Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022 ([color=red]ATTENTION: ====> FRST version is 33 days old and could be outdated[/color])
Ran by rossu (administrator) on MIXA (Acer Aspire ES1-731G) (02-10-2022 14:02:24)
Running from C:\Users\rossu\Desktop
Loaded Profiles: rossu
Platform: Microsoft Windows 11 Home Version 21H2 22000.1042 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\64.0.4.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\64.0.4.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Crystal Rich Ltd -> Crystal Rich Ltd) C:\Users\rossu\Desktop\USB.Safely.Remove.6.3.3.1287.Portable\USB.Safely.Remove.6.3.3.1287.Portable.KaranPC\App\USBSafelyRemove\USBSRService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) D:\program\Foxit Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(svchost.exe ->) () [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22072.207.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.1035_none_82ad6282fedae350\TiWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.685.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572536 2022-07-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\64.0.4.0\GoogleDriveFS.exe [53005592 2022-09-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\64.0.4.0\GoogleDriveFS.exe [53005592 2022-09-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\Run: [qBittorrent] => D:\program\qBittorrent\qbittorrent.exe [27045376 2021-10-31] (The qBittorrent Project) [File not signed]
HKU\S-1-5-21-1139899892-52648791-3838483249-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\64.0.4.0\GoogleDriveFS.exe [53005592 2022-09-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1139899892-52648791-3838483249-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [176128 2022-05-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\64.0.4.0\GoogleDriveFS.exe [53005592 2022-09-28] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzlllhn: C:\Windows\system32\hpzlllhn.dll [58112 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.91\Installer\chrmstp.exe [2022-10-01] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-09-26] (Microsoft Windows -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23635435-2F5B-42D0-8846-0EA96A57994F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {26FF9991-E375-4A1F-A5A7-BE48684D947E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2917A634-0E7D-47C6-9748-3B381103AD9C} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [53248 2014-03-05] () [File not signed]
Task: {4C6B854A-9B14-4D32-94D6-71560E34FA73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51EB1125-5973-4FA3-9A01-36703966B9C9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\rossu\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-03-01] (ESET, spol. s r.o. -> ESET)
Task: {97496D9B-BD7A-4FD7-AD3A-99DB84D5D590} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\rossu\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-03-01] (ESET, spol. s r.o. -> ESET)
Task: {B6101B4A-55D3-46F6-870B-903D73F08BBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {CD251D2B-0EA1-46C9-898A-AC139756A907} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0EBF400-513C-48DB-9864-34CC9DD45189} - System32\Tasks\JumpingBytes\PureSyncElvrossu => D:\program\puresync\PureSyncHelper.exe exit (No File)
Task: {F71B59BF-256A-4B8C-9C92-30668E699E36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{dfb078ce-395a-4416-87a0-d2f936c96fe4}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-20]
Edge Notifications: Default -> hxxps://meet.google.com
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge DefaultSearchURL: Default -> hxxps://fonts.gstatic.com/s/i/productlogos/meet_2020q4/v1/web-24dp/logo_meet_2020q4_color_1x_web_24dp.png
Edge Extension: (Překladač Google) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-16]
Edge Extension: (Outlook) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-02-07]
Edge Extension: (AddToAny: Share Anywhere) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2021-12-14]
Edge Extension: (Meet – dnz-rrzn-fez) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmddlnfcbciialbgokphhkjppiaakbld [2021-04-07]
