramData\Package Cache
2025-04-14 03:10 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-13 15:08 - 2024-12-30 12:57 - 000000436 _____ C:\Users\Pepa\Desktop\Tento počítač – zástupce.lnk
2025-04-13 13:43 - 2024-12-30 12:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-13 07:50 - 2024-12-30 12:37 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-12 04:33 - 2025-03-05 20:59 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\eM Client
2025-04-12 03:23 - 2025-02-08 03:20 - 000003540 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-18388365-1344367347-1764052335-1002
2025-04-12 03:23 - 2024-12-30 13:56 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-12 03:23 - 2024-12-30 13:56 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-12 03:23 - 2024-12-30 12:56 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1002
2025-04-11 17:58 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa\AppData\Local\D3DSCache
2025-04-11 03:23 - 2024-12-30 13:08 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-10 20:56 - 2024-04-01 18:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-10 20:56 - 2024-04-01 18:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-10 20:56 - 2024-04-01 18:31 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-10 20:56 - 2024-04-01 18:31 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-10 20:56 - 2024-04-01 18:30 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-10 20:56 - 2024-04-01 18:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-10 20:56 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-10 20:56 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-10 13:39 - 2024-12-30 12:41 - 003352064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-10 13:15 - 2024-12-30 12:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-10 13:03 - 2024-12-30 12:51 - 000000000 ____D C:\WINDOWS\system32\AMD
2025-04-10 13:03 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-04-06 04:23 - 2024-12-30 12:37 - 000003716 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{E6484C79-8F97-49D4-916F-B8DF394B58FE}
2025-04-06 04:23 - 2024-12-30 12:37 - 000003592 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{D55CCA49-6988-4FCD-A548-3A166EAEE273}
2025-04-04 14:25 - 2024-12-30 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-04-03 08:21 - 2024-12-30 14:30 - 000000000 ____D C:\Users\Pepa\AppData\Roaming\Microsoft\Word
2025-04-03 08:21 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa\AppData\Local\Packages
2025-03-27 09:58 - 2024-12-30 13:16 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2025-03-24 16:32 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa\AppData\LocalLow\AMD
2025-03-24 06:21 - 2025-03-05 06:59 - 000000372 _____ C:\Users\Pepa\Documents\spider.sav
2025-03-21 08:22 - 2024-12-30 12:55 - 000000000 ____D C:\Users\Pepa\AppData\Local\AMD
2025-03-20 17:57 - 2024-12-30 12:55 - 000000000 ___SD C:\Users\Pepa\AppData\Roaming\Microsoft\Protect
2025-03-19 23:34 - 2024-12-30 14:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-19 23:34 - 2024-12-30 14:13 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Pepajzl]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by Pepa (14-04-2025 21:02:40)
Running from C:\Users\Pepa\Desktop
Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) (2024-12-30 10:41:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-18388365-1344367347-1764052335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-18388365-1344367347-1764052335-503 - Limited - Disabled)
Guest (S-1-5-21-18388365-1344367347-1764052335-501 - Limited - Disabled)
Pepa (S-1-5-21-18388365-1344367347-1764052335-1002 - Administrator - Enabled) => C:\Users\Pepa
WDAGUtilityAccount (S-1-5-21-18388365-1344367347-1764052335-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adlice Protect version 16.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.1.2.0 - Adlice Software)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
aTube Catcher verze 10.8.11 (HKLM\...\{363C8C67-92B1-4FC9-BEC0-F5F197EFA07E}_is1) (Version: 10.8.11 - DsNET Corp. - Diego Uscanga)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 133.0.29113.143 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Discord (HKU\S-1-5-21-18388365-1344367347-1764052335-1002\...\Discord) (Version: 1.0.9059 - Discord Inc.)
EaseUS Partition Master (HKLM\...\EaseUS Partition Master_is1) (Version: 19.6 - EaseUS)
eM Client (HKLM-x32\...\{57DB06E1-8F88-4835-8DA4-3F07ED4C2BD9}) (Version: 10.1.4588.0 - eM Client s.r.o.)
EMCO Malware Bouncer (HKLM-x32\...\EMCO Malware Bouncer_is1) (Version: - Emco Software Ltd.)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.85 - Google LLC)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 5.2.10.182 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.10.182 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.73 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.73 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.056.0324.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.32 - Samsung Electronics Co., Ltd.) Hidden
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.93 - Samsung Electronics CO., LTD.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)

