Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2022
Ran by Petr (administrator) on PETR-PC (23-01-2022 17:40:21)
Running from F:\a\download\FRST_na_log_pro_viry.cz
Loaded Profiles: Petr & DefaultAppPool
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1466 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] H:\Windows\Dell\PanelMgr\SSMMgr.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) H:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) H:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> Acronis International GmbH) H:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) H:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
(ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) H:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Adobe Inc. -> Adobe Inc.) H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Analog Devices, Inc.) [File not signed] H:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(ANDREA VACONDIO -> ANDREA VACONDIO) H:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(Apple Inc. -> Apple Inc.) H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) H:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) H:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) H:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc. -> ) H:\Windows\Dell\PanelMgr\caller64.exe
(Dropbox, Inc -> Dropbox, Inc.) H:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) H:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) H:\Program Files (x86)\Dropbox\Client\140.4.1951\QtWebEngineProcess.exe <2>
(ESET, spol. s r.o. -> ESET) H:\Program Files\ESET\ESET Smart Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) H:\Program Files\ESET\ESET Smart Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) H:\Program Files\ESET\ESET Smart Security\eOppFrame.exe
(Estmob Inc. -> Estmob Inc.) H:\Program Files\Send Anywhere\Send Anywhere.exe <5>
(Ghisler Software GmbH -> Ghisler Software GmbH) H:\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation -> © 2015 Microsoft Corporation) H:\Users\Petr\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corporation) H:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) H:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) H:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) H:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) H:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) H:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) H:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Windows -> Microsoft Corporation) H:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) H:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) H:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) H:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) H:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) H:\Program Files (x86)\Mozilla Firefox\firefox.exe <15>
(Oracle America, Inc. -> Oracle Corporation) H:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SafeNet, Inc. -> SafeNet Inc.) H:\Windows\System32\hasplms.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) H:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ZONER software, a.s. -> ZONER software) H:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAX] => H:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) [File not signed]
HKLM\...\Run: [BCSSync] => H:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [egui] => H:\Program Files\ESET\ESET Smart Security\ecmdS.exe [167496 2022-01-20] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [Acronis Scheduler2 Service] => H:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [587480 2018-04-03] (Acronis International GmbH -> )
HKLM\...\Run: [iTunesHelper] => H:\Program Files\iTunes\iTunesHelper.exe [331064 2020-07-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (No File)
HKLM-x32\...\Run: [JMB36X IDE Setup] => H:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () [File not signed]
HKLM-x32\...\Run: [Dell PanelMgr] => H:\Windows\Dell\PanelMgr\SSMMgr.exe [626688 2009-12-11] () [File not signed]
HKLM-x32\...\Run: [Dropbox] => H:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => H:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4630488 2018-06-18] (Acronis International GmbH -> )
HKLM-x32\...\Run: [SwitchBoard] => H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => H:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => H:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2018-04-03] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => H:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [BingSvc] => H:\Users\Petr\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-18] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [Google Update] => H:\Users\Petr\AppData\Local\Google\Update\1.3.36.122\GoogleUpdateCore.exe [223816 2022-01-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [iCloudServices] => H:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-07-24] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [electron.app.Loom] => H:\Users\Petr\AppData\Local\Programs\Loom\Loom.exe --process-start-args "--loomHidden" (No File)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [SendAnywhere] => H:\Program Files\Send Anywhere\Send Anywhere.exe [104247776 2021-04-02] (Estmob Inc. -> Estmob Inc.)
HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\...\Run: [Zoner Photo Studio Autoupdate] => H:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software, a.s. -> ZONER software)
HKLM\...\Windows x64\Print Processors\sdp1mPC: H:\Windows\System32\spool\prtprocs\x64\sdp1mpc.dll [33792 2009-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: H:\WINDOWS\system32\AdobePDF.dll [55872 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\sdp1m Langmon: H:\WINDOWS\system32\sdp1ml6.dll [27648 2009-08-02] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> H:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0474D82C-9CF5-4CD3-8008-127B2958B29D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => H:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {08BEC8D4-035C-4F18-9707-D4BDC0D66267} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000Core => H:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-30] (Google Inc -> Google Inc.)