Edge Extension: (DeftPDF) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hghnkoikialmacnjlibfmlnhhihndepb [2021-12-23]
Edge Extension: (Word) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-02-07]
Edge Extension: (Excel) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-02-07]
Edge Extension: (Button for Google Calendar™) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lfjnmopldodmmdhddmeacgjnjeakjpki [2022-09-20]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-09-01]
Edge Extension: (PowerPoint) - C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-02-07]
Edge Profile: C:\Users\rossu\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-08-15]

FireFox:
========
FF DefaultProfile: feay0gc0.default
FF ProfilePath: C:\Users\rossu\AppData\Roaming\Mozilla\Firefox\Profiles\feay0gc0.default [2022-05-18]
FF ProfilePath: C:\Users\rossu\AppData\Roaming\Mozilla\Firefox\Profiles\0e9akfa5.default-release [2022-07-22]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> D:\program\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\PROGRAM\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> D:\PROGRAM\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\PROGRAM\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\PROGRAM\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\PROGRAM\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default [2022-10-02]
CHR Notifications: Default -> hxxps://aukro.cz; hxxps://calendar.google.com; hxxps://click-to-continue.shop; hxxps://cz.pinterest.com; hxxps://keep.google.com; hxxps://mobiltown.cz; hxxps://mosgensovet.ru; hxxps://outlook.office.com; hxxps://playfmrussia.ru; hxxps://www.b2bpartner.cz; hxxps://www.facebook.com; hxxps://www.kupi.cz; hxxps://www.tajnepusinky.com; hxxps://zipdi.spleasedon.fun; hxxps://zvzws.spleasedon.fun
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Překladač Google) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2021-09-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-03]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-09-04]
CHR Extension: (Button for Google Calendar™) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjnmopldodmmdhddmeacgjnjeakjpki [2022-09-18]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-04-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-10-02]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-09-10]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rossu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-30]
CHR Profile: C:\Users\rossu\AppData\Local\Google\Chrome\User Data\System Profile [2022-10-02]
CHR HKU\S-1-5-21-1139899892-52648791-3838483249-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKU\S-1-5-21-1139899892-52648791-3838483249-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-04-11] (GuinpinSoft inc) [File not signed]
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-08-27] (Microsoft Windows -> Microsoft Corporation)
R2 FoxitReaderUpdateService; D:\PROGRAM\FOXIT READER\FoxitPDFReaderUpdateService.exe [2359424 2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 USBSafelyRemoveService; C:\Users\rossu\Desktop\USB.Safely.Remove.6.3.3.1287.Portable\USB.Safely.Remove.6.3.3.1287.Portable.KaranPC\App\USBSafelyRemove\USBSRService.exe [1752552 2020-06-26] (Crystal Rich Ltd -> Crystal Rich Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [277312 2022-07-08] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S2 DFWSIDService; D:\program\root dr\Wondershare\Wondershare Dr.Fone\WsidService.exe [X]
S2 ElevationService; D:\program\root dr\Wondershare\Wondershare Dr.Fone\Addins\Repair\ElevationService.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 WsDrvInst; D:\program\root dr\Wondershare\Wondershare Dr.Fone\Addins\Repair\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [507904 2021-10-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-11-13] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-07-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2021-07-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [115704 2015-07-15] (GENESYS LOGIC, INC. -> GenesysLogic)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S4 IObitUnlocker; D:\program\IObit Unlocker\IObitUnlocker.sys [58760 2022-05-04] (IObit CO., LTD -> IObit Information Technology)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31032 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 MpKsl61c24f99; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [130296 2021-11-09] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25400 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12464 2022-01-26] (Macrovision Europe Ltd) [File not signed]
