Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

příliv trojanů

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

příliv trojanů

#1 Příspěvek od kompanik »

Při spojení přes TeamViewer jsem si něco natáh od kamaráda. Teď mi to při spuštění vých. prohl. Firefoxu stále spouští nějakopu stránku (http://www1.cdnsure.com/.....) a ta mi nejen blokuje FF, ale spuští nějaké trojany (Eset řve a blokuje jeden za druhým). Jsem zoufalý.
Hledal jsem v FF, přeinstaloval ho a je to pořád.
Děkuji předem za pomoc
Log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by o at 2023-02-27 16:42:58
Microsoft Windows 11 Pro
System drive C: has 45 GB (57%) free of 79 GB
Total RAM: 8073 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:02, on 27.02.2023
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22621.0001)
Boot mode: Normal

Running processes:
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\ClocX\ClocX.exe
C:\proces_killer.exe
C:\TrueCrypt.exe
C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bezp\RSIT.exe
C:\Program Files (x86)\trend micro\o.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 185.178.175.226 czechfreepress.cz www.czechfreepress.cz

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Open-Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [ClocX] C:\Program Files (x86)\ClocX\ClocX.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [WiFi Guard] "C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: RunOnce.bat (User 'Default user')
O4 - Global Startup: proces_killer.exe – zástupce.lnk = C:\proces_killer.exe
O4 - Global Startup: procexp.lnk = C:\Program Files\Process Explorer\procexp.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem3.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_50919 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @oem23.inf,%ST_Accel.WMISVCDisplayName%;Dell Free Fall Data Protection WMI Service (DellFFDPWmiService) - Unknown owner - C:\Windows\System32\drivers\DellFFDPWmiService.exe (file missing)
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @oem9.inf,%hostcontrolsvc.SvcDispName%;Credential Vault Host Control Service (hostcontrolsvc) - Unknown owner - C:\Windows\System32\HostControlService.exe (file missing)
O23 - Service: @oem9.inf,%hoststoragesvc.SvcDispName%;Credential Vault Host Storage (hoststoragesvc) - Unknown owner - C:\Windows\System32\HostStorageService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\Sgrm\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\Sgrm\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer - TeamViewer Germany GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @oem9.inf,%ushupgradesvc.SvcDispName%;Credential Vault Upgrade Service (ushupgradesvc) - Unknown owner - C:\Windows\System32\UshUpgradeService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 16254 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18 152392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21 873472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21 616960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21 873472]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30 798771]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ClocX"=C:\Program Files (x86)\ClocX\ClocX.exe [2007-07-26 270336]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files (x86)\DU Meter\DUMeter.exe [2011-09-13 3028880]
"WiFi Guard"=C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [2015-10-07 4704872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
proces_killer.exe – zástupce.lnk - C:\proces_killer.exe
procexp.lnk - C:\Program Files\Process Explorer\procexp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{53966CB1-4D46-4166-BF23-C522403CD495}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HidSpiCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TextInputManagementService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{53966CB1-4D46-4166-BF23-C522403CD495}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"PromptOnSecureDesktop"=0
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"

======File associations======

.inf - open -
.inf - install -