Task: {0CD2A419-E057-43D5-9BD0-14306E7CCD96} - System32\Tasks\Mozilla\Firefox Default Browser Agent C9C1DA85CEF85CB4 => H:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "C9C1DA85CEF85CB4"
Task: {0DC81169-BAF7-44C6-9A07-345329439EB0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => H:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {0EF2C48E-782A-45C5-BE76-43AD4FDF1385} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {22C9D315-3E8A-4332-BF32-61A758BB87CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000UA => H:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-30] (Google Inc -> Google Inc.)
Task: {272CBB41-A8AE-4FDD-B696-FD9DCD30BFAD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => H:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {302A396C-4948-4B67-8430-A7E5A8153860} - System32\Tasks\DropboxUpdateTaskMachineCore => H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {311BC41B-5CC7-43D4-90F9-C87E8F07FD34} - System32\Tasks\avast! Emergency Update => H:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (No File)
Task: {3335356E-44DE-4207-841F-8B428348D200} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => H:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {3596814E-FB73-4375-AA10-784CA87D5A84} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => H:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {387D8254-BD45-4825-A454-81EDC52EC64B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => H:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {38E024B8-BBFB-464F-B29C-FD54B56346A9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {41CD24E0-915D-4F6F-9B28-F64970DB6660} - System32\Tasks\Adobe Acrobat Update Task => H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {43EFD1C1-F1DC-49B4-ABE3-756D28575626} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => H:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {53EAC8ED-4647-45EB-8F1E-8753B41EE508} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {5714F531-0B47-46A6-824C-8F80C4A1D21D} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {5B1F6F56-228B-450A-8897-00CEC467CA3F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => H:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BF3E45C-F281-4954-A0EE-FD0327C050DB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => H:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {5DC385F6-F496-461E-86AA-50C973547FD6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => H:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {657EE01E-B4F2-4E70-810F-25C1387ED432} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {7819117F-9A40-4BF7-BA24-34E8C1B81D62} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => H:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {790A0C48-AB52-44D8-A5F9-F2495CF93DB9} - System32\Tasks\Apple\AppleSoftwareUpdate => H:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7A5EB07D-2128-44B5-BF3D-84CF3497B38F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7CA5CF35-DF04-4837-985C-53F3247B0771} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => H:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {7E36F69E-9CD5-44C4-8A88-43B19CF4A6F2} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {7EF1D481-AFCA-4651-9465-BD747CC3CDAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000Core1d257ec457a50f3 => H:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-30] (Google Inc -> Google Inc.)
Task: {802E31EE-ADD7-4191-A46C-ECE0D44C3E88} - System32\Tasks\GoogleUpdateTaskMachineCore => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-08-05] (Google Inc -> Google Inc.)
Task: {81439D16-75A8-4969-BA96-6D2ACD30E51C} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {88ED950D-B515-4DD0-A575-457FBEBA4F60} - System32\Tasks\SafeZone scheduled Autoupdate 1459325336 => H:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {8EFD11E9-2977-49EA-BD41-DC3D52D13E5D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8F70C2E0-C01C-4F51-958A-9D83FAD1447D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000UA1d257ec458fc625 => H:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-30] (Google Inc -> Google Inc.)
Task: {922971FC-A226-4B37-BAC1-DDBDDE6DB35B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {945F9B3B-B480-4872-A343-EC73289D0EC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => H:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {95049D0D-0334-41C9-A26A-B156AEAC2DED} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => H:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {9A8BA42A-EF9D-4188-A6A8-C874F0A49F39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => H:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9C3A3B98-1A7F-4B58-BF46-5F50184312C1} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {9D343390-B102-45AD-960A-A79046293F3F} - System32\Tasks\AdobeAAMUpdater-1.0-Petr-PC-Petr => H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A15F60A9-07AE-45D5-BED3-EA073ED01824} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A2E9FEC2-94FC-400A-A989-D6AACFB2C137} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A55AB5EA-2CDA-4A00-A15C-DF093CF738AD} - System32\Tasks\GoogleUpdateTaskMachineUA => H:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-08-05] (Google Inc -> Google Inc.)