R3 UsbDk; C:\WINDOWS\System32\Drivers\UsbDk.sys [111792 2021-12-13] (ASTUTE SIGHT SINGAPORE PTE. LTD. -> Red Hat Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-02 14:02 - 2022-10-02 14:03 - 000020715 _____ C:\Users\rossu\Desktop\FRST.txt
2022-10-02 13:56 - 2022-10-02 13:56 - 000000871 _____ C:\Users\rossu\Desktop\JRT.txt
2022-09-28 17:00 - 2022-09-28 17:00 - 002371072 _____ (Farbar) C:\Users\rossu\Desktop\FRST64.exe
2022-09-26 23:22 - 2022-09-26 23:22 - 000315392 _____ C:\WINDOWS\system32\EsclScan.dll
2022-09-26 23:22 - 2022-09-26 23:22 - 000192512 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-09-26 23:22 - 2022-09-26 23:22 - 000015667 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-09-26 23:20 - 2022-09-26 23:20 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-09-26 21:40 - 2022-09-26 21:40 - 000000000 ___HD C:\$WinREAgent
2022-09-20 22:33 - 2022-09-20 22:33 - 000388608 _____ (Trend Micro Inc.) C:\Users\rossu\Downloads\hijackthis.exe
2022-09-20 17:17 - 2022-09-20 17:17 - 000013153 _____ C:\Users\rossu\Downloads\[SkT]Zhoubne_zlo___Malignant_(2021)(CZ_EN)[1080p]_=_CSFD_68%.torrent
2022-09-20 16:35 - 2022-09-20 16:35 - 000043370 _____ C:\Users\rossu\Downloads\[SkT]Nebudes_sama___You_Won't_Be_Alone_(2022)(CZ_MK)[WebRip][1080p]_=_CSFD_54%.torrent
2022-09-10 11:47 - 2022-09-10 11:47 - 000000000 ____D C:\Users\rossu\AppData\Local\uninstall
2022-09-10 11:41 - 2022-09-10 11:41 - 000000016 _____ C:\ProgramData\rtpeskt
2022-09-10 11:36 - 2022-09-10 11:36 - 016072704 _____ C:\09f7738240f27ce621fe5fc0ad314a08015e6a7c.msi
2022-09-10 11:36 - 2022-09-10 11:36 - 000000000 ____D C:\Program Files (x86)\Research In Motion
2022-09-10 11:36 - 2022-09-10 11:36 - 000000000 ____D C:\Common64
2022-09-10 11:36 - 2022-09-10 11:36 - 000000000 ____D C:\Common
2022-09-10 11:35 - 2022-09-10 11:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_UsbDk_01011.Wdf
2022-09-10 11:34 - 2021-12-13 09:44 - 000111792 _____ (Red Hat Inc.) C:\WINDOWS\system32\Drivers\UsbDk.sys
2022-09-10 11:23 - 2022-09-10 11:23 - 000000000 ____D C:\Users\rossu\AppData\Local\ChimeraInstaller
2022-09-10 11:23 - 2022-09-10 11:23 - 000000000 ____D C:\Users\rossu\AppData\Local\cache
2022-09-04 18:56 - 2022-09-04 18:56 - 000000000 ____D C:\Users\rossu\OneDrive\Documents\HiSuite
2022-09-04 18:56 - 2022-09-04 18:56 - 000000000 ____D C:\Users\rossu\OneDrive\Documents\.tmp.drivedownload
2022-09-04 18:56 - 2020-01-20 21:27 - 000005392 _____ C:\Users\rossu\OneDrive\Documents\cc_20200120_202735.reg
2022-09-04 18:53 - 2022-09-27 21:04 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1139899892-52648791-3838483249-1001
2022-09-04 15:29 - 2022-09-04 15:29 - 000000743 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2022-09-04 15:28 - 2022-09-28 17:54 - 000000000 ____D C:\Users\rossu\Desktop\video pokus
2022-09-04 14:42 - 2022-09-04 15:30 - 000000000 ____D C:\Users\rossu\AppData\Roaming\Anvsoft
2022-09-04 14:42 - 2022-09-04 14:42 - 000000710 _____ C:\Users\rossu\Desktop\Any Video Converter.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-02 14:03 - 2022-01-09 18:18 - 000000000 ____D C:\FRST
2022-10-02 14:02 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-02 14:02 - 2021-02-07 07:04 - 000000000 ____D C:\Users\rossu\AppData\Roaming\qBittorrent
2022-10-02 14:02 - 2021-02-07 03:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-02 14:01 - 2021-04-27 15:21 - 000000000 ___RD C:\Users\rossu\Disk Google
2022-10-02 14:00 - 2021-11-13 21:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-02 14:00 - 2021-07-06 15:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-10-02 14:00 - 2021-06-05 14:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-02 14:00 - 2021-02-07 03:21 - 000000000 __SHD C:\Users\rossu\IntelGraphicsProfiles