.ini - open -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2023-02-27 16:42:59 ----D---- C:\Program Files (x86)\trend micro
2023-02-27 16:29:55 ----D---- C:\rsit
2023-02-27 16:22:57 ----D---- C:\ProgramData\Mozilla
2023-02-27 15:13:19 ----D---- C:\Users\o\AppData\Roaming\Mozilla
2023-02-02 12:20:26 ----D---- C:\ProgramData\Delphi
2023-02-02 12:19:40 ----D---- C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:13:34 ----D---- C:\Program Files (x86)\Delphi
2023-02-02 12:11:46 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11:46 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 14:13:04 ----D---- C:\ProgramData\Piriform

======List of files/folders modified in the last 1 months======

2023-02-27 16:42:59 ----RD---- C:\Program Files (x86)
2023-02-27 16:33:49 ----AD---- C:\Windows\Temp
2023-02-27 16:30:02 ----D---- C:\Windows\Prefetch
2023-02-27 16:29:56 ----RD---- C:\Program Files
2023-02-27 16:22:57 ----HD---- C:\ProgramData
2023-02-27 16:21:24 ----D---- C:\Windows\System32
2023-02-27 16:21:23 ----D---- C:\Windows\INF
2023-02-27 16:19:55 ----D---- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-27 16:18:08 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2023-02-27 16:16:11 ----D---- C:\Windows\SystemTemp
2023-02-27 15:55:12 ----D---- C:\Windows\Logs
2023-02-27 15:50:07 ----SHD---- C:\System Volume Information
2023-02-27 15:49:26 ----D---- C:\Windows\WinSxS
2023-02-27 15:47:18 ----D---- C:\Windows
2023-02-27 15:17:38 ----D---- C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 12:29:51 ----D---- C:\Windows\AppReadiness
2023-02-27 08:22:03 ----D---- C:\Windows\SoftwareDistribution
2023-02-27 07:22:56 ----RD---- C:\Windows\Microsoft.NET
2023-02-27 06:05:02 ----SHD---- C:\Windows\Installer
2023-02-26 17:31:43 ----D---- C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 08:49:17 ----D---- C:\Users\o\AppData\Roaming\vlc
2023-02-24 07:25:22 ----D---- C:\Windows\Tasks
2023-02-03 08:37:51 ----D---- C:\Windows\CbsTemp
2023-02-02 12:32:09 ----SHD---- C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-02 12:11:48 ----RSD---- C:\Windows\assembly
2023-01-31 15:26:38 ----D---- C:\Program Files (x86)\Microsoft
2023-01-31 14:12:42 ----D---- C:\Windows\debug
2023-01-31 10:13:56 ----RD---- C:\Windows\ImmersiveControlPanel
2023-01-28 18:33:25 ----D---- C:\Users\o\AppData\Roaming\avidemux

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver; C:\Windows\System32\drivers\ACPI.sys []
R0 acpiex;Microsoft ACPIEx Driver; C:\Windows\System32\Drivers\acpiex.sys []
R0 CLFS;@%SystemRoot%\system32\drivers\clfs.sys,-100; C:\Windows\System32\drivers\CLFS.sys []
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys []
R0 dc_fsf;dc_fsf; C:\Windows\system32\drivers\dc_fsf.sys []
R0 dcrypt;dcrypt; C:\Windows\system32\drivers\dcrypt.sys []
R0 disk;@disk.inf,%disk_ServiceDesc%;Ovladač disku; C:\Windows\System32\drivers\disk.sys []
R0 edevmon;@oem40.inf,%ServiceName%;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys []
R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\System32\drivers\fileinfo.sys []
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys []
R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys []
R0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys []
R0 intelpep;@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver; C:\Windows\System32\drivers\intelpep.sys []
R0 IntelPMT;@intelpmt.inf,%IntelPMT.SVCDESC%;Intel(R) Platform Monitoring Technology Service; C:\Windows\System32\drivers\IntelPMT.sys []
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys []
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys []
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys []
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys []
R0 msisadrv;msisadrv; C:\Windows\System32\drivers\msisadrv.sys []
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys []
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys []
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys []
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys []
R0 pci;@pci.inf,%pci_svcdesc%;Řadič sběrnice PCI; C:\Windows\System32\drivers\pci.sys []
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys []
R0 pdc;@%SystemRoot%\system32\drivers\pdc.sys,-100; C:\Windows\system32\drivers\pdc.sys []
R0 PRM;@prm.inf,%PRM.SvcDesc%;Microsoft PRM Driver; C:\Windows\System32\DriverStore\FileRepository\prm.inf_amd64_de435dc5c75d64a5\PRM.sys [2022-05-07 66896]
R0 pwdrvio;pwdrvio; C:\Windows\system32\pwdrvio.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys []
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2022-05-07 32256]
R1 ahcache;@%systemroot%\system32\drivers\ahcache.sys,-102; C:\Windows\system32\DRIVERS\ahcache.sys []
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys []
R1 BasicDisplay;BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_02da009b3d736cc1\BasicDisplay.sys [2022-05-07 94208]
R1 BasicRender;BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_bc35ca38e694f990\BasicRender.sys [2022-05-07 73728]
R1 Beep;Beep; C:\Windows\SysWOW64\drivers\Beep.sys []
R1 cdrom;@oem7.inf,%cdrom_ServiceDesc%;CD-ROM Driver; C:\Windows\System32\drivers\cdrom.sys []
R1 CimFS;CimFS; C:\Windows\SysWOW64\drivers\CimFS.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 Dfsc;@%systemroot%\system32\wkssvc.dll,-1008; C:\Windows\System32\Drivers\dfsc.sys []
R1 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R1 eamonm;@oem35.inf,%ServiceName%;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R1 edevmonm;@oem36.inf,%ServiceName%;edevmonm; C:\Windows\system32\DRIVERS\edevmonm.sys []
R1 ehdrv;@oem13.inf,%ServiceName%;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 epfw;@oem41.inf,%ServiceName%;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R1 epfwwfp;@oem37.inf,%ServiceName%;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys []
R1 Msfs;Msfs; C:\Windows\SysWOW64\drivers\Msfs.sys []
R1 mssmbios;@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver; C:\Windows\System32\drivers\mssmbios.sys []
R1 NdisCap;@%SystemRoot%\System32\drivers\ndiscap.sys,-5000; C:\Windows\System32\drivers\ndiscap.sys []
R1 NetBIOS;@%windir%\system32\drivers\netbios.sys,-503; C:\Windows\system32\drivers\netbios.sys []
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys []
R1 Npfs;Npfs; C:\Windows\SysWOW64\drivers\Npfs.sys []
R1 npsvctrig;@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider; C:\Windows\System32\drivers\npsvctrig.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 Null;Null; C:\Windows\SysWOW64\drivers\Null.sys []
R1 Psched;@%windir%\System32\drivers\pacer.sys,-101; C:\Windows\System32\drivers\pacer.sys []
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys []
R2 bfs;@%systemroot%\system32\drivers\bfs.sys,-100; C:\Windows\system32\drivers\bfs.sys []
R2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys []
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys []
R2 lltdio;@%SystemRoot%\system32\lltdres.dll,-6; C:\Windows\system32\drivers\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys []
R2 MsLldp;@%SystemRoot%\system32\drivers\mslldp.sys,-200; C:\Windows\system32\drivers\mslldp.sys []
R2 Ndu;@%SystemRoot%\system32\drivers\Ndu.sys,-10001; C:\Windows\system32\drivers\Ndu.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R3 ApfiltrService;@oem3.inf,%Filter.SvcDesc%;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 AsyncMac;@%systemroot%\system32\mprmsg.dll,-32000; C:\Windows\System32\drivers\asyncmac.sys []
R3 BCMWL63A;@oem12.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl63a.sys []
R3 bowser;@%systemroot%\system32\wkssvc.dll,-2001; C:\Windows\system32\DRIVERS\bowser.sys []
R3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\drivers\BTHport.sys []
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\drivers\BTHUSB.sys []
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys []
R3 CmBatt;@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver; C:\Windows\System32\drivers\CmBatt.sys []
R3 CompositeBus;@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_2e50c98177d80a40\CompositeBus.sys [2022-05-07 81920]
R3 condrv;Console Driver; C:\Windows\System32\drivers\condrv.sys []
R3 cvusbdrv;@oem9.inf,%cvusbdrv.SvcDesc%;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys []
R3 d554gps;@oem44.inf,%ServiceName%;Dell Wireless HSPA Mini-Card GPS Port; C:\Windows\system32\DRIVERS\d554gps64.sys []
R3 d554scard;@oem49.inf,%ServiceDesc%;Dell Wireless HSPA Mini-Card USIM Port; C:\Windows\system32\DRIVERS\d554scard.sys []
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [2011-09-12 20840]
R3 HdAudAddService;@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\System32\drivers\HdAudio.sys []
R3 HDAudBus;@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\System32\drivers\HDAudBus.sys []
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys []
R3 i8042prt;@msmouse.inf,%i8042prt.SvcDesc%;Ovladač portů klávesnice a myši PS/2; C:\Windows\System32\drivers\i8042prt.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 intelppm;@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver; C:\Windows\System32\drivers\intelppm.sys []
R3 kbdclass;@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver; C:\Windows\System32\drivers\kbdclass.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 Mbm4bus;@oem52.inf,%d554.Service.Desc.4%;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM); C:\Windows\System32\drivers\Mbm4bus.sys []
R3 Mbm4mdfl;@oem45.inf,%d554.Filter.Name%;Dell Wireless HSPA Mini-Card Data Modem Filter; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys []
R3 Mbm4mdm;@oem45.inf,%d554.Service.Name%;Dell Wireless HSPA Mini-Card Data Modem Driver; C:\Windows\system32\DRIVERS\Mbm4mdm.sys []
R3 Mbm4mgmt;@oem50.inf,%d554.Service.Name%;Dell Wireless HSPA Mini-Card Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm4mgmt.sys []
R3 Mbm4NUn;@oem48.inf,%Mbm4.Service.Desc%;Dell Wireless 5550 HSPA+ Mini-Card Network Adapter (WDM); C:\Windows\System32\drivers\Mbm4NUn.sys []
R3 MEIx64;@oem25.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys []
R3 Modem;Modem; C:\Windows\system32\drivers\modem.sys []
R3 monitor;@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service; C:\Windows\System32\drivers\monitor.sys []
R3 mouclass;@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver; C:\Windows\System32\drivers\mouclass.sys []
R3 mpsdrv;@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-200; C:\Windows\system32\drivers\msquic.sys []
R3 NativeWifiP;@%SystemRoot%\System32\drivers\nwifi.sys,-101; C:\Windows\system32\DRIVERS\nwifi.sys []
R3 NdisTapi;@%systemroot%\system32\mprmsg.dll,-32001; C:\Windows\System32\DRIVERS\ndistapi.sys []
R3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\drivers\ndisuio.sys []
R3 NdisVirtualBus;@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200; C:\Windows\System32\drivers\NdisVirtualBus.sys []
R3 NdisWan;@%systemroot%\system32\mprmsg.dll,-32002; C:\Windows\System32\drivers\ndiswan.sys []
R3 ndproxy;@%SystemRoot%\system32\drivers\ndproxy.sys,-6000; C:\Windows\System32\DRIVERS\NDProxy.sys []
R3 Ntfs;Ntfs; C:\Windows\SysWOW64\drivers\Ntfs.sys []
R3 Parport;@msports.inf,%Parport.SVCDESC%;Ovladač paralelního portu; C:\Windows\System32\drivers\parport.sys []
R3 PptpMiniport;@%systemroot%\system32\mprmsg.dll,-32006; C:\Windows\System32\drivers\raspptp.sys []
R3 RasAgileVpn;@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2); C:\Windows\System32\drivers\AgileVpn.sys []
R3 Rasl2tp;@%systemroot%\system32\mprmsg.dll,-32005; C:\Windows\System32\drivers\rasl2tp.sys []
R3 RasPppoe;@%systemroot%\system32\mprmsg.dll,-32007; C:\Windows\System32\drivers\raspppoe.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\System32\drivers\rassstp.sys []
R3 rdpbus;@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver; C:\Windows\System32\drivers\rdpbus.sys []
S0 3ware;3ware; C:\Windows\System32\drivers\3ware.sys []
S0 ADP80XX;ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS []
S0 amdsata;amdsata; C:\Windows\System32\drivers\amdsata.sys []
S0 amdsbs;amdsbs; C:\Windows\System32\drivers\amdsbs.sys []
S0 amdxata;amdxata; C:\Windows\System32\drivers\amdxata.sys []
S0 AppleSSD;@AppleSSD.inf,%DevDesc1%;Apple Solid State Drive Device; C:\Windows\System32\drivers\AppleSSD.sys []
S0 arcsas;@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver; C:\Windows\System32\drivers\arcsas.sys []
S0 atapi;@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel; C:\Windows\System32\drivers\atapi.sys []