Task: {AB64EE80-D8A1-4975-8B4D-0DBDBAC80B39} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => H:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {AB6F4E66-6C35-4D8B-B277-B2D088B6F9F5} - System32\Tasks\DropboxUpdateTaskMachineUA => H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B5B25D51-4AD9-45F4-BBBF-8B568BA5D743} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => H:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {B8048855-25E7-4605-A799-AC0092650A48} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B9CE4621-9338-43CD-AFA3-D5C2678D7AF6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C1E27D2D-AE81-4791-8A12-0ADB8A1CFDCA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => H:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {C3A0E809-76CE-4397-8D5B-FAC4384E0F3E} - System32\Tasks\G2MUploadTask-S-1-5-21-3201348344-1589498996-2309135360-1000 => H:\Users\Petr\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C9647D65-8D80-4B22-955A-AE1FDAB3FFFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => H:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {CC5C223D-4912-4363-A978-83B1EB4FC806} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => H:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {D2CFA0B3-E372-4C63-BE6E-80F749072F27} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D74AF912-FCBB-47E4-AE54-4F16C08649B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DEE8FD3A-43C3-43F4-AC33-0BE55A9FDE95} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E2EE2652-27DD-4320-8A7E-952EA861C7C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E4344854-E77D-440B-AF89-2553FAD99B78} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => H:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {E9089903-26E9-4C95-86E1-18718A997737} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {EE780ABE-FCFB-4B7E-A9D3-8D579A496CF6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => H:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {F266FE80-4E2C-4B62-8C96-B6677570EB0A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F28C4E09-C4DD-4DE0-A359-C50753E58459} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FC6BDE1B-3EB6-470E-87A7-F921AF4C5725} - System32\Tasks\G2MUpdateTask-S-1-5-21-3201348344-1589498996-2309135360-1000 => H:\Users\Petr\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {FD1E0F8C-D4EB-4BDD-942A-11DE3729D56B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: H:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => H:\WINDOWS\explorer.exe
Task: H:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: H:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: H:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3201348344-1589498996-2309135360-1000.job => H:\Users\Petr\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: H:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3201348344-1589498996-2309135360-1000.job => H:\Users\Petr\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 86.49.5.221 86.49.5.222
Tcpip\..\Interfaces\{3d5b9a4c-5b5c-46b9-9d9d-0bc927c7379b}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{cda1eec1-01a1-4110-97c5-1f91916119f5}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{d315a830-bb7e-42da-b96d-1e69d9e89451}: [DhcpNameServer] 86.49.5.221 86.49.5.222

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => H:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => H:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => H:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => H:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: H:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-20]

FireFox:
========
FF DefaultProfile: sma3obuu.petr2018
FF ProfilePath: H:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\sma3obuu.petr2018 [2022-01-23]
FF Notifications: Mozilla\Firefox\Profiles\sma3obuu.petr2018 -> hxxps://www.link-assistant.com; hxxps://www.loom.com
FF ProfilePath: H:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\ktgyhaw3.default-1523878860835 [2021-04-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-11-05] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> H:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> H:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> H:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> H:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> H:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> H:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> H:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: H:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2022-01-23]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2022-01-22]
CHR Notifications: Default -> hxxps://blog.seznam.cz; hxxps://proficio.cz; hxxps://web.skype.com; hxxps://www.cnet.com; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Elevar GTM Event Builder) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanpkkmackhljjnbcopdoidpdjngfooc [2021-11-26]
CHR Extension: (Prezentace) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Facebook Pixel Helper) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-01]