Packages:
=========
Balíček prostředí funkcí systému Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-10] (Microsoft Windows)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe [2025-03-28] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16 [2025-04-04] ()
WinRAR -> C:\Program Files\WinRAR [2024-12-30] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-18388365-1344367347-1764052335-1002_Classes\CLSID\{04271989-C4D2-839B-655C-149AE643CEF4} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-18388365-1344367347-1764052335-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [EpmRightMenu] -> {a5354344-b5da-4901-afd1-f0adc1d0b8bd} => C:\Program Files\EaseUS\RightMenu\epmright.dll [2024-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> TODO: <Company name>)
ContextMenuHandlers2: [EpmRightMenu] -> {a5354344-b5da-4901-afd1-f0adc1d0b8bd} => C:\Program Files\EaseUS\RightMenu\epmright.dll [2024-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> TODO: <Company name>)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-04-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EpmRightMenu] -> {a5354344-b5da-4901-afd1-f0adc1d0b8bd} => C:\Program Files\EaseUS\RightMenu\epmright.dll [2024-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> TODO: <Company name>)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0002\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers5: [EpmRightMenu] -> {a5354344-b5da-4901-afd1-f0adc1d0b8bd} => C:\Program Files\EaseUS\RightMenu\epmright.dll [2024-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> TODO: <Company name>)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-04-14] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pepa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Pepa - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2025-04-14 19:58 - 2025-04-14 19:58 - 000191488 _____ (Dominick Baier;Brock Allen) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Anti-Malware\IdentityModel.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-04-01 09:26 - 2024-04-01 09:24 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-18388365-1344367347-1764052335-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Pepa\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5664405148677844886\133891007155310674.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

Network Binding:
=============
Wi-Fi: Realtek 8821CE Wireless LAN 802.11ac PCI-E NIC -> rtwlane.sys
Ethernet: Realtek PCIe GbE Family Controller -> rtcx21x64.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A993986D-2C3E-4489-ACA6-3D3E82507DD9}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B05937CC-1646-4110-BE54-A9EAE498EEC4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7FADECD-14A5-4187-B90F-2536413D8E68}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CF5B695-41E0-4E03-8E3F-B985E5FB65B2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9360A92F-622F-4C2C-90B7-0E5DBF1EAB15}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A8A128C-44DF-4A1B-A03A-F6D9E2364B1F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6713A38-D111-4262-A87B-5599261A42EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA05ACBF-C3D5-4F04-8275-67253E7AFD58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{FBC2347B-3190-439E-BF8E-756BA8313F59}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{DCEABC36-3F10-4D80-B58D-1B6A88AF7565}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File
FirewallRules: [{B23872D9-A164-4169-A83F-00F84D1C48B6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File
FirewallRules: [{FF42EE50-D0BB-4868-863F-5523A21558F8}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{50F2F68E-F3AC-4DAE-827E-05D68EF6FCCB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{76C96968-EBB4-4F56-AB13-B49EDCA1220C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.73\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

10-04-2025 13:32:36 Instalační služba modulů systému Windows
14-04-2025 17:57:54 AdwCleaner_BeforeCleaning_14/04/2025_17:57:54
14-04-2025 19:20:20 JRT Pre-Junkware Removal
14-04-2025 19:48:03 JRT Pre-Junkware Removal
14-04-2025 20:17:32 JRT Pre-Junkware Removal
14-04-2025 20:32:05 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/14/2025 07:53:17 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\MOJE_PC$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:53:14 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1327cc55-1cb9-4893-b201-574dbb6ddc53

Metoda: GET(359ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 07:53:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:53:14 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6864e20f-9092-4c43-9fcd-8862e076b3bb

Metoda: GET(406ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 07:53:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\MOJE_PC$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:53:14 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1c508413-6f17-4a82-b12b-a1f040d979fd

Metoda: GET(406ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 07:45:45 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\MOJE_PC$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:45:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 853f2c12-98e9-4622-a7b5-b3c903e82f85

Metoda: GET(313ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 07:45:45 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:45:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5eb94ebc-4f8c-4656-8304-f4aef37472c8

Metoda: GET(421ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 07:45:45 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\MOJE_PC$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 17:45:42 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: f70d11df-4db2-4fd6-bc94-2c621ed16a6a

Metoda: GET(421ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (04/14/2025 06:48:56 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: moje_PC)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (04/14/2025 05:19:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\MOJE_PC$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 14 Apr 2025 15:19:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ae114b93-4b87-42c6-9bbb-6bb797ec32a5

Metoda: GET(297ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (04/14/2025 07:55:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/14/2025 07:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EaseUS UPDATE SERVICE byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/14/2025 07:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/14/2025 07:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD Crash Defender Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/14/2025 07:55:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/14/2025 07:52:17 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT AUTHORITY)
Description: Služba přidružení zařízení zjistila chybu zjišťování koncového bodu.

Error: (04/14/2025 07:52:17 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT AUTHORITY)
Description: Služba přidružení zařízení zjistila chybu zjišťování koncového bodu.

Error: (04/14/2025 07:44:43 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT AUTHORITY)
Description: Služba přidružení zařízení zjistila chybu zjišťování koncového bodu.