S0 b06bdrv;@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD; C:\Windows\System32\drivers\bxvbda.sys []
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys []
S0 ebdrv;@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD; C:\Windows\System32\drivers\evbda.sys []
S0 ebdrv0;@netevbd0a.inf,%vbd_srv_desc%;QLogic Legacy Ethernet Adapter VBD; C:\Windows\System32\drivers\evbd0a.sys []
S0 eelam;@oem33.inf,%ServiceName%;eelam; C:\Windows\system32\DRIVERS\eelam.sys []
S0 EhStorClass;@%SystemRoot%\system32\drivers\EhStorClass.sys,-100; C:\Windows\System32\drivers\EhStorClass.sys []
S0 EhStorTcgDrv;@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols; C:\Windows\System32\drivers\EhStorTcgDrv.sys []
S0 GenPass;@genpass.inf,%GenPass.SVCDESC%;Microsoft GenPass Driver; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [2022-05-07 62800]
S0 HpSAMD;HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys []
S0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys []
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys []
S0 iaStorV;@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7; C:\Windows\System32\drivers\iaStorV.sys []
S0 intelide;intelide; C:\Windows\System32\drivers\intelide.sys []
S0 isapnp;isapnp; C:\Windows\System32\drivers\isapnp.sys []
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys []
S0 LSI_SAS;LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys []
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys []
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys []
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys []
S0 megasr;megasr; C:\Windows\System32\drivers\megasr.sys []
S0 mpi3drvi;mpi3drvi; C:\Windows\System32\drivers\mpi3drvi.sys []
S0 mvumis;mvumis; C:\Windows\System32\drivers\mvumis.sys []
S0 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys []
S0 nvmedisk;@nvmedisk.inf,%nvmedisk.SvcDesc%;Microsoft NVMe disk driver; C:\Windows\System32\drivers\nvmedisk.sys []
S0 nvraid;nvraid; C:\Windows\System32\drivers\nvraid.sys []
S0 nvstor;nvstor; C:\Windows\System32\drivers\nvstor.sys []
S0 pciide;pciide; C:\Windows\System32\drivers\pciide.sys []
S0 pcmcia;pcmcia; C:\Windows\System32\drivers\pcmcia.sys []
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys []
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys []
S0 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys []
S0 pvscsi;@pvscsii.inf,%pvscsi.DiskName%;pvscsi Storage Controller Driver; C:\Windows\System32\drivers\pvscsii.sys []
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys []
S1 dam;@%SystemRoot%\system32\drivers\dam.sys,-100; C:\Windows\system32\drivers\dam.sys []
S3 1394ohci;@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller; C:\Windows\System32\drivers\1394ohci.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys []
S3 acpipagr;@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver; C:\Windows\System32\drivers\acpipagr.sys []
S3 AcpiPmi;@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver; C:\Windows\System32\drivers\acpipmi.sys []
S3 acpitime;@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver; C:\Windows\System32\drivers\acpitime.sys []
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\Windows\system32\drivers\Acx01000.sys []
S3 amdgpio2;@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio2.sys []
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\Windows\System32\drivers\amdi2c.sys []
S3 AmdK8;@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver; C:\Windows\System32\drivers\amdk8.sys []
S3 AmdPPM;@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver; C:\Windows\System32\drivers\amdppm.sys []
S3 AppID;@%systemroot%\system32\srpapi.dll,-100; C:\Windows\system32\drivers\appid.sys []
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys []
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys []
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys []
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys []
S3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\System32\drivers\bcmwl63a.sys []
S3 bcmfn2;@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service; C:\Windows\System32\drivers\bcmfn2.sys []