CHR Extension: (Tabulky) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-22]
CHR Extension: (Google Analytics Debugger) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2019-07-31]
CHR Extension: (Tag Assistant Legacy (by Google)) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-24]
CHR Extension: (Linkclump) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2021-09-06]
CHR Extension: (Loom – Free Screen and Cam Recorder) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2022-01-19]
CHR Extension: (Keyword Wrapper & Permutation Tool) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhdnileajaidhkhmomkdjgnpkbgepgoe [2019-12-13]
CHR Extension: (Platby Internetového obchodu Chrome) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-22]
CHR Profile: H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-17]
CHR Notifications: Profile 1 -> hxxps://business.facebook.com; hxxps://www.facebook.com
CHR HomePage: Profile 1 -> msn.com
CHR DefaultSearchURL: Profile 1 -> hxxps://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Extension: (Prezentace) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-27]
CHR Extension: (Dokumenty) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-27]
CHR Extension: (Disk Google) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-27]
CHR Extension: (YouTube) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-27]
CHR Extension: (Adobe Acrobat) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-31]
CHR Extension: (MSN Homepage & Bing Search Engine) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2021-07-27]
CHR Extension: (Tabulky) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-27]
CHR Extension: (Dokumenty Google offline) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-27]
CHR Extension: (Gmail) - H:\Users\Petr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-27]
CHR Profile: H:\Users\Petr\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-22]
CHR HKU\S-1-5-21-3201348344-1589498996-2309135360-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; H:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; H:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1218920 2018-04-03] (Acronis International GmbH -> )
R2 AdobeARMservice; H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; H:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-10-02] (Acronis International GmbH -> )
R2 Apple Mobile Device Service; H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
S2 dbupdate; H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; H:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; H:\WINDOWS\system32\DbxSvc.exe [44328 2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 ekrn; H:\Program Files\ESET\ESET Smart Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; H:\Program Files\ESET\ESET Smart Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 hasplms; H:\WINDOWS\system32\hasplms.exe [4665168 2015-09-23] (SafeNet, Inc. -> SafeNet Inc.)
R2 mmsminisrv; H:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2018-04-03] (Acronis International GmbH -> Acronis International GmbH)
R2 mobile_backup_server; H:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2018-04-03] (Acronis International GmbH -> Acronis International GmbH)
R2 mobile_backup_status_server; H:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1747296 2018-06-18] (Acronis International GmbH -> )
R2 PDFsam Manager; H:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO -> ANDREA VACONDIO)
S3 Sense; H:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; H:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; H:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2018-04-03] (Acronis International GmbH -> )
R2 TeamViewer; H:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; H:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; H:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; H:\WINDOWS\system32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet, Inc. -> SafeNet Inc.)
R3 akshhl; H:\WINDOWS\system32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet, Inc. -> SafeNet Inc.)
R3 aksusb; H:\WINDOWS\system32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet, Inc. -> SafeNet Inc.)
S3 BthA2dp; H:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; H:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; H:\WINDOWS\System32\DRIVERS\eamonm.sys [184464 2022-01-20] (ESET, spol. s r.o. -> ESET)
R0 edevmon; H:\WINDOWS\System32\DRIVERS\edevmon.sys [122944 2022-01-20] (ESET, spol. s r.o. -> ESET)
S0 eelam; H:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; H:\WINDOWS\system32\DRIVERS\ehdrv.sys [201976 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; H:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfw; H:\WINDOWS\system32\DRIVERS\epfw.sys [69704 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; H:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110560 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 file_protector; H:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; H:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 hardlock; H:\WINDOWS\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet, Inc. -> SafeNet Inc.)