2022-10-02 14:00 - 2021-02-07 03:16 - 000000000 ____D C:\ProgramData\NVIDIA
2022-10-02 14:00 - 2021-02-07 03:02 - 000012288 ___SH C:\DumpStack.log.tmp
2022-10-02 13:59 - 2021-06-05 14:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-10-02 13:51 - 2021-04-11 17:15 - 000000000 ____D C:\Users\rossu\Desktop\čistka
2022-10-02 13:36 - 2021-11-13 20:12 - 000000000 ____D C:\Program Files\MSBuild
2022-10-02 13:36 - 2021-11-13 20:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-02 13:36 - 2021-06-05 14:09 - 000000000 ____D C:\WINDOWS\INF
2022-10-02 13:30 - 2021-11-13 21:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-02 13:20 - 2021-06-05 14:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-02 13:20 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-01 22:48 - 2021-09-10 20:36 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-29 19:03 - 2021-11-13 21:25 - 001740322 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-29 19:03 - 2021-06-05 19:20 - 000738614 _____ C:\WINDOWS\system32\perfh005.dat
2022-09-29 19:03 - 2021-06-05 19:20 - 000154056 _____ C:\WINDOWS\system32\perfc005.dat
2022-09-29 18:34 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages
2022-09-29 18:17 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-09-28 18:18 - 2022-08-15 17:03 - 000000000 ____D C:\Users\rossu\AppData\Local\CrashDumps
2022-09-28 17:26 - 2020-11-19 01:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-28 16:55 - 2021-09-25 12:48 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-09-28 16:55 - 2021-09-25 12:48 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-09-28 16:55 - 2021-09-25 12:48 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-09-28 16:55 - 2021-09-25 12:48 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-09-27 21:04 - 2021-11-13 21:33 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1139899892-52648791-3838483249-1001
2022-09-27 21:04 - 2021-02-07 03:11 - 000002377 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-27 20:51 - 2021-11-13 21:21 - 000494440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-09-26 23:35 - 2021-06-05 14:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\Provisioning
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\BrowserCore
2022-09-26 23:34 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-09-26 23:20 - 2021-11-13 21:23 - 003104256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-09-26 17:31 - 2021-07-21 16:42 - 000000000 ____D C:\Users\rossu\AppData\Roaming\vlc
2022-09-20 17:24 - 2021-03-16 18:14 - 000000000 ____D C:\Users\rossu\AppData\Local\Zoner
2022-09-14 17:35 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\setup
2022-09-14 17:15 - 2021-02-07 07:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-09-14 17:06 - 2021-02-07 07:47 - 141646296 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-09-12 17:14 - 2022-03-01 21:06 - 000001378 _____ C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-09-12 17:08 - 2022-03-01 21:06 - 000001272 _____ C:\Users\rossu\Desktop\ESET Online Scanner.lnk
2022-09-12 16:42 - 2021-02-07 09:56 - 000000000 ____D C:\Users\rossu\AppData\LocalLow\Foxit
2022-09-07 12:50 - 2020-11-19 01:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-09-06 17:53 - 2021-02-07 03:14 - 000000000 ____D C:\Users\rossu\AppData\Local\Packages
2022-09-04 18:56 - 2021-04-08 19:24 - 000000000 ____D C:\Users\rossu\OneDrive\Documents\WYSIWYG Web Builder
2022-09-04 18:56 - 2021-04-08 19:24 - 000000000 ____D C:\Users\rossu\OneDrive\Documents\My Games
2022-09-04 18:56 - 2021-02-07 03:17 - 000000000 ___HD C:\OneDriveTemp
2022-09-04 18:56 - 2021-02-07 03:16 - 000000000 ___RD C:\Users\rossu\OneDrive
2022-09-03 14:09 - 2021-11-13 20:57 - 000000000 ____D C:\Users\rossu

==================== Files in the root of some directories ========

2021-08-05 03:59 - 2021-08-05 03:59 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
2021-05-07 17:20 - 2021-05-07 17:20 - 000000001 _____ () C:\Users\rossu\AppData\Local\llftool.4.40.agreement
2021-05-04 21:00 - 2021-05-04 21:00 - 000000017 _____ () C:\Users\rossu\AppData\Local\resmon.resmoncfg

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-07-02] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================