VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

příliv trojanů

https://forum.viry.cz:443/viewtopic.php?t=159049

Stránka 1 z 2

příliv trojanů

Napsal: 27 úno 2023 17:55
od kompanik
Při spojení přes TeamViewer jsem si něco natáh od kamaráda. Teď mi to při spuštění vých. prohl. Firefoxu stále spouští nějakopu stránku (http://www1.cdnsure.com/.....) a ta mi nejen blokuje FF, ale spuští nějaké trojany (Eset řve a blokuje jeden za druhým). Jsem zoufalý.
Hledal jsem v FF, přeinstaloval ho a je to pořád.
Děkuji předem za pomoc
Log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by o at 2023-02-27 16:42:58
Microsoft Windows 11 Pro
System drive C: has 45 GB (57%) free of 79 GB
Total RAM: 8073 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:02, on 27.02.2023
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)
Boot mode: Normal

Running processes:
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\ClocX\ClocX.exe
C:\proces_killer.exe
C:\TrueCrypt.exe
C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bezp\RSIT.exe
C:\Program Files (x86)\trend micro\o.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 185.178.175.226 czechfreepress.cz www.czechfreepress.cz

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Open-Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [ClocX] C:\Program Files (x86)\ClocX\ClocX.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: RunOnce.bat (User 'Default user')
O4 - Global Startup: proces_killer.exe – zástupce.lnk = C:\proces_killer.exe
O4 - Global Startup: procexp.lnk = C:\Program Files\Process Explorer\procexp.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem3.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_50919 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @oem23.inf,%ST_Accel.WMISVCDisplayName%;Dell Free Fall Data Protection WMI Service (DellFFDPWmiService) - Unknown owner - C:\Windows\System32\drivers\DellFFDPWmiService.exe (file missing)
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @oem9.inf,%hostcontrolsvc.SvcDispName%;Credential Vault Host Control Service (hostcontrolsvc) - Unknown owner - C:\Windows\System32\HostControlService.exe (file missing)
O23 - Service: @oem9.inf,%hoststoragesvc.SvcDispName%;Credential Vault Host Storage (hoststoragesvc) - Unknown owner - C:\Windows\System32\HostStorageService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\Sgrm\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer - TeamViewer Germany GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @oem9.inf,%ushupgradesvc.SvcDispName%;Credential Vault Upgrade Service (ushupgradesvc) - Unknown owner - C:\Windows\System32\UshUpgradeService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 16254 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18 152392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21 873472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21 616960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21 873472]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30 798771]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ClocX"=C:\Program Files (x86)\ClocX\ClocX.exe [2007-07-26 270336]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files (x86)\DU Meter\DUMeter.exe [2011-09-13 3028880]
"WiFi Guard"=C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [2015-10-07 4704872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
proces_killer.exe – zástupce.lnk - C:\proces_killer.exe
procexp.lnk - C:\Program Files\Process Explorer\procexp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{53966CB1-4D46-4166-BF23-C522403CD495}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HidSpiCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TextInputManagementService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{53966CB1-4D46-4166-BF23-C522403CD495}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"PromptOnSecureDesktop"=0
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"

======File associations======

.inf - open -
.inf - install -
.ini - open -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2023-02-27 16:42:59 ----D---- C:\Program Files (x86)\trend micro
2023-02-27 16:29:55 ----D---- C:\rsit
2023-02-27 16:22:57 ----D---- C:\ProgramData\Mozilla
2023-02-27 15:13:19 ----D---- C:\Users\o\AppData\Roaming\Mozilla
2023-02-02 12:20:26 ----D---- C:\ProgramData\Delphi
2023-02-02 12:19:40 ----D---- C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:13:34 ----D---- C:\Program Files (x86)\Delphi
2023-02-02 12:11:46 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11:46 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 14:13:04 ----D---- C:\ProgramData\Piriform

======List of files/folders modified in the last 1 months======

2023-02-27 16:42:59 ----RD---- C:\Program Files (x86)
2023-02-27 16:33:49 ----AD---- C:\Windows\Temp
2023-02-27 16:30:02 ----D---- C:\Windows\Prefetch
2023-02-27 16:29:56 ----RD---- C:\Program Files
2023-02-27 16:22:57 ----HD---- C:\ProgramData
2023-02-27 16:21:24 ----D---- C:\Windows\System32
2023-02-27 16:21:23 ----D---- C:\Windows\INF
2023-02-27 16:19:55 ----D---- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-27 16:18:08 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2023-02-27 16:16:11 ----D---- C:\Windows\SystemTemp
2023-02-27 15:55:12 ----D---- C:\Windows\Logs
2023-02-27 15:50:07 ----SHD---- C:\System Volume Information
2023-02-27 15:49:26 ----D---- C:\Windows\WinSxS
2023-02-27 15:47:18 ----D---- C:\Windows
2023-02-27 15:17:38 ----D---- C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 12:29:51 ----D---- C:\Windows\AppReadiness
2023-02-27 08:22:03 ----D---- C:\Windows\SoftwareDistribution
2023-02-27 07:22:56 ----RD---- C:\Windows\Microsoft.NET
2023-02-27 06:05:02 ----SHD---- C:\Windows\Installer
2023-02-26 17:31:43 ----D---- C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 08:49:17 ----D---- C:\Users\o\AppData\Roaming\vlc
2023-02-24 07:25:22 ----D---- C:\Windows\Tasks
2023-02-03 08:37:51 ----D---- C:\Windows\CbsTemp
2023-02-02 12:32:09 ----SHD---- C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-02 12:11:48 ----RSD---- C:\Windows\assembly
2023-01-31 15:26:38 ----D---- C:\Program Files (x86)\Microsoft
2023-01-31 14:12:42 ----D---- C:\Windows\debug
2023-01-31 10:13:56 ----RD---- C:\Windows\ImmersiveControlPanel
2023-01-28 18:33:25 ----D---- C:\Users\o\AppData\Roaming\avidemux