S3 MpKsle1ddb682; H:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FBCD406-F014-48B3-8A9D-71226F6ADAD0}\MpKslDrv.sys [47344 2020-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 MTsensor; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> )
S3 Netaapl; H:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
U5 PROCMON24; H:\Windows\System32\Drivers\PROCMON24.sys [94072 2021-05-13] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R0 tib; H:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; H:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; H:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 USBAAPL64; H:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R2 virtual_file; H:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; H:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-10-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; H:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; H:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; H:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; H:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-15] (Microsoft Windows -> Microsoft Corporation)
R3 yukonw8; H:\WINDOWS\System32\drivers\yk63x64.sys [288768 2019-12-07] (Microsoft Windows -> Marvell)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-21 12:17 - 2022-01-21 12:19 - 000000000 ____D H:\Users\Petr\AppData\Local\RelayRecorder
2022-01-21 12:17 - 2022-01-21 12:17 - 000001122 _____ H:\Users\Petr\Desktop\TechSmith Capture.lnk
2022-01-21 10:01 - 2022-01-22 10:26 - 000000000 ____D H:\Program Files (x86)\Mozilla Firefox
2022-01-21 10:00 - 2022-01-21 10:00 - 000000000 ____D H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-01-20 20:51 - 2022-01-20 20:51 - 000027312 _____ H:\Users\Petr\Downloads\Dolphin - Google Nakupy (cz) - COPY tisk - Vsechny produkty - csv_output.xlsx
2022-01-20 20:50 - 2022-01-20 20:50 - 000009193 _____ H:\Users\Petr\Downloads\Dolphin - Google Nakupy [cz] - COPY tisk - Vsechny produkty - csv_output (1).csv
2022-01-20 20:43 - 2022-01-20 20:43 - 000015427 _____ H:\Users\Petr\Downloads\Dolphin - Google Nakupy [cz] - COPY tisk - Vsechny produkty - csv_output.csv
2022-01-19 01:17 - 2022-01-19 01:17 - 000047600 _____ (Dropbox, Inc.) H:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-01-19 01:17 - 2022-01-19 01:17 - 000047600 _____ (Dropbox, Inc.) H:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-01-19 01:17 - 2022-01-19 01:17 - 000047600 _____ (Dropbox, Inc.) H:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-01-19 01:17 - 2022-01-19 01:17 - 000044328 _____ (Dropbox, Inc.) H:\WINDOWS\system32\DbxSvc.exe
2022-01-17 19:16 - 2022-01-17 19:16 - 000014174 _____ H:\Users\Petr\Downloads\3a0bba3f1b42cbb3aaa2f64a049ae99c.odt
2022-01-13 20:36 - 2022-01-13 20:36 - 000258560 _____ H:\Users\Petr\Downloads\60_produktu_zip_rozbalen_pres_macbook.xls
2022-01-13 20:17 - 2022-01-13 20:17 - 000073916 _____ H:\Users\Petr\Downloads\produkty_2022-01-13_20 17 39_.zip
2022-01-13 20:12 - 2022-01-13 20:13 - 000060334 _____ H:\Users\Petr\Downloads\produkty_2022-01-13_20 12 42_.zip
2022-01-13 20:08 - 2022-01-13 20:08 - 000069475 _____ H:\Users\Petr\Downloads\produkty_2022-01-13_20 08 32_.zip
2022-01-13 20:08 - 2022-01-13 20:08 - 000002301 _____ H:\Users\Petr\Downloads\item_issues_144163670_2022-01-13T18 58 14.073Z_.csv
2022-01-13 20:06 - 2022-01-13 20:06 - 000067487 _____ H:\Users\Petr\Downloads\produkty_2022-01-13_20_06_17_.zip
2022-01-12 16:10 - 2022-01-13 20:51 - 000000000 ____D H:\Program Files (x86)\Mozilla Thunderbird
2022-01-12 15:34 - 2022-01-12 15:34 - 000523776 _____ (curl, hxxps://curl.se/) H:\WINDOWS\system32\curl.exe