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\Windows\System32\drivers\BthA2dp.sys []
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys []
S3 BthHFEnum;@microsoft_bluetooth_hfp.inf,%BTHHFENUM_DISPLAY_NAME%;Ovladač hands-free profilu Microsoft Bluetooth; C:\Windows\System32\drivers\bthhfenum.sys []
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys []
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\Windows\System32\drivers\BTHMINI.sys []
S3 BTHMODEM;@mdmbtmdm.inf,%BthModem.DisplayName%;Ovladač pro komunikaci pomocí modemu Bluetooth; C:\Windows\System32\drivers\bthmodem.sys []
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys []
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys []
S3 circlass;@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices; C:\Windows\System32\drivers\circlass.sys []
S3 dmvsc;dmvsc; C:\Windows\System32\drivers\dmvsc.sys []
S3 drmkaud;@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers; C:\Windows\System32\drivers\drmkaud.sys []
S3 e1cexpress;@oem24.inf,%e1cExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c65x64.sys []
S3 e1i68x64;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\System32\drivers\e1i68x64.sys []
S3 ErrDev;@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver; C:\Windows\System32\drivers\errdev.sys []
S3 ExecutionContext;@%SystemRoot%\System32\Drivers\ExecutionContext.sys,-101; C:\Windows\System32\Drivers\ExecutionContext.sys []
S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []
S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\SysWOW64\drivers\fastfat.sys []
S3 fdc;@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver; C:\Windows\System32\drivers\fdc.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 flpydisk;@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver; C:\Windows\System32\drivers\flpydisk.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 FTDIBUS;@oem21.inf,%SvcDesc%;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys []
S3 FTSER2K;@oem22.inf,%SvcDesc%;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys []
S3 GemCCID;GemCCID; C:\Windows\System32\drivers\GemCCID.sys []
S3 gencounter;@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter; C:\Windows\System32\drivers\vmgencounter.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_cea150c98a1ca844\genericusbfn.sys [2022-05-07 61440]
S3 GPIOClx0101;Microsoft GPIO Class Extension Driver; C:\Windows\System32\Drivers\msgpioclx.sys []
S3 HidBatt;@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver; C:\Windows\System32\drivers\HidBatt.sys []
S3 HidBth;@hidbth.inf,%HIDBTH.SvcDesc%;Miniport Microsoft Bluetooth HID; C:\Windows\System32\drivers\hidbth.sys []
S3 hidi2c;@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver; C:\Windows\System32\drivers\hidi2c.sys []
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys []
S3 HidIr;@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver; C:\Windows\System32\drivers\hidir.sys []
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\Windows\System32\drivers\hidspi.sys []
S3 HidSpiCx;HidSpi KMDF Class Extension; C:\Windows\system32\drivers\HidSpiCx.sys []
S3 HidUsb;@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver; C:\Windows\System32\drivers\hidusb.sys []
S3 Hsp;@hsp.inf,%Hsp.SVCDESC%;Microsoft Pluton Service; C:\Windows\System32\drivers\Hsp.sys []
S3 hvservice;@hvservice.inf,%hvservice.SvcDesc%;Microsoft Hypervisor Service Driver; C:\Windows\System32\drivers\hvservice.sys []
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys []
S3 hyperkbd;hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys []
S3 HyperVideo;HyperVideo; C:\Windows\System32\drivers\HyperVideo.sys []
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys []
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys []
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys []
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys []
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys []
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys []
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys []
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys []
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys []
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys []
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys []
S3 iaLPSSi_GPIO;@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys []
S3 iaLPSSi_I2C;@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver; C:\Windows\System32\drivers\iaLPSSi_I2C.sys []
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys []
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys []
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\Windows\System32\drivers\intelpmax.sys []
S3 IpFilterDriver;@%systemroot%\system32\mprmsg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys []
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys []
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys []
S3 iScsiPrt;@iscsi.inf,%iScsiPortName%;iScsiPort Driver; C:\Windows\System32\drivers\msiscsi.sys []
S3 kbdhid;@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver; C:\Windows\System32\drivers\kbdhid.sys []
S3 kbldfltr;kbldfltr; C:\Windows\system32\drivers\kbldfltr.sys []
S3 kdnic;@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20); C:\Windows\System32\drivers\kdnic.sys []
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys []
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys []
S3 MbbCx;MBB Network Adapter Class Extension; C:\Windows\system32\drivers\MbbCx.sys []
S3 Mbm4NNd5;@oem47.inf,%Mbm4.Service.Desc%;Dell Wireless 5550 HSPA+ Mini-Card Network Adapter; C:\Windows\System32\drivers\Mbm4NNd5.sys []
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys []
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys []
S3 mouhid;@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver; C:\Windows\System32\drivers\mouhid.sys []
S3 MRxDAV;@%systemroot%\system32\webclnt.dll,-104; C:\Windows\system32\drivers\mrxdav.sys []
S3 MsBridge;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\System32\drivers\bridge.sys []
S3 msgpiowin32;@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator; C:\Windows\System32\drivers\msgpiowin32.sys []
S3 mshidkmdf;@mshidkmdf.inf,%mshidkmdf.SvcName%;Pass-through HID to KMDF Filter Driver; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 mshidumdf;@%SystemRoot%\system32\drivers\mshidumdf.sys,-100; C:\Windows\System32\drivers\mshidumdf.sys []
S3 MSKSSRV;@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy; C:\Windows\System32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy; C:\Windows\System32\drivers\MSPCLOCK.sys []
S3 MSPQM;@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy; C:\Windows\System32\drivers\MSPQM.sys []
S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []
S3 MSTEE;@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\System32\drivers\MSTEE.sys []
S3 MTConfig;@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver; C:\Windows\System32\drivers\MTConfig.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys []
S3 NdisImPlatform;@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501; C:\Windows\System32\drivers\NdisImPlatform.sys []
S3 ndiswanlegacy;@%systemroot%\system32\mprmsg.dll,-32014; C:\Windows\System32\DRIVERS\ndiswan.sys []
S3 NDKPerf;NDKPerf Driver; C:\Windows\system32\drivers\NDKPerf.sys []
S3 NDKPing;NDKPing Driver; C:\Windows\system32\drivers\NDKPing.sys []
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys []
S3 netvsc;netvsc; C:\Windows\System32\drivers\netvsc.sys []
S3 P9Rdr;@%SystemRoot%\System32\drivers\p9rdr.sys,-100; C:\Windows\System32\drivers\p9rdr.sys []
S3 PktMon;Packet Monitor Driver; C:\Windows\system32\drivers\PktMon.sys []
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys []
S3 portcfg;portcfg; C:\Windows\System32\drivers\portcfg.sys []
S3 Processor;@cpu.inf,%Processor.SvcDesc%;Processor Driver; C:\Windows\System32\drivers\processr.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys []
S3 RDPDR;@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 ReFS;ReFS; C:\Windows\SysWOW64\drivers\ReFS.sys []
S3 ReFSv1;ReFSv1; C:\Windows\SysWOW64\drivers\ReFSv1.sys []
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys []
S4 cnghwassist;@%SystemRoot%\system32\drivers\cnghwassist