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver; C:\Windows\System32\drivers\ACPI.sys []
R0 acpiex;Microsoft ACPIEx Driver; C:\Windows\System32\Drivers\acpiex.sys []
R0 CLFS;@%SystemRoot%\system32\drivers\clfs.sys,-100; C:\Windows\System32\drivers\CLFS.sys []
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys []
R0 dc_fsf;dc_fsf; C:\Windows\system32\drivers\dc_fsf.sys []
R0 dcrypt;dcrypt; C:\Windows\system32\drivers\dcrypt.sys []
R0 disk;@disk.inf,%disk_ServiceDesc%;Ovladač disku; C:\Windows\System32\drivers\disk.sys []
R0 edevmon;@oem40.inf,%ServiceName%;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys []
R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\System32\drivers\fileinfo.sys []
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys []
R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys []
R0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys []
R0 intelpep;@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver; C:\Windows\System32\drivers\intelpep.sys []
R0 IntelPMT;@intelpmt.inf,%IntelPMT.SVCDESC%;Intel(R) Platform Monitoring Technology Service; C:\Windows\System32\drivers\IntelPMT.sys []
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys []
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys []
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys []
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys []
R0 msisadrv;msisadrv; C:\Windows\System32\drivers\msisadrv.sys []
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys []
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys []
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys []
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys []
R0 pci;@pci.inf,%pci_svcdesc%;Řadič sběrnice PCI; C:\Windows\System32\drivers\pci.sys []
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys []
R0 pdc;@%SystemRoot%\system32\drivers\pdc.sys,-100; C:\Windows\system32\drivers\pdc.sys []
R0 PRM;@prm.inf,%PRM.SvcDesc%;Microsoft PRM Driver; C:\Windows\System32\DriverStore\FileRepository\prm.inf_amd64_de435dc5c75d64a5\PRM.sys [2022-05-07 66896]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys []
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2022-05-07 32256]
R1 ahcache;@%systemroot%\system32\drivers\ahcache.sys,-102; C:\Windows\system32\DRIVERS\ahcache.sys []
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys []
R1 BasicDisplay;BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_02da009b3d736cc1\BasicDisplay.sys [2022-05-07 94208]
R1 BasicRender;BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_bc35ca38e694f990\BasicRender.sys [2022-05-07 73728]
R1 Beep;Beep; C:\Windows\SysWOW64\drivers\Beep.sys []
R1 cdrom;@oem7.inf,%cdrom_ServiceDesc%;CD-ROM Driver; C:\Windows\System32\drivers\cdrom.sys []
R1 CimFS;CimFS; C:\Windows\SysWOW64\drivers\CimFS.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 Dfsc;@%systemroot%\system32\wkssvc.dll,-1008; C:\Windows\System32\Drivers\dfsc.sys []
R1 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R1 eamonm;@oem35.inf,%ServiceName%;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R1 edevmonm;@oem36.inf,%ServiceName%;edevmonm; C:\Windows\system32\DRIVERS\edevmonm.sys []
R1 ehdrv;@oem13.inf,%ServiceName%;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 epfw;@oem41.inf,%ServiceName%;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R1 epfwwfp;@oem37.inf,%ServiceName%;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys []
R1 Msfs;Msfs; C:\Windows\SysWOW64\drivers\Msfs.sys []
R1 mssmbios;@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver; C:\Windows\System32\drivers\mssmbios.sys []
R1 NdisCap;@%SystemRoot%\System32\drivers\ndiscap.sys,-5000; C:\Windows\System32\drivers\ndiscap.sys []
R1 NetBIOS;@%windir%\system32\drivers\netbios.sys,-503; C:\Windows\system32\drivers\netbios.sys []
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys []
R1 Npfs;Npfs; C:\Windows\SysWOW64\drivers\Npfs.sys []
R1 npsvctrig;@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider; C:\Windows\System32\drivers\npsvctrig.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 Null;Null; C:\Windows\SysWOW64\drivers\Null.sys []
R1 Psched;@%windir%\System32\drivers\pacer.sys,-101; C:\Windows\System32\drivers\pacer.sys []
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys []
R2 bfs;@%systemroot%\system32\drivers\bfs.sys,-100; C:\Windows\system32\drivers\bfs.sys []
R2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys []
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys []
R2 lltdio;@%SystemRoot%\system32\lltdres.dll,-6; C:\Windows\system32\drivers\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys []
R2 MsLldp;@%SystemRoot%\system32\drivers\mslldp.sys,-200; C:\Windows\system32\drivers\mslldp.sys []
R2 Ndu;@%SystemRoot%\system32\drivers\Ndu.sys,-10001; C:\Windows\system32\drivers\Ndu.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R3 ApfiltrService;@oem3.inf,%Filter.SvcDesc%;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 AsyncMac;@%systemroot%\system32\mprmsg.dll,-32000; C:\Windows\System32\drivers\asyncmac.sys []
R3 BCMWL63A;@oem12.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl63a.sys []
R3 bowser;@%systemroot%\system32\wkssvc.dll,-2001; C:\Windows\system32\DRIVERS\bowser.sys []
R3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\drivers\BTHport.sys []
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\drivers\BTHUSB.sys []
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys []
R3 CmBatt;@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver; C:\Windows\System32\drivers\CmBatt.sys []
R3 CompositeBus;@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_2e50c98177d80a40\CompositeBus.sys [2022-05-07 81920]
R3 condrv;Console Driver; C:\Windows\System32\drivers\condrv.sys []
R3 cvusbdrv;@oem9.inf,%cvusbdrv.SvcDesc%;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys []
R3 d554gps;@oem44.inf,%ServiceName%;Dell Wireless HSPA Mini-Card GPS Port; C:\Windows\system32\DRIVERS\d554gps64.sys []
R3 d554scard;@oem49.inf,%ServiceDesc%;Dell Wireless HSPA Mini-Card USIM Port; C:\Windows\system32\DRIVERS\d554scard.sys []
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [2011-09-12 20840]
R3 HdAudAddService;@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\System32\drivers\HdAudio.sys []
R3 HDAudBus;@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\System32\drivers\HDAudBus.sys []
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys []
R3 i8042prt;@msmouse.inf,%i8042prt.SvcDesc%;Ovladač portů klávesnice a myši PS/2; C:\Windows\System32\drivers\i8042prt.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 intelppm;@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver; C:\Windows\System32\drivers\intelppm.sys []
R3 kbdclass;@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver; C:\Windows\System32\drivers\kbdclass.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 Mbm4bus;@oem52.inf,%d554.Service.Desc.4%;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM); C:\Windows\System32\drivers\Mbm4bus.sys []
R3 Mbm4mdfl;@oem45.inf,%d554.Filter.Name%;Dell Wireless HSPA Mini-Card Data Modem Filter; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys []
R3 Mbm4mdm;@oem45.inf,%d554.Service.Name%;Dell Wireless HSPA Mini-Card Data Modem Driver; C:\Windows\system32\DRIVERS\Mbm4mdm.sys []
R3 Mbm4mgmt;@oem50.inf,%d554.Service.Name%;Dell Wireless HSPA Mini-Card Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm4mgmt.sys []
R3 Mbm4NUn;@oem48.inf,%Mbm4.Service.Desc%;Dell Wireless 5550 HSPA+ Mini-Card Network Adapter (WDM); C:\Windows\System32\drivers\Mbm4NUn.sys []
R3 MEIx64;@oem25.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys []
R3 Modem;Modem; C:\Windows\system32\drivers\modem.sys []
R3 monitor;@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service; C:\Windows\System32\drivers\monitor.sys []
R3 mouclass;@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver; C:\Windows\System32\drivers\mouclass.sys []
R3 mpsdrv;@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-200; C:\Windows\system32\drivers\msquic.sys []
R3 NativeWifiP;@%SystemRoot%\System32\drivers\nwifi.sys,-101; C:\Windows\system32\DRIVERS\nwifi.sys []
R3 NdisTapi;@%systemroot%\system32\mprmsg.dll,-32001; C:\Windows\System32\DRIVERS\ndistapi.sys []
R3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\drivers\ndisuio.sys []
R3 NdisVirtualBus;@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200; C:\Windows\System32\drivers\NdisVirtualBus.sys []
R3 NdisWan;@%systemroot%\system32\mprmsg.dll,-32002; C:\Windows\System32\drivers\ndiswan.sys []
R3 ndproxy;@%SystemRoot%\system32\drivers\ndproxy.sys,-6000; C:\Windows\System32\DRIVERS\NDProxy.sys []
R3 Ntfs;Ntfs; C:\Windows\SysWOW64\drivers\Ntfs.sys []
R3 Parport;@msports.inf,%Parport.SVCDESC%;Ovladač paralelního portu; C:\Windows\System32\drivers\parport.sys []
R3 PptpMiniport;@%systemroot%\system32\mprmsg.dll,-32006; C:\Windows\System32\drivers\raspptp.sys []
R3 RasAgileVpn;@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2); C:\Windows\System32\drivers\AgileVpn.sys []
R3 Rasl2tp;@%systemroot%\system32\mprmsg.dll,-32005; C:\Windows\System32\drivers\rasl2tp.sys []
R3 RasPppoe;@%systemroot%\system32\mprmsg.dll,-32007; C:\Windows\System32\drivers\raspppoe.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\System32\drivers\rassstp.sys []
R3 rdpbus;@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver; C:\Windows\System32\drivers\rdpbus.sys []
S0 3ware;3ware; C:\Windows\System32\drivers\3ware.sys []
S0 ADP80XX;ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS []
S0 amdsata;amdsata; C:\Windows\System32\drivers\amdsata.sys []
S0 amdsbs;amdsbs; C:\Windows\System32\drivers\amdsbs.sys []
S0 amdxata;amdxata; C:\Windows\System32\drivers\amdxata.sys []
S0 AppleSSD;@AppleSSD.inf,%DevDesc1%;Apple Solid State Drive Device; C:\Windows\System32\drivers\AppleSSD.sys []
S0 arcsas;@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver; C:\Windows\System32\drivers\arcsas.sys []
S0 atapi;@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel; C:\Windows\System32\drivers\atapi.sys []
S0 b06bdrv;@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD; C:\Windows\System32\drivers\bxvbda.sys []
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys []
S0 ebdrv;@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD; C:\Windows\System32\drivers\evbda.sys []
S0 ebdrv0;@netevbd0a.inf,%vbd_srv_desc%;QLogic Legacy Ethernet Adapter VBD; C:\Windows\System32\drivers\evbd0a.sys []
S0 eelam;@oem33.inf,%ServiceName%;eelam; C:\Windows\system32\DRIVERS\eelam.sys []
S0 EhStorClass;@%SystemRoot%\system32\drivers\EhStorClass.sys,-100; C:\Windows\System32\drivers\EhStorClass.sys []
S0 EhStorTcgDrv;@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols; C:\Windows\System32\drivers\EhStorTcgDrv.sys []
S0 GenPass;@genpass.inf,%GenPass.SVCDESC%;Microsoft GenPass Driver; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [2022-05-07 62800]
S0 HpSAMD;HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys []
S0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys []
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys []
S0 iaStorV;@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7; C:\Windows\System32\drivers\iaStorV.sys []
S0 intelide;intelide; C:\Windows\System32\drivers\intelide.sys []
S0 isapnp;isapnp; C:\Windows\System32\drivers\isapnp.sys []
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys []
S0 LSI_SAS;LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys []
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys []
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys []
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys []
S0 megasr;megasr; C:\Windows\System32\drivers\megasr.sys []
S0 mpi3drvi;mpi3drvi; C:\Windows\System32\drivers\mpi3drvi.sys []
S0 mvumis;mvumis; C:\Windows\System32\drivers\mvumis.sys []
S0 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys []
S0 nvmedisk;@nvmedisk.inf,%nvmedisk.SvcDesc%;Microsoft NVMe disk driver; C:\Windows\System32\drivers\nvmedisk.sys []
S0 nvraid;nvraid; C:\Windows\System32\drivers\nvraid.sys []
S0 nvstor;nvstor; C:\Windows\System32\drivers\nvstor.sys []
S0 pciide;pciide; C:\Windows\System32\drivers\pciide.sys []
S0 pcmcia;pcmcia; C:\Windows\System32\drivers\pcmcia.sys []
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys []
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys []
S0 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys []
S0 pvscsi;@pvscsii.inf,%pvscsi.DiskName%;pvscsi Storage Controller Driver; C:\Windows\System32\drivers\pvscsii.sys []
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys []
S1 dam;@%SystemRoot%\system32\drivers\dam.sys,-100; C:\Windows\system32\drivers\dam.sys []
S3 1394ohci;@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller; C:\Windows\System32\drivers\1394ohci.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys []
S3 acpipagr;@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver; C:\Windows\System32\drivers\acpipagr.sys []
S3 AcpiPmi;@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver; C:\Windows\System32\drivers\acpipmi.sys []
S3 acpitime;@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver; C:\Windows\System32\drivers\acpitime.sys []
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\Windows\system32\drivers\Acx01000.sys []
S3 amdgpio2;@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio2.sys []
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\Windows\System32\drivers\amdi2c.sys []
S3 AmdK8;@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver; C:\Windows\System32\drivers\amdk8.sys []
S3 AmdPPM;@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver; C:\Windows\System32\drivers\amdppm.sys []
S3 AppID;@%systemroot%\system32\srpapi.dll,-100; C:\Windows\system32\drivers\appid.sys []
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys []
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys []
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys []
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys []
S3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\System32\drivers\bcmwl63a.sys []
S3 bcmfn2;@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service; C:\Windows\System32\drivers\bcmfn2.sys []
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\Windows\System32\drivers\BthA2dp.sys []
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys []
S3 BthHFEnum;@microsoft_bluetooth_hfp.inf,%BTHHFENUM_DISPLAY_NAME%;Ovladač hands-free profilu Microsoft Bluetooth; C:\Windows\System32\drivers\bthhfenum.sys []
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys []
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\Windows\System32\drivers\BTHMINI.sys []
S3 BTHMODEM;@mdmbtmdm.inf,%BthModem.DisplayName%;Ovladač pro komunikaci pomocí modemu Bluetooth; C:\Windows\System32\drivers\bthmodem.sys []
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys []
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys []
S3 circlass;@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices; C:\Windows\System32\drivers\circlass.sys []
S3 dmvsc;dmvsc; C:\Windows\System32\drivers\dmvsc.sys []
S3 drmkaud;@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers; C:\Windows\System32\drivers\drmkaud.sys []
S3 e1cexpress;@oem24.inf,%e1cExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c65x64.sys []
S3 e1i68x64;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\System32\drivers\e1i68x64.sys []
S3 ErrDev;@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver; C:\Windows\System32\drivers\errdev.sys []
S3 ExecutionContext;@%SystemRoot%\System32\Drivers\ExecutionContext.sys,-101; C:\Windows\System32\Drivers\ExecutionContext.sys []
S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []
S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\SysWOW64\drivers\fastfat.sys []
S3 fdc;@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver; C:\Windows\System32\drivers\fdc.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 flpydisk;@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver; C:\Windows\System32\drivers\flpydisk.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 FTDIBUS;@oem21.inf,%SvcDesc%;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys []
S3 FTSER2K;@oem22.inf,%SvcDesc%;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys []
S3 GemCCID;GemCCID; C:\Windows\System32\drivers\GemCCID.sys []
S3 gencounter;@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter; C:\Windows\System32\drivers\vmgencounter.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_cea150c98a1ca844\genericusbfn.sys [2022-05-07 61440]
S3 GPIOClx0101;Microsoft GPIO Class Extension Driver; C:\Windows\System32\Drivers\msgpioclx.sys []
S3 HidBatt;@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver; C:\Windows\System32\drivers\HidBatt.sys []
S3 HidBth;@hidbth.inf,%HIDBTH.SvcDesc%;Miniport Microsoft Bluetooth HID; C:\Windows\System32\drivers\hidbth.sys []
S3 hidi2c;@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver; C:\Windows\System32\drivers\hidi2c.sys []
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys []
S3 HidIr;@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver; C:\Windows\System32\drivers\hidir.sys []
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\Windows\System32\drivers\hidspi.sys []
S3 HidSpiCx;HidSpi KMDF Class Extension; C:\Windows\system32\drivers\HidSpiCx.sys []
S3 HidUsb;@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver; C:\Windows\System32\drivers\hidusb.sys []
S3 Hsp;@hsp.inf,%Hsp.SVCDESC%;Microsoft Pluton Service; C:\Windows\System32\drivers\Hsp.sys []
S3 hvservice;@hvservice.inf,%hvservice.SvcDesc%;Microsoft Hypervisor Service Driver; C:\Windows\System32\drivers\hvservice.sys []
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys []
S3 hyperkbd;hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys []
S3 HyperVideo;HyperVideo; C:\Windows\System32\drivers\HyperVideo.sys []
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys []
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys []
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys []
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys []
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys []
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys []
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys []
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys []
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys []
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys []
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys []
S3 iaLPSSi_GPIO;@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys []
S3 iaLPSSi_I2C;@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver; C:\Windows\System32\drivers\iaLPSSi_I2C.sys []
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys []
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys []
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\Windows\System32\drivers\intelpmax.sys []
S3 IpFilterDriver;@%systemroot%\system32\mprmsg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys []
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys []
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys []
S3 iScsiPrt;@iscsi.inf,%iScsiPortName%;iScsiPort Driver; C:\Windows\System32\drivers\msiscsi.sys []
S3 kbdhid;@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver; C:\Windows\System32\drivers\kbdhid.sys []
S3 kbldfltr;kbldfltr; C:\Windows\system32\drivers\kbldfltr.sys []
S3 kdnic;@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20); C:\Windows\System32\drivers\kdnic.sys []
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys []
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys []
S3 MbbCx;MBB Network Adapter Class Extension; C:\Windows\system32\drivers\MbbCx.sys []
S3 Mbm4NNd5;@oem47.inf,%Mbm4.Service.Desc%;Dell Wireless 5550 HSPA+ Mini-Card Network Adapter; C:\Windows\System32\drivers\Mbm4NNd5.sys []
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys []
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys []
S3 mouhid;@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver; C:\Windows\System32\drivers\mouhid.sys []
S3 MRxDAV;@%systemroot%\system32\webclnt.dll,-104; C:\Windows\system32\drivers\mrxdav.sys []
S3 MsBridge;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\System32\drivers\bridge.sys []
S3 msgpiowin32;@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator; C:\Windows\System32\drivers\msgpiowin32.sys []
S3 mshidkmdf;@mshidkmdf.inf,%mshidkmdf.SvcName%;Pass-through HID to KMDF Filter Driver; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 mshidumdf;@%SystemRoot%\system32\drivers\mshidumdf.sys,-100; C:\Windows\System32\drivers\mshidumdf.sys []
S3 MSKSSRV;@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy; C:\Windows\System32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy; C:\Windows\System32\drivers\MSPCLOCK.sys []
S3 MSPQM;@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy; C:\Windows\System32\drivers\MSPQM.sys []
S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []
S3 MSTEE;@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\System32\drivers\MSTEE.sys []
S3 MTConfig;@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver; C:\Windows\System32\drivers\MTConfig.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys []
S3 NdisImPlatform;@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501; C:\Windows\System32\drivers\NdisImPlatform.sys []
S3 ndiswanlegacy;@%systemroot%\system32\mprmsg.dll,-32014; C:\Windows\System32\DRIVERS\ndiswan.sys []
S3 NDKPerf;NDKPerf Driver; C:\Windows\system32\drivers\NDKPerf.sys []
S3 NDKPing;NDKPing Driver; C:\Windows\system32\drivers\NDKPing.sys []
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys []
S3 netvsc;netvsc; C:\Windows\System32\drivers\netvsc.sys []
S3 P9Rdr;@%SystemRoot%\System32\drivers\p9rdr.sys,-100; C:\Windows\System32\drivers\p9rdr.sys []
S3 PktMon;Packet Monitor Driver; C:\Windows\system32\drivers\PktMon.sys []
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys []
S3 portcfg;portcfg; C:\Windows\System32\drivers\portcfg.sys []
S3 Processor;@cpu.inf,%Processor.SvcDesc%;Processor Driver; C:\Windows\System32\drivers\processr.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys []
S3 RDPDR;@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 ReFS;ReFS; C:\Windows\SysWOW64\drivers\ReFS.sys []
S3 ReFSv1;ReFSv1; C:\Windows\SysWOW64\drivers\ReFSv1.sys []
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys []
S4 cnghwassist;@%SystemRoot%\system32\drivers\cnghwassist.sys,-100; C:\Windows\System32\DRIVERS\cnghwassist.sys []
S4 ekbdflt;@oem34.inf,%ServiceName%;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys []
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys []
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2022-08-17 41536]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ApHidMonitorService;@oem3.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-07-09 87384]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 Audiosrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 BrokerInfrastructure;@%windir%\system32\bisrv.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 cbdhsvc_50919;Uživatelská služba schránky_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CDPUserSvc_50919;Uživatelská služba platformy připojených zařízení_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2022-12-27 9198496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DcomLaunch;@combase.dll,-5012; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DellFFDPWmiService;@oem23.inf,%ST_Accel.WMISVCDisplayName%;Dell Free Fall Data Protection WMI Service; C:\Windows\System32\drivers\DellFFDPWmiService.exe []
R2 DeviceAssociationService;@%SystemRoot%\system32\das.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2023-01-18 3549872]
R2 EventLog;@%SystemRoot%\system32\wevtsvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 LSM;@%windir%\system32\lsm.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 mpssvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 DUMeterSvc;DU Meter Service; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2011-09-13 1432976]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2023-01-18 3549872]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 NcbService;@%SystemRoot%\system32\ncbservice.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 netprofm;@%SystemRoot%\system32\netprofmsvc.dll,-202; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 NPSMSvc_50919;NPSMSvc_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S2 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S2 edgeupdate;Microsoft Edge Update Service (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2022-04-11 215992]
S2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AarSvc_50919;Agent Activation Runtime_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AppReadiness;@%SystemRoot%\System32\AppReadiness.dll,-1000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 AppXSvc;@%SystemRoot%\system32\appxdeploymentserver.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BcastDVRUserService_50919;Uživatelská služba pro GameDVR a vysílání her_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BluetoothUserService_50919;Služba pro podporu uživatelů Bluetooth_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CaptureService_50919;CaptureService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CCleanerPerformanceOptimizerService;CCleaner Performance Optimizer Service; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [2022-08-12 1082896]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 cloudidsvc;@%SystemRoot%\system32\cloudidsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2022-05-07 20832]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ConsentUxUserSvc_50919;Uživatelská služba ConsentUX_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-03-09 300128]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\Windows\system32\CredentialEnrollmentManager.exe []
S3 CredentialEnrollmentManagerUserSvc_50919;CredentialEnrollmentManagerUserSvc_50919; C:\Windows\system32\CredentialEnrollmentManager.exe []
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 dcsvc;@%systemroot%\system32\dcsvc,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceAssociationBrokerSvc_50919;DeviceAssociationBroker_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceInstall;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicePickerUserSvc_50919;DevicePicker_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicesFlowUserSvc_50919;Tok zařízení_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DsmSvc;@%SystemRoot%\system32\DeviceSetupManager.dll,-1000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 edgeupdatem;Microsoft Edge Update Service (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2022-04-11 215992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 fhsvc;@%systemroot%\system32\fhsvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2022-10-11 654848]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2022-05-06 45992]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 FrameServerMonitor;@%systemroot%\system32\FrameServerMonitor.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 hostcontrolsvc;@oem9.inf,%hostcontrolsvc.SvcDispName%;Credential Vault Host Control Service; C:\Windows\System32\HostControlService.exe []
S3 hoststoragesvc;@oem9.inf,%hoststoragesvc.SvcDispName%;Credential Vault Host Storage; C:\Windows\System32\HostStorageService.exe []
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 InventorySvc;@%SystemRoot%\system32\inventorysvc.dll,-501; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 McpManagementService;@%SystemRoot%\system32\McpManagementService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MessagingService_50919;Služba zasílání zpráv_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MixedRealityOpenXRSvc;@%SystemRoot%\system32\MixedRealityRuntime.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe []
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2022-05-07 145408]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NcaSvc;@%SystemRoot%\system32\ncasvc.dll,-3009; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NcdAutoSetup;@%SystemRoot%\system32\NcdAutoSetup.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe []
S3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NlaSvc;@%SystemRoot%\system32\netprofmsvc.dll,-208; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 NPSMSvc;@%SystemRoot%\system32\npsm.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 P9RdrService;@%systemroot%\system32\p9rdrservice.dll,-102; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 P9RdrService_50919;P9RdrService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PenService;@%SystemRoot%\system32\PenService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PenService_50919;PenService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe []
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2022-05-07 22016]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PimIndexMaintenanceSvc_50919;Data kontaktů_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PrintNotify;@C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PrintWorkflowUserSvc_50919;PrintWorkflow_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe []
S4 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe []
S4 DialogBlockingService;@%SystemRoot%\system32\DialogBlockingService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 lfsvc;@%SystemRoot%\System32\lfsvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 MsKeyboardFilter;@%SystemRoot%\system32\KeyboardFilterSvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2022-05-07 132520]
S4 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 OneSyncSvc_50919;Hostitel synchronizace_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]