2022-01-12 15:34 - 2022-01-12 15:34 - 000464384 _____ (curl, hxxps://curl.se/) H:\WINDOWS\SysWOW64\curl.exe
2022-01-12 15:34 - 2022-01-12 15:34 - 000011797 _____ H:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-12 14:55 - 2022-01-12 15:00 - 000000000 ___HD H:\$WinREAgent
2022-01-09 21:05 - 2022-01-09 21:05 - 000065362 _____ H:\Users\Petr\Downloads\produkty_2022-01-09_21_05_09_.zip
2022-01-09 20:40 - 2022-01-09 20:40 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (12).xml
2022-01-09 20:40 - 2022-01-09 20:40 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (11).xml
2022-01-09 20:40 - 2022-01-09 20:40 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (10).xml
2022-01-09 20:39 - 2022-01-09 20:39 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (9).xml
2022-01-09 20:39 - 2022-01-09 20:39 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (8).xml
2022-01-09 20:39 - 2022-01-09 20:39 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (7).xml
2022-01-09 20:20 - 2022-01-09 20:20 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (6).xml
2022-01-09 19:39 - 2022-01-09 19:39 - 002010783 _____ H:\Users\Petr\Downloads\googleProducts (5).xml
2022-01-08 20:53 - 2019-08-20 14:57 - 1473128448 _____ H:\Users\Petr\Desktop\Auta 1.avi
2022-01-04 17:40 - 2022-01-04 17:40 - 000004490 _____ H:\Users\Petr\Downloads\harmonysm@seznam.cz - Účet Po měsících Minulý měsíc Všechny aktivní a pozastavené kampaně (- vyuctovani_minuly_mesic_vice) (33).html
2022-01-04 17:40 - 2022-01-04 17:40 - 000003704 _____ H:\Users\Petr\Downloads\harmonysm@seznam.cz - Účet Souhrn Minulý měsíc Všechny aktivní a pozastavené kampaně  - vyuctovani_minuly_mesic (33).html
2022-01-04 17:11 - 2022-01-04 17:11 - 000005117 _____ H:\Users\Petr\Downloads\Analytics www.harmonyclub.cz NFG2 20211201-20211231.xlsx
2022-01-04 17:10 - 2022-01-04 17:10 - 000006977 _____ H:\Users\Petr\Downloads\Analytics www.harmonyclub.cz NFS 20211201-20211231.xlsx
2022-01-04 17:03 - 2022-01-04 17:03 - 000008715 _____ H:\Users\Petr\Downloads\Analytics www.harmonyclub.cz NO 20211201-20211231 (1).xlsx
2022-01-04 17:01 - 2022-01-04 17:01 - 000008715 _____ H:\Users\Petr\Downloads\Analytics www.harmonyclub.cz NO 20211201-20211231.xlsx
2022-01-04 16:23 - 2022-01-04 16:23 - 000027993 _____ H:\Users\Petr\Downloads\4030276560.pdf
2022-01-04 16:22 - 2022-01-04 16:22 - 000031534 _____ H:\Users\Petr\Downloads\4045978615.pdf
2022-01-02 16:38 - 2022-01-02 16:38 - 000350378 _____ H:\Users\Petr\Downloads\Přehled vyhledávacích dotazů (3).csv
2021-12-31 16:56 - 2021-12-31 16:56 - 000019861 _____ H:\Users\Petr\Downloads\leadpages_receipt(4).pdf
2021-12-31 16:55 - 2021-12-31 16:55 - 000019861 _____ H:\Users\Petr\Downloads\leadpages_receipt(3).pdf
2021-12-31 16:54 - 2021-12-31 16:54 - 000019861 _____ H:\Users\Petr\Downloads\leadpages_receipt(2).pdf
2021-12-31 16:52 - 2021-12-31 16:52 - 000019970 _____ H:\Users\Petr\Downloads\leadpages_receipt(1).pdf
2021-12-27 19:33 - 2021-12-27 19:34 - 017536546 _____ (Fanurio Time Tracking SRL) H:\Users\Petr\Downloads\fanurio-2.5.2-setup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-23 17:42 - 2019-10-15 13:37 - 000000000 ____D H:\FRST
2022-01-23 17:41 - 2015-08-05 10:22 - 000000000 ____D H:\Program Files (x86)\Google
2022-01-23 17:39 - 2019-12-07 10:14 - 000000000 ____D H:\ProgramData\regid.1991-06.com.microsoft
2022-01-23 17:37 - 2016-11-18 11:57 - 000000000 ____D H:\Users\Petr\AppData\LocalLow\Mozilla
2022-01-23 17:17 - 2019-01-30 12:35 - 000000000 ____D H:\ProgramData\Mozilla