Windows Defender:
================
Date: 2025-03-22 06:06:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-21 06:00:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-20 07:27:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-19 06:15:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-18 06:00:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2025-03-10 05:00:31
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\Pepa\AppData\Local\Temp\chrome_BITS_15176_824893706\puffpatch_out
Sha256: e70a86edb1fa31d04a9a9aa3f9a6fcc2b7ae85081d1d347c577fd379112398bc
Current security intelligence Version: AV: 1.423.306.0, AS: 1.423.306.0
Current Engine Version: 1.1.25010.7
Error code: 0x80508016


Date: 2025-01-02 09:04:01
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1126.0
Update Source: Server Microsoft Update
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x8024402c
Error description: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2025-04-14 21:02:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3202 06/16/2023
Motherboard: ASUSTeK COMPUTER INC. TUF GAMING A520M-PLUS WIFI
Processor: AMD Ryzen 5 4500 6-Core Processor
Percentage of memory in use: 14%
Total physical RAM: 65325 MB
Available physical RAM: 55714.89 MB
Total Virtual: 69421 MB
Available Virtual: 58634.91 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:929.56 GB) (Free:815.28 GB) (Model: KINGSTON SNV2S1000G) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:228.65 GB) (Model: WDC WD10EZEX-00KUWA0) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c1cbd37c-192d-437c-a5ff-f74e747e19db}\ () (Fixed) (Total:0.63 GB) (Free:0.07 GB) NTFS
\\?\Volume{55d4392f-071f-4717-b130-b1cba8b74778}\ () (Fixed) (Total:0.67 GB) (Free:0.11 GB) NTFS
\\?\Volume{4cf6bb99-aaff-4096-96ad-bf0a5d101493}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f307b479-a4cd-417a-bf9a-c0c7525667ab}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 12BD2E40)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F82E40B1)

Partition: GPT.

==================== End of Addition.txt =======================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
Task: {E059EBAC-AFC0-4CBC-9973-A6990194E582} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{03F3DCE6-ACD0-4E77-83B4-E3DBABCB65E6} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Task: {E56FC6B6-FD8A-4EFD-A34A-D18D6CA984D9} - System32\Tasks\Microsoft\Windows\.NET Framework\CNBP_ileq => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [58856 2024-04-01] (Microsoft Corporation -> Microsoft Corporation) -> C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\/unregister /silent "C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\prwvvXolicyMpdsvr.dll" <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {E420EC9B-7D86-4CB7-AE80-524937125C0A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
FirewallRules: [{BA05ACBF-C3D5-4F04-8275-67253E7AFD58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{FBC2347B-3190-439E-BF8E-756BA8313F59}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{DCEABC36-3F10-4D80-B58D-1B6A88AF7565}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File
FirewallRules: [{B23872D9-A164-4169-A83F-00F84D1C48B6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak vyzkoušej písmo. Dělá to ve wordu nebo i v poznámkovém bloku?

[Pepajzl]

Tak momentálně to funguje jak má. Předtím to dělalo všude, ve Wordu, v prohlížečích, v pozn. bloku atd...

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by Pepa (15-04-2025 04:36:18) Run:1
Running from C:\Users\Pepa\Desktop\Removals
Loaded Profiles: Pepa
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
Task: {E059EBAC-AFC0-4CBC-9973-A6990194E582} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{03F3DCE6-ACD0-4E77-83B4-E3DBABCB65E6} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Task: {E56FC6B6-FD8A-4EFD-A34A-D18D6CA984D9} - System32\Tasks\Microsoft\Windows\.NET Framework\CNBP_ileq => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [58856 2024-04-01] (Microsoft Corporation -> Microsoft Corporation) -> C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\/unregister /silent "C:\Program Files (x86)\Common Files\ExplorePrinter\VocnmeLuild\prwvvXolicyMpdsvr.dll" <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {E420EC9B-7D86-4CB7-AE80-524937125C0A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
FirewallRules: [{BA05ACBF-C3D5-4F04-8275-67253E7AFD58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{FBC2347B-3190-439E-BF8E-756BA8313F59}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe => No File
FirewallRules: [{DCEABC36-3F10-4D80-B58D-1B6A88AF7565}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File
FirewallRules: [{B23872D9-A164-4169-A83F-00F84D1C48B6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe => No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E059EBAC-AFC0-4CBC-9973-A6990194E582}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E059EBAC-AFC0-4CBC-9973-A6990194E582}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{03F3DCE6-ACD0-4E77-83B4-E3DBABCB65E6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{03F3DCE6-ACD0-4E77-83B4-E3DBABCB65E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E56FC6B6-FD8A-4EFD-A34A-D18D6CA984D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E56FC6B6-FD8A-4EFD-A34A-D18D6CA984D9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\.NET Framework\CNBP_ileq => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\.NET Framework\CNBP_ileq" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E420EC9B-7D86-4CB7-AE80-524937125C0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E420EC9B-7D86-4CB7-AE80-524937125C0A}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-18388365-1344367347-1764052335-1001" => removed successfully
HKLM\SOFTWARE\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA05ACBF-C3D5-4F04-8275-67253E7AFD58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBC2347B-3190-439E-BF8E-756BA8313F59}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCEABC36-3F10-4D80-B58D-1B6A88AF7565}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B23872D9-A164-4169-A83F-00F84D1C48B6}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 321401254 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 71642786 B
Windows/system/drivers => 91199793 B
Edge => 0 B
Chrome => 1343989357 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 367637 B
systemprofile32 => 367905 B
LocalService => 384413 B
NetworkService => 464095 B
Pepa => 184304755 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:36:53 ====

[jaro3]

Stáhni si zde DelFix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.