-----------------EOF-----------------

Re: příliv trojanů

Napsal: 27 úno 2023 18:00
od Rudy
Zdravím!
Poprosím o logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . FRST je již za zenitem a není plněkompatibilní s 64b systémy. Děkuji.

Re: příliv trojanů

Napsal: 27 úno 2023 19:04
od kompanik
Díky za odpověď. Ještě se domnívám jestli mi to do FF neleze do adresního řádku Firefoxu odněkud z GoogleCloud?
Tady je celý link:

Kód: Vybrat vše

http://www1.cdnsure.com/?tm=1&subid4=1677520213.0297840000&KW1=Google%20Cloud%20CDN&KW2=CDN%20Performance%20Monitoring&KW3=CDN%20Video%20Streaming%20Service&searchbox=0&domainname=0&backfill=0
---------------FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2023
Ran by o (administrator) on ° (Dell Inc. Latitude E6420) (27-02-2023 17:55:36)
Running from C:\Users\o\Downloads
Loaded Profiles: o
Platform: Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) Language: Čeština (Česko)
Default browser: "E:\Program Files\MozillaPortable\FirefoxPortable\App\Firefox\firefox.exe" -osint -url "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BonSoft) [File not signed] C:\Program Files (x86)\ClocX\ClocX.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) () [File not signed] C:\proces_killer.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2210.5.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(Mozilla Corporation -> Mozilla Corporation) E:\Program Files\MozillaPortable6061\FirefoxPortable\App\Firefox\firefox.exe <5>
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) C:\hiberfil\TrueCrypt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-08-21] (Open-Shell) [File not signed]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-01-18] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [3028880 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4704872 2015-10-07] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.61\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\proces_killer.exe – zástupce.lnk [2022-10-11]
ShortcutTarget: proces_killer.exe – zástupce.lnk -> C:\proces_killer.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk [2022-10-16]
ShortcutAndArgument: procexp.lnk -> C:\Program Files\Process Explorer\procexp.exe =>
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {29EB2A5C-9C1F-4110-B5DE-6E6A583B6F2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {445C8B71-64D3-4CDD-9D38-1AA7A0278D60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E0B2ECF-9D53-444A-9A1A-3C01E49B2DB8} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002UA => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E77781C-87AD-4A1F-8DFE-A6070CA7D5E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB76F84-1F05-49DA-AD85-5F5759159265} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [4997000 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {82A0D5DB-E759-4AA4-9216-E52D1B5AC682} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [6439584 2022-02-17] (HP Inc. -> HP Inc.)
Task: {AADFEBE1-0407-4DCA-9A72-DAD2DDBB0A86} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB4CC7D5-58DE-4DBA-ACB5-B35A777A87FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
Task: {E9F02B94-4D39-41E4-A11F-42712DB45C2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB8F0976-52E8-48E2-B73E-AF07DF842082} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002Core => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1EEE403-5583-4825-A620-E7B0637554D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{aac8e00e-0abd-42e1-9c7e-e56f0032480d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1d87705-c003-4799-8206-3924036d9dc4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [104.87.88.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.89.242.39,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.34.230,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.100,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.64,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.68,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 82 PersistentRoutes.


FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [33368 2022-01-27] ("STMicroelectronics Srl" -> )
R3 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1432976 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2022-10-11] (Macrovision Europe Ltd.) [File not signed]
S3 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [815616 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [161280 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304480 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249352 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [266240 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [265728 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe [873000 2011-09-13] (Ericsson AB -> Ericsson AB)
R2 wuauserv; C:\Windows\system32\wuauserv.dll [137560 2022-09-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bfs; C:\Windows\system32\drivers\bfs.sys [91504 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [102440 2011-09-06] (Ericsson AB -> Ericsson AB)
R3 d554scard; C:\Windows\system32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB -> Ericsson AB)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [163840 2009-05-31] (ReactOS Foundation -> )
R0 dc_fsf; C:\Windows\System32\drivers\dc_fsf.sys [21504 2009-05-31] (ReactOS Foundation -> )
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198416 2023-01-18] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119904 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [120928 2023-01-18] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237208 2023-01-18] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55392 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 GenPass; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S3 Mbm4NNd5; C:\Windows\System32\drivers\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S0 pvscsi; C:\Windows\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RoutePolicy; C:\Windows\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
R4 truecrypt; C:\hiberfil\truecrypt-x64.sys [231376 2017-11-01] (TrueCrypt Foundation -> TrueCrypt Foundation)
S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\Windows\System32\drivers\wtd.sys [118784 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 xTouch; system32\drivers\xtouch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-27 17:55 - 2023-02-27 17:56 - 000020166 _____ C:\Users\o\Downloads\FRST.txt
2023-02-27 17:55 - 2023-02-27 17:55 - 000000000 ____D C:\FRST
2023-02-27 17:54 - 2023-02-27 17:55 - 002378752 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2023-02-27 17:49 - 2023-02-27 17:51 - 000000000 ____D C:\Users\o\AppData\LocalLow\Mozilla
2023-02-27 16:42 - 2023-02-27 16:43 - 000000000 ____D C:\Program Files (x86)\trend micro
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\rsit
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\Program Files\trend micro
2023-02-27 16:22 - 2023-02-27 17:37 - 000000000 ____D C:\ProgramData\Mozilla
2023-02-27 16:21 - 2023-02-27 16:21 - 000730304 _____ C:\Windows\system32\perfh005.dat
2023-02-27 16:21 - 2023-02-27 16:21 - 000152472 _____ C:\Windows\system32\perfc005.dat
2023-02-27 15:22 - 2023-02-27 15:22 - 000000000 ____D C:\Users\o\AppData\Local\Mozilla
2023-02-27 15:13 - 2023-02-27 17:51 - 000000000 ____D C:\Users\o\AppData\Roaming\Mozilla
2023-02-27 14:50 - 2023-02-27 14:50 - 001804077 _____ C:\Users\o\Downloads\bookmarks.html
2023-02-27 13:30 - 2023-02-27 13:32 - 000029696 _____ C:\Users\o\Desktop\výpočet podílů.xls
2023-02-21 18:13 - 2023-02-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-02 12:20 - 2023-02-02 12:20 - 000000000 ____D C:\ProgramData\Delphi
2023-02-02 12:19 - 2023-02-02 12:19 - 000000000 ____D C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:18 - 2023-02-02 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E
2023-02-02 12:13 - 2023-02-02 12:18 - 000000000 ____D C:\Program Files (x86)\Delphi
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 15:04 - 2023-01-31 15:04 - 000000279 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2023-01-31 14:13 - 2023-01-31 14:13 - 000000000 ____D C:\ProgramData\Piriform
2023-01-31 14:02 - 2023-02-27 15:17 - 000000000 ____D C:\Program Files\CCleaner
2023-01-31 14:02 - 2023-01-31 14:02 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-01-31 14:02 - 2023-01-31 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:52 - 2023-01-31 13:52 - 000001499 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-27 17:50 - 2022-10-11 11:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-27 17:49 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-27 17:37 - 2022-10-11 19:08 - 000000000 ____D C:\Users\o\AppData\Local\WiFi Guard
2023-02-27 16:21 - 2022-09-18 20:31 - 001726784 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-27 16:21 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2023-02-27 16:16 - 2022-09-18 20:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-27 16:16 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2023-02-27 16:15 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o
2023-02-27 16:15 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-27 16:02 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\OpenShell
2023-02-27 15:43 - 2022-10-13 17:19 - 003784704 _____ C:\Users\o\hkcubackup.hiv
2023-02-27 15:17 - 2023-01-16 13:19 - 000000000 ____D C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 14:33 - 2023-01-16 10:50 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-27 13:14 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-27 12:29 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2023-02-26 17:31 - 2022-10-11 17:58 - 000000000 ____D C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 17:26 - 2022-10-11 16:45 - 000000000 ____D C:\Users\o\AppData\Local\EseeCloud
2023-02-26 15:32 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\GHISLER
2023-02-26 08:49 - 2022-10-18 13:58 - 000000000 ____D C:\Users\o\AppData\Roaming\vlc
2023-02-25 09:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-24 07:32 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-02-24 07:25 - 2022-10-18 17:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-02-23 07:47 - 2023-01-17 19:02 - 000000000 ____D C:\Users\o\AppData\Local\ElevatedDiagnostics
2023-02-21 18:13 - 2023-01-17 08:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-21 18:12 - 2022-09-18 20:55 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-16 16:32 - 2023-01-27 17:50 - 000000110 _____ C:\Users\o\AppData\default.pls
2023-02-15 07:40 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-08 12:14 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\VirtualStore
2023-02-03 08:37 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2023-02-02 12:32 - 2022-10-21 10:59 - 000000000 __SHD C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-01 18:35 - 2022-11-26 09:09 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2023-02-01 11:13 - 2022-11-30 10:26 - 000001064 _____ C:\Users\o\Desktop\TUFA ZÁMĚNA.lnk
2023-01-31 12:38 - 2022-11-08 19:01 - 000007637 _____ C:\Users\o\AppData\Local\resmon.resmoncfg
2023-01-31 10:13 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-01-28 18:33 - 2023-01-12 12:41 - 000000000 ____D C:\Users\o\AppData\Roaming\avidemux

==================== Files in the root of some directories ========

2022-10-11 16:18 - 2008-07-14 03:48 - 000087040 _____ (Redmond Pie) C:\Program Files\Turn Off LCD.exe
2022-10-31 11:14 - 2022-10-31 11:14 - 000001551 _____ () C:\Users\o\AppData\Local\recently-used.xbel
2022-11-08 19:01 - 2023-01-31 12:38 - 000007637 _____ () C:\Users\o\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2022-11-03 12:40 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

------------------Additional scan-----------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (27-02-2023 17:56:59)
Running from C:\Users\o\Downloads
Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) (2022-10-11 08:36:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-420885920-907360551-2966618288-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-420885920-907360551-2966618288-503 - Limited - Disabled)
Guest (S-1-5-21-420885920-907360551-2966618288-501 - Limited - Disabled)
o (S-1-5-21-420885920-907360551-2966618288-1002 - Administrator - Enabled) => C:\Users\o
WDAGUtilityAccount (S-1-5-21-420885920-907360551-2966618288-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
AIDA64 Extreme Edition v2.60 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.60 - FinalWire Ltd.)
Avidemux VC++ 64bits (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{b032475d-89d7-4b82-b9ba-98f560256cfc}) (Version: 2.8.1 - Mean)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.14.0.669 - Ilya Morozov)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 7.0.0.4 - Dell)
Delphi 2015 Release 1 rev. 3 for CDP+ DS150E (HKLM-x32\...\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E) (Version: - )
DiskCryptor 0.7 (HKLM\...\DiskCryptor_is1) (Version: 0.7 - hxxp://diskcryptor.net/)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
Easy GIF Animator 7.3 (HKLM-x32\...\Easy GIF Animator_is1) (Version: 7.0 - Karlis Blumentals)
eObčanka (HKLM\...\{ED161D20-FDCF-4C7C-A84E-45B7E05B9BC1}) (Version: 3.3.1.22411 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EseeCloud 3.0.3 (HKLM-x32\...\EseeCloud) (Version: 3.0.3 - My company, Inc.)
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.26.0 - ESET, spol. s r.o.)
ExplorerPatcher (HKLM\...\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher) (Version: 22621.608.51.1 - VALINET Solutions SRL)
Facemoods Toolbar (HKLM-x32\...\facemoods) (Version: - )
FotoMix version 8.7.4 (HKLM-x32\...\{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1) (Version: 8.7.4 - Digital Photo Software)
HP Dropbox Plugin (HKLM-x32\...\{D58993B3-BA5F-4181-8D1C-05D0302398EB}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C777EAED-CEE8-4AF4-A2DE-2A0FC510481A}) (Version: 40.13.54.81239 - HP)
Infovox Desktop 2.2 (HKLM-x32\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.220.3 - Acapela Group)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft Office LTSC Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Volume - cs-cz) (Version: 16.0.14332.20461 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Old Classic Calculator for Windows 11 and Windows 10 (HKLM\...\Old Classic Calculator for Windows 11 and Windows 10_is1) (Version: 2.0 - Winaero)
Open-Shell (HKLM\...\{D409C74C-5665-4D30-B7F3-C0E8DB2E6DE1}) (Version: 4.4.175 - The Open-Shell Team)
Revo Uninstaller Pro 5.0.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.6 - VS Revo Group, Ltd.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Studie vylepšování produktu HP DeskJet 3700 series (HKLM\...\{1453F5D7-75A6-40B0-B608-A6DC66592DF2}) (Version: 40.16.1234.2248 - HP Inc.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Telegram Desktop (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.3 - Telegram FZ-LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.0 beta 10 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
Základní software zařízení HP DeskJet 3700 series (HKLM\...\{80941248-1005-40AB-AB98-F061D5718F19}) (Version: 40.16.1234.2248 - HP Inc.)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-17] (Microsoft Corp.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2023-02-22] (0)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-18] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-11] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm [2023-02-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-11] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-10-11] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Komunikace\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()

==================== Loaded Modules (Whitelisted) =============

2022-09-18 21:00 - 2021-03-18 20:30 - 000006144 _____ () [File not signed] C:\Program Files\totalcmd\msimg32.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Windows\system32\wincorlib.dll] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib_orig.dll
2022-08-21 19:53 - 2022-08-21 19:53 - 002700288 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000198656 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2023-01-30 17:04 - 000021276 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net

There are 488 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-420885920-907360551-2966618288-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\o\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "procexp.lnk"
HKLM\...\StartupApproved\Run32: => "facemoods"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "ShowBatteryBar"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E89A73B4-759E-407D-974B-740245FA73B7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB36F47-5BCA-4F32-8201-27E1C1AA9479}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F65C52C-DD35-4DDE-AE93-72A1C127572B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4681033D-ABE3-4F2F-8D65-3B7740E1DD62}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{F90FF48F-75A7-47B6-8B2C-D05784D8451F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{6AE02390-E2D0-4584-83D7-8F062A6428E3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{22EECB14-8C91-4E40-81B2-CED145F37C89}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{F4A123EE-A742-42F7-8190-D48E19ACA39E}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{0EF61B22-064B-40EF-973D-CC5813B96FCA}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9983DAF1-2D01-4660-A58F-C58C4369728E}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{95FD8BC3-5A64-48F6-8DAD-E1DCD2EBD7F4}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BD5AAEB-E7D0-4C71-B32B-3904C2F0D393}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B8E0003-4F1F-4C5D-8AB7-7B9BA37C318E}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E1719C30-002C-4065-A1D7-2CD24AAB3229}] => (Allow) LPort=5357
FirewallRules: [{5723CE7E-00E5-48CA-A4DA-E5FCB15638B8}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{2AFF3862-E697-41A5-AE71-05F9E9F79416}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{62B6FAAA-F492-4674-A99F-A619E37C7D05}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AEB54618-045C-4B1C-A562-07F1DCDAEC59}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0F92009F-82EC-49F4-BEC7-E715ECF41C45}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{050828B2-E6D5-46FA-9F3C-2931E8162500}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{51FFCB4A-2A42-45A0-8D7B-A3A1038E4AF2}] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Síťový adaptér ladění jádra společnosti Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Řadič velkokapacitního paměťového zařízení
Description: Řadič velkokapacitního paměťového zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Description: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell
Service: Mbm4NNd5
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Virtuální adaptér Microsoft Wi-Fi Direct
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/27/2023 05:17:09 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/27/2023 05:02:53 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (02/27/2023 04:18:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/27/2023 04:18:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/27/2023 04:15:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/27/2023 04:15:05 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Výchozí správce prostředků transakcí na svazku E: zaznamenal neopakovatelnou chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error: (02/27/2023 03:17:35 PM) (Source: DCOM) (EventID: 10000) (User: °)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/27/2023 03:14:48 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (02/27/2023 01:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/27/2023 01:09:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).


Windows Defender:
================Event[0]

Date: 2023-02-24 07:25:19
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 12:03:39
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

CodeIntegrity:
===============
Date: 2023-02-20 07:16:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-02-02 15:35:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A25 03/06/2018
Motherboard: Dell Inc. 0P6K8J
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8073.01 MB
Available physical RAM: 3784.25 MB
Total Virtual: 8073.01 MB
Available Virtual: 3985.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.47 GB) (Free:43.97 GB) (Model: LITEONIT LCT-256M3S) NTFS
Drive e: () (Fixed) (Total:160.35 GB) (Free:77.45 GB) (Model: LITEONIT LCT-256M3S) NTFS

\\?\Volume{d7b34521-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-206113000000}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-108813000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{bca44258-493f-11ed-91eb-c01885d85a3e}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: D7B34521)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=622 MB) - (Type=27)
Partition 4: (Not Active) - (Size=160.3 GB) - (Type=06)

==================== End of Addition.txt =================

Re: příliv trojanů

Napsal: 27 úno 2023 19:29
od kompanik
Ještě poznámka:
Dělá mi to aktuální Firefox Portable nastavený jako výchozí. Přitom na stejném disku mám FF starší verze (60.6.1esr) a ten je ok. Také jsem zkusil ze zálohy na ext.HDD přetáhnout "zdravý" FF portable, ale po spuštění to tam bylo zase. Prohledal jsem celý komp pomocí TotalCommanderu a nic jako "cdnsure" nenašel. Také registr jsem celý prohledal a "cdnsure" nikde! Co se mi to spouští? Odkud?

Re: příliv trojanů

Napsal: 27 úno 2023 19:56
od Rudy
OK, uvidíme, co v PC je. Spusťte teď tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: příliv trojanů

Napsal: 28 úno 2023 08:30
od kompanik
Asi jsem to našel - skenoval jsem složku FF profile TotalCommanderem - vyhledávání textu slovo cdnsure. Našlo to soubor v Profile:
e:\Program Files\MozillaPortable\FirefoxPortable\Data\profile\storage\default\moz-extension+++a3da99dc-1466-4ab4-a338-6c4daa305ed2\idb\388818605isntshig.sqlite
Jenže po jeho odstranění to do adresního řádku stále skákalo.
Raději jsem vyměnil celý obsah složky Profile za nový z nově nainstalovaného FF - a pak to přestalo !! :happy: .
Zajímavé je, že při spojení s kamarádem přes TeamViewer jsem u sebe FF nespouštěl.
Přesto dávám log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-28-2023
# Duration: 00:00:01
# OS: Windows 11 (Build 22622.598)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****


No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5575 octets] - [28/02/2023 07:18:35]
AdwCleaner[C00].txt - [5052 octets] - [28/02/2023 07:20:47]
AdwCleaner[S01].txt - [1541 octets] - [28/02/2023 07:22:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
======================

Re: příliv trojanů

Napsal: 28 úno 2023 08:44
od kompanik
Tady je ukázka toho co mi zachytil Eset :

Obrázek

Re: příliv trojanů

Napsal: 28 úno 2023 10:24
od Rudy
Toto je OK, ještě dočistíme. Smazal jste nějaké javascripty. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File


Hosts:
EmptyTemp:
End
Uložte do C:\Users\o\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: příliv trojanů

Napsal: 28 úno 2023 13:19
od kompanik
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2023
Ran by o (administrator) on ° (Dell Inc. Latitude E6420) (28-02-2023 12:23:00)
Running from C:\Users\o\Downloads
Loaded Profiles: o
Platform: Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BonSoft) [File not signed] C:\Program Files (x86)\ClocX\ClocX.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) () [File not signed] C:\proces_killer.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2210.5.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) C:\hiberfil\TrueCrypt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-08-21] (Open-Shell) [File not signed]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-01-18] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [3028880 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4704872 2015-10-07] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.61\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\proces_killer.exe – zástupce.lnk [2022-10-11]
ShortcutTarget: proces_killer.exe – zástupce.lnk -> C:\proces_killer.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk [2022-10-16]
ShortcutAndArgument: procexp.lnk -> C:\Program Files\Process Explorer\procexp.exe =>
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {29EB2A5C-9C1F-4110-B5DE-6E6A583B6F2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {445C8B71-64D3-4CDD-9D38-1AA7A0278D60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E0B2ECF-9D53-444A-9A1A-3C01E49B2DB8} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002UA => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E77781C-87AD-4A1F-8DFE-A6070CA7D5E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB76F84-1F05-49DA-AD85-5F5759159265} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [4997000 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {82A0D5DB-E759-4AA4-9216-E52D1B5AC682} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [6439584 2022-02-17] (HP Inc. -> HP Inc.)
Task: {AADFEBE1-0407-4DCA-9A72-DAD2DDBB0A86} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACB42C3E-81AE-4276-B5F3-BBB70F926698} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {CB4CC7D5-58DE-4DBA-ACB5-B35A777A87FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {D5DE618F-0A36-4713-A6D5-CFE385B70B26} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-14] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
Task: {E9F02B94-4D39-41E4-A11F-42712DB45C2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB8F0976-52E8-48E2-B73E-AF07DF842082} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002Core => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1EEE403-5583-4825-A620-E7B0637554D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{aac8e00e-0abd-42e1-9c7e-e56f0032480d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1d87705-c003-4799-8206-3924036d9dc4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [104.87.88.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.89.242.39,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.34.230,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.100,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.64,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.68,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 82 PersistentRoutes.