2022-01-23 16:28 - 2020-08-28 14:09 - 000000000 ____D H:\WINDOWS\system32\SleepStudy
2022-01-23 15:27 - 2016-08-17 14:44 - 000000000 ____D H:\Users\Petr\AppData\Local\Dropbox
2022-01-23 15:23 - 2021-04-06 12:16 - 000000000 ____D H:\Users\Petr\AppData\Roaming\Send Anywhere
2022-01-23 15:23 - 2015-08-05 10:21 - 000000000 ____D H:\Users\Petr\AppData\Local\Adobe
2022-01-23 15:21 - 2021-10-11 09:30 - 000000000 ____D H:\WINDOWS\system32\Tasks\Mozilla
2022-01-23 15:19 - 2020-08-28 14:45 - 000000006 ____H H:\WINDOWS\Tasks\SA.DAT
2022-01-23 15:19 - 2019-11-08 15:17 - 000000000 ____D H:\Program Files (x86)\TeamViewer
2022-01-23 15:18 - 2020-08-28 14:08 - 000008192 ___SH H:\DumpStack.log.tmp
2022-01-22 23:32 - 2019-12-07 10:03 - 000524288 _____ H:\WINDOWS\system32\config\BBI
2022-01-22 10:39 - 2019-12-07 10:14 - 000000000 ___HD H:\Program Files\WindowsApps
2022-01-22 10:39 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\AppReadiness
2022-01-22 10:26 - 2016-01-20 14:38 - 000000000 ____D H:\Program Files (x86)\Mozilla Maintenance Service
2022-01-21 23:13 - 2016-09-19 15:25 - 000000000 ____D H:\Users\Petr\.junique
2022-01-21 23:12 - 2016-09-09 22:38 - 000000000 ____D H:\Users\Petr\AppData\Roaming\vlc
2022-01-21 12:19 - 2020-07-14 10:48 - 000000000 ____D H:\Users\Petr\AppData\Local\SquirrelTemp
2022-01-21 12:17 - 2020-07-14 10:59 - 000000000 ____D H:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechSmith
2022-01-21 12:17 - 2016-03-25 16:24 - 000000000 ____D H:\Users\Petr\AppData\Local\TechSmith
2022-01-21 10:49 - 2016-01-20 14:38 - 000001236 _____ H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-21 10:41 - 2020-08-28 14:45 - 000003766 _____ H:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000UA1d257ec458fc625
2022-01-21 10:41 - 2020-08-28 14:45 - 000003498 _____ H:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3201348344-1589498996-2309135360-1000Core1d257ec457a50f3
2022-01-21 10:27 - 2020-06-10 12:07 - 000002440 _____ H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-21 10:27 - 2020-06-10 12:07 - 000002278 _____ H:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-21 10:02 - 2016-08-17 14:44 - 000000000 ____D H:\Program Files (x86)\Dropbox
2022-01-20 13:19 - 2019-12-07 10:13 - 000000000 ____D H:\WINDOWS\INF
2022-01-20 13:18 - 2016-12-13 17:11 - 000201976 _____ (ESET) H:\WINDOWS\system32\Drivers\ehdrv.sys
2022-01-20 13:18 - 2016-12-13 17:11 - 000184464 _____ (ESET) H:\WINDOWS\system32\Drivers\eamonm.sys
2022-01-20 13:18 - 2016-12-13 17:11 - 000122944 _____ (ESET) H:\WINDOWS\system32\Drivers\edevmon.sys
2022-01-20 13:18 - 2016-12-13 17:11 - 000110560 _____ (ESET) H:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-01-20 13:18 - 2016-12-13 17:11 - 000069704 _____ (ESET) H:\WINDOWS\system32\Drivers\epfw.sys
2022-01-20 13:18 - 2016-12-13 17:11 - 000043904 _____ (ESET) H:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-01-20 12:41 - 2021-12-11 20:29 - 000003592 _____ H:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3201348344-1589498996-2309135360-1000
2022-01-20 12:41 - 2020-08-28 14:45 - 000003362 _____ H:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3201348344-1589498996-2309135360-1000
2022-01-20 12:41 - 2020-08-28 14:12 - 000002382 _____ H:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-19 20:36 - 2020-08-28 14:45 - 000003474 _____ H:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-19 20:36 - 2020-08-28 14:45 - 000003350 _____ H:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-18 10:20 - 2020-08-28 14:45 - 000003584 _____ H:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-18 10:20 - 2020-08-28 14:45 - 000003460 _____ H:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-14 21:15 - 2016-09-24 22:24 - 000000000 ____D H:\Users\Petr\AppData\Roaming\dvdcss
2022-01-13 21:01 - 2020-08-28 14:30 - 001874740 _____ H:\WINDOWS\system32\PerfStringBackup.INI
2022-01-13 21:01 - 2019-12-07 15:43 - 000781566 _____ H:\WINDOWS\system32\perfh005.dat
2022-01-13 21:01 - 2019-12-07 15:43 - 000172300 _____ H:\WINDOWS\system32\perfc005.dat
2022-01-13 20:52 - 2020-08-28 14:09 - 005116288 _____ H:\WINDOWS\system32\FNTCACHE.DAT
2022-01-13 20:49 - 2019-12-07 15:47 - 000000000 ____D H:\Program Files\Windows Defender Advanced Threat Protection
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ___SD H:\WINDOWS\system32\DiagSvcs
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\SysWOW64\Dism
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\SystemResources
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\system32\setup
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\system32\oobe
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\system32\Dism
2022-01-13 20:49 - 2019-12-07 10:14 - 000000000 ____D H:\WINDOWS\bcastdvr
2022-01-13 20:40 - 2021-07-27 11:10 - 000002438 _____ H:\Users\Petr\Desktop\Petr - Chrome.lnk
2022-01-13 19:40 - 2020-08-28 14:45 - 000004562 _____ H:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-13 19:40 - 2015-08-05 10:26 - 000002140 _____ H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-12 15:45 - 2019-12-07 10:03 - 000000000 ____D H:\WINDOWS\CbsTemp
2022-01-12 11:27 - 2018-10-10 17:03 - 000000132 _____ H:\Users\Petr\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2022-01-12 10:58 - 2015-08-05 09:22 - 000000000 ____D H:\WINDOWS\system32\MRT
2022-01-12 10:49 - 2015-08-05 09:22 - 145765912 ____C (Microsoft Corporation) H:\WINDOWS\system32\MRT.exe
2022-01-11 12:00 - 2021-01-27 17:31 - 000000000 ____D H:\Users\Petr\AppData\Roaming\obs-studio
2022-01-10 17:26 - 2020-08-28 14:12 - 000000000 ____D H:\Users\Petr
2022-01-10 17:26 - 2020-08-18 11:53 - 000066925 _____ H:\Users\Petr\.ranktracker.properties
2022-01-10 17:26 - 2016-03-25 14:59 - 000000000 ____D H:\Users\Petr\.ranktracker
2022-01-10 12:29 - 2020-08-27 15:47 - 000000328 _____ H:\Users\Petr\.seopowersuite.properties
2022-01-07 14:31 - 2015-08-05 10:23 - 000002305 _____ H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-07 14:31 - 2015-08-05 10:23 - 000002264 _____ H:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 20:41 - 2015-09-09 15:59 - 000000000 ____D H:\Users\Petr\AppData\Roaming\Google

==================== Files in the root of some directories ========

2018-10-10 17:03 - 2022-01-12 11:27 - 000000132 _____ () H:\Users\Petr\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2019-10-06 12:34 - 2019-10-06 12:35 - 341513725 _____ () H:\Users\Petr\AppData\Local\ACCCx4_9_0_515.zip.aamdownload
2019-10-06 12:34 - 2019-10-06 12:35 - 000003777 _____ () H:\Users\Petr\AppData\Local\ACCCx4_9_0_515.zip.aamdownload.aamd
2018-08-12 15:25 - 2021-12-23 11:20 - 000001480 _____ () H:\Users\Petr\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2016-10-18 11:21 - 2016-11-07 12:51 - 000001480 _____ () H:\Users\Petr\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2016-08-09 18:04 - 2021-08-06 15:31 - 000000600 _____ () H:\Users\Petr\AppData\Local\PUTTY.RND
2016-10-27 23:15 - 2021-09-27 17:03 - 000007645 _____ () H:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2017-04-23 08:12 - 2017-04-23 08:12 - 000000000 _____ () H:\Users\Petr\AppData\Local\{B2DD93FC-4385-47D3-A643-493AB36ABFFA}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================