FireFox:
========
FF DefaultProfile: i32rvwlq.default
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\i32rvwlq.default [2023-02-27]
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release [2023-02-28]
FF Homepage: Mozilla\Firefox\Profiles\s668ffa6.default-release -> hxxp://tyrs.webzdarma.cz/Tirsch.html
FF Extension: (Close Tab Button) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\close-tab-single@codefisher.org.xpi [2022-11-03]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\firefox@ghostery.com.xpi [2022-12-25]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-09-11]
FF Extension: (I don't care about cookies) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2023-02-27]
FF Extension: (Tab Mix - Links) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\webext@tabmixplus.org.xpi [2018-12-26]
FF Extension: (Zoom Page WE) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\zoompage-we@DW-dev.xpi [2023-02-11]
FF Extension: (Color of Rainbow) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{0764362e-a64d-4da8-aac2-c392b8826d7d}.xpi [2020-01-01]
FF Extension: (Cookie Cleaner (Cookie Eraser)) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{22b80bb1-c181-4870-8fc0-951f6966b703}.xpi [2022-11-03]
FF Extension: (candy happy happy colorful pretty) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{48d3eaef-26d9-4edd-9041-981eb48ba56f}.xpi [2023-02-27]
FF Extension: (undo) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{5997e7bd-1940-4058-a5f4-1562afce6353}.xpi [2022-11-03]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2023-01-27]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2022-12-25]
FF Extension: (Feedbro) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi [2023-02-24]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-02-11]
FF Extension: (FVD Video Downloader) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{f171ff98-4433-4de4-9976-d87525a80c45}.xpi [2019-05-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2023-02-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [33368 2022-01-27] ("STMicroelectronics Srl" -> )
R3 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1432976 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2022-10-11] (Macrovision Europe Ltd.) [File not signed]
S3 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [815616 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [161280 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304480 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249352 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [266240 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [265728 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe [873000 2011-09-13] (Ericsson AB -> Ericsson AB)
R2 wuauserv; C:\Windows\system32\wuauserv.dll [137560 2022-09-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bfs; C:\Windows\system32\drivers\bfs.sys [91504 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [102440 2011-09-06] (Ericsson AB -> Ericsson AB)
R3 d554scard; C:\Windows\system32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB -> Ericsson AB)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [163840 2009-05-31] (ReactOS Foundation -> )
R0 dc_fsf; C:\Windows\System32\drivers\dc_fsf.sys [21504 2009-05-31] (ReactOS Foundation -> )
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198416 2023-01-18] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119904 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [120928 2023-01-18] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237208 2023-01-18] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55392 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 GenPass; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S3 Mbm4NNd5; C:\Windows\System32\drivers\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S0 pvscsi; C:\Windows\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RoutePolicy; C:\Windows\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
R4 truecrypt; C:\hiberfil\truecrypt-x64.sys [231376 2017-11-01] (TrueCrypt Foundation -> TrueCrypt Foundation)
S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\Windows\System32\drivers\wtd.sys [118784 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 xTouch; system32\drivers\xtouch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-28 12:09 - 2023-02-28 12:09 - 000730304 _____ C:\Windows\system32\perfh005.dat
2023-02-28 12:09 - 2023-02-28 12:09 - 000152472 _____ C:\Windows\system32\perfc005.dat
2023-02-28 12:08 - 2023-02-27 17:55 - 002378752 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2023-02-28 12:06 - 2023-02-28 12:06 - 000002988 _____ C:\Users\o\Downloads\fixlist..txt
2023-02-28 07:18 - 2023-02-28 07:20 - 000000000 ____D C:\AdwCleaner
2023-02-28 07:14 - 2023-02-28 07:14 - 008791352 _____ (Malwarebytes) C:\Users\o\Downloads\adwcleaner.exe
2023-02-27 21:23 - 2023-02-27 21:23 - 000152088 _____ C:\Users\o\Downloads\logins.csv
2023-02-27 19:44 - 2023-02-28 12:04 - 000000000 ____D C:\Users\o\AppData\LocalLow\Mozilla
2023-02-27 19:44 - 2023-02-27 22:00 - 000000000 ____D C:\Users\o\AppData\Roaming\Mozilla
2023-02-27 19:38 - 2023-02-28 07:15 - 000000586 _____ C:\Users\o\Desktop\cdkokotina.txt
2023-02-27 19:08 - 2023-02-27 19:48 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-02-27 19:08 - 2023-02-27 19:08 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk
2023-02-27 19:08 - 2023-02-27 19:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-27 19:08 - 2023-02-27 19:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-27 19:08 - 2023-02-27 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-27 18:55 - 2023-02-27 18:55 - 000350080 _____ (Mozilla) C:\Users\o\Downloads\Firefox Installer.exe
2023-02-27 17:56 - 2023-02-28 12:13 - 000045141 _____ C:\Users\o\Downloads\Addition.txt
2023-02-27 17:55 - 2023-02-28 12:23 - 000023907 _____ C:\Users\o\Downloads\FRST.txt
2023-02-27 17:55 - 2023-02-28 12:23 - 000000000 ____D C:\FRST
2023-02-27 16:42 - 2023-02-27 16:43 - 000000000 ____D C:\Program Files (x86)\trend micro
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\rsit
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\Program Files\trend micro
2023-02-27 15:22 - 2023-02-27 18:38 - 000000000 ____D C:\Users\o\AppData\Local\Mozilla
2023-02-27 14:50 - 2023-02-27 14:50 - 001804077 _____ C:\Users\o\Downloads\bookmarks.html
2023-02-21 18:13 - 2023-02-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-02 12:20 - 2023-02-02 12:20 - 000000000 ____D C:\ProgramData\Delphi
2023-02-02 12:19 - 2023-02-02 12:19 - 000000000 ____D C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:18 - 2023-02-02 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E
2023-02-02 12:13 - 2023-02-02 12:18 - 000000000 ____D C:\Program Files (x86)\Delphi
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 15:04 - 2023-01-31 15:04 - 000000279 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2023-01-31 14:13 - 2023-01-31 14:13 - 000000000 ____D C:\ProgramData\Piriform
2023-01-31 14:02 - 2023-02-27 15:17 - 000000000 ____D C:\Program Files\CCleaner
2023-01-31 14:02 - 2023-01-31 14:02 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-01-31 14:02 - 2023-01-31 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:52 - 2023-01-31 13:52 - 000001499 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-28 12:20 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-28 12:09 - 2022-09-18 20:31 - 001726784 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-28 12:09 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2023-02-28 12:06 - 2022-10-11 19:08 - 000000000 ____D C:\Users\o\AppData\Local\WiFi Guard
2023-02-28 12:05 - 2022-10-11 11:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-28 12:02 - 2022-09-18 20:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-28 12:02 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2023-02-28 11:46 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\OpenShell
2023-02-28 11:46 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-28 11:06 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-28 07:36 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-28 07:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2023-02-27 16:15 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o
2023-02-27 15:43 - 2022-10-13 17:19 - 003784704 _____ C:\Users\o\hkcubackup.hiv
2023-02-27 15:17 - 2023-01-16 13:19 - 000000000 ____D C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 14:33 - 2023-01-16 10:50 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-26 17:31 - 2022-10-11 17:58 - 000000000 ____D C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 17:26 - 2022-10-11 16:45 - 000000000 ____D C:\Users\o\AppData\Local\EseeCloud
2023-02-26 15:32 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\GHISLER
2023-02-26 08:49 - 2022-10-18 13:58 - 000000000 ____D C:\Users\o\AppData\Roaming\vlc
2023-02-24 07:32 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-02-24 07:25 - 2022-10-18 17:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-02-23 07:47 - 2023-01-17 19:02 - 000000000 ____D C:\Users\o\AppData\Local\ElevatedDiagnostics
2023-02-21 18:13 - 2023-01-17 08:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-21 18:12 - 2022-09-18 20:55 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-16 16:32 - 2023-01-27 17:50 - 000000110 _____ C:\Users\o\AppData\default.pls
2023-02-15 07:40 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-08 12:14 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\VirtualStore
2023-02-03 08:37 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2023-02-02 12:32 - 2022-10-21 10:59 - 000000000 __SHD C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-01 18:35 - 2022-11-26 09:09 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2023-02-01 11:13 - 2022-11-30 10:26 - 000001064 _____ C:\Users\o\Desktop\TUFA ZÁMĚNA.lnk
2023-01-31 12:38 - 2022-11-08 19:01 - 000007637 _____ C:\Users\o\AppData\Local\resmon.resmoncfg
2023-01-31 10:13 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

==================== Files in the root of some directories ========

2022-10-11 16:18 - 2008-07-14 03:48 - 000087040 _____ (Redmond Pie) C:\Program Files\Turn Off LCD.exe
2022-10-31 11:14 - 2022-10-31 11:14 - 000001551 _____ () C:\Users\o\AppData\Local\recently-used.xbel
2022-11-08 19:01 - 2023-01-31 12:38 - 000007637 _____ () C:\Users\o\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2022-11-03 12:40 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (28-02-2023 12:24:11)
Running from C:\Users\o\Downloads
Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) (2022-10-11 08:36:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-420885920-907360551-2966618288-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-420885920-907360551-2966618288-503 - Limited - Disabled)
Guest (S-1-5-21-420885920-907360551-2966618288-501 - Limited - Disabled)
o (S-1-5-21-420885920-907360551-2966618288-1002 - Administrator - Enabled) => C:\Users\o
WDAGUtilityAccount (S-1-5-21-420885920-907360551-2966618288-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
AIDA64 Extreme Edition v2.60 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.60 - FinalWire Ltd.)
Avidemux VC++ 64bits (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{b032475d-89d7-4b82-b9ba-98f560256cfc}) (Version: 2.8.1 - Mean)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.14.0.669 - Ilya Morozov)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 7.0.0.4 - Dell)
Delphi 2015 Release 1 rev. 3 for CDP+ DS150E (HKLM-x32\...\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E) (Version: - )
DiskCryptor 0.7 (HKLM\...\DiskCryptor_is1) (Version: 0.7 - hxxp://diskcryptor.net/)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
Easy GIF Animator 7.3 (HKLM-x32\...\Easy GIF Animator_is1) (Version: 7.0 - Karlis Blumentals)
eObčanka (HKLM\...\{ED161D20-FDCF-4C7C-A84E-45B7E05B9BC1}) (Version: 3.3.1.22411 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EseeCloud 3.0.3 (HKLM-x32\...\EseeCloud) (Version: 3.0.3 - My company, Inc.)
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.26.0 - ESET, spol. s r.o.)
ExplorerPatcher (HKLM\...\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher) (Version: 22621.608.51.1 - VALINET Solutions SRL)
FotoMix version 8.7.4 (HKLM-x32\...\{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1) (Version: 8.7.4 - Digital Photo Software)
HP Dropbox Plugin (HKLM-x32\...\{D58993B3-BA5F-4181-8D1C-05D0302398EB}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C777EAED-CEE8-4AF4-A2DE-2A0FC510481A}) (Version: 40.13.54.81239 - HP)
Infovox Desktop 2.2 (HKLM-x32\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.220.3 - Acapela Group)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft Office LTSC Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Volume - cs-cz) (Version: 16.0.14332.20461 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 110.0 (x64 cs)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 110.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Old Classic Calculator for Windows 11 and Windows 10 (HKLM\...\Old Classic Calculator for Windows 11 and Windows 10_is1) (Version: 2.0 - Winaero)
Open-Shell (HKLM\...\{D409C74C-5665-4D30-B7F3-C0E8DB2E6DE1}) (Version: 4.4.175 - The Open-Shell Team)
Revo Uninstaller Pro 5.0.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.6 - VS Revo Group, Ltd.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Studie vylepšování produktu HP DeskJet 3700 series (HKLM\...\{1453F5D7-75A6-40B0-B608-A6DC66592DF2}) (Version: 40.16.1234.2248 - HP Inc.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Telegram Desktop (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.3 - Telegram FZ-LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.0 beta 10 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
Základní software zařízení HP DeskJet 3700 series (HKLM\...\{80941248-1005-40AB-AB98-F061D5718F19}) (Version: 40.16.1234.2248 - HP Inc.)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-17] (Microsoft Corp.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2023-02-22] (0)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-18] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-11] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm [2023-02-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-11] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-10-11] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Komunikace\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()

==================== Loaded Modules (Whitelisted) =============

2022-09-18 21:00 - 2021-03-18 20:30 - 000006144 _____ () [File not signed] C:\Program Files\totalcmd\msimg32.dll
2022-10-11 13:29 - 2010-09-06 20:21 - 000538435 _____ () [File not signed] E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll
2007-01-19 03:23 - 2007-05-10 22:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Windows\system32\wincorlib.dll] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib_orig.dll
2022-08-21 19:53 - 2022-08-21 19:53 - 002700288 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2022-08-21 19:52 - 2022-08-21 19:52 - 000412160 _____ (Open-Shell) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000198656 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2023-01-30 17:04 - 000021276 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net

There are 488 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-420885920-907360551-2966618288-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\o\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "procexp.lnk"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "ShowBatteryBar"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E89A73B4-759E-407D-974B-740245FA73B7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB36F47-5BCA-4F32-8201-27E1C1AA9479}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F65C52C-DD35-4DDE-AE93-72A1C127572B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4681033D-ABE3-4F2F-8D65-3B7740E1DD62}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{F90FF48F-75A7-47B6-8B2C-D05784D8451F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{6AE02390-E2D0-4584-83D7-8F062A6428E3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{22EECB14-8C91-4E40-81B2-CED145F37C89}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{F4A123EE-A742-42F7-8190-D48E19ACA39E}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{0EF61B22-064B-40EF-973D-CC5813B96FCA}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9983DAF1-2D01-4660-A58F-C58C4369728E}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{95FD8BC3-5A64-48F6-8DAD-E1DCD2EBD7F4}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BD5AAEB-E7D0-4C71-B32B-3904C2F0D393}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B8E0003-4F1F-4C5D-8AB7-7B9BA37C318E}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E1719C30-002C-4065-A1D7-2CD24AAB3229}] => (Allow) LPort=5357
FirewallRules: [{5723CE7E-00E5-48CA-A4DA-E5FCB15638B8}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{2AFF3862-E697-41A5-AE71-05F9E9F79416}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{62B6FAAA-F492-4674-A99F-A619E37C7D05}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AEB54618-045C-4B1C-A562-07F1DCDAEC59}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0F92009F-82EC-49F4-BEC7-E715ECF41C45}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{050828B2-E6D5-46FA-9F3C-2931E8162500}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{51FFCB4A-2A42-45A0-8D7B-A3A1038E4AF2}] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CD11FFA7-F9C2-4AE8-B2CB-1D872C550581}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B8C1358A-D80A-4AB8-ADD6-C556D3D62AF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

28-02-2023 07:20:25 AdwCleaner_BeforeCleaning_28/02/2023_07:20:25

==================== Faulty Device Manager Devices ============

Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Síťový adaptér ladění jádra společnosti Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Řadič velkokapacitního paměťového zařízení
Description: Řadič velkokapacitního paměťového zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Description: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell
Service: Mbm4NNd5
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Virtuální adaptér Microsoft Wi-Fi Direct
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/27/2023 05:17:09 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/27/2023 05:02:53 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (02/28/2023 12:04:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 12:04:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/28/2023 12:01:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/28/2023 11:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 11:08:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/28/2023 11:05:53 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/28/2023 07:32:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 07:32:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).


Windows Defender:
================Event[0]

Date: 2023-02-24 07:25:19
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 12:03:39
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

CodeIntegrity:
===============
Date: 2023-02-20 07:16:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-02-02 15:35:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A25 03/06/2018
Motherboard: Dell Inc. 0P6K8J
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 8073.01 MB
Available physical RAM: 4124.59 MB
Udělal jsem to a šlo to do restartu.
Mj. mám šparný čas o hod. méně - opravím

Total Virtual: 8073.01 MB
Available Virtual: 4067.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.47 GB) (Free:42.94 GB) (Model: LITEONIT LCT-256M3S) NTFS
Drive e: () (Fixed) (Total:160.35 GB) (Free:77.38 GB) (Model: LITEONIT LCT-256M3S) NTFS

\\?\Volume{d7b34521-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-206113000000}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-108813000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: D7B34521)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=622 MB) - (Type=27)
Partition 4: (Not Active) - (Size=160.3 GB) - (Type=06)

==================== End of Addition.txt =======================

Re: příliv trojanů

Napsal: 28 úno 2023 17:31
od Rudy
Potřebuji vidět obsah souboru fixlog.txt. Měl by být v C:\Users\o\Downloads. Děkuji.

Re: příliv trojanů

Napsal: 28 úno 2023 19:59
od kompanik
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (28-02-2023 12:25:27) Run:1
Running from C:\Users\o\Downloads
Loaded Profiles: o
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File


Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{073613C6-DEA3-48A3-8543-DB9844050F0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{073613C6-DEA3-48A3-8543-DB9844050F0F}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HPDeviceCheck => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HPDeviceCheck" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D280B879-0334-433A-B737-9D19790E9B5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D280B879-0334-433A-B737-9D19790E9B5C}" => removed successfully
C:\Windows\System32\Tasks\CCleaner Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3B2319F-5CB4-4ED6-997D-AA89A7251BE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B2319F-5CB4-4ED6-997D-AA89A7251BE3}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Web Products Detection => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Web Products Detection" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Balabolka => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7535987 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1162120 B
Edge => 0 B
Firefox => 97760587 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 114508 B
ProgramData => 114508 B
Public => 114508 B
systemprofile => 114508 B
systemprofile32 => 114508 B
LocalService => 783911 B
NetworkService => 793905 B
o => 11050514 B

RecycleBin => 0 B
EmptyTemp: => 114.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:25:35 ====

Re: příliv trojanů

Napsal: 28 úno 2023 21:06
od Rudy
Bylo smazáno, lo by již měl být OK. Vše v pořádku?

Re: příliv trojanů

Napsal: 01 bře 2023 08:20
od kompanik
Vše v pořádku. Díky moc. Co jsem dlužen za pomoc?
Ale ... chci udělat zálohu na ext. HDD a nejde mi to. Disk je dost velký, vyčištěný a po několika minutách to ohlási kód chyby 0x811000033.

Re: příliv trojanů

Napsal: 01 bře 2023 10:32
od Rudy
Dlužen nejste nic a pokud chcete zaslat nějaký dobrovolný příspěvek, klikněte vpravo dole na bublinu "Přispějte....". Má disk správný souborový systém? Pokud ano, spusťte CrystalDoskInfo: https://www.instaluj.cz/crystaldiskinfo a přes Úpravy>Kopírovat sem dejte log. O vámi uvedené chybě není na Googlu prakticky žádné info.

Re: příliv trojanů

Napsal: 01 bře 2023 10:46
od kompanik
Už jsem zálohu vyřešil.
Našel jsem na YouTube návod, kde je postup že se musí rozšířit oddíl "Rezervováno systémem"
Obrázek
Pak jsem zapnul Historii souborů a udělal zálohu s bitovou kopií.
Vše je ok
Díky moc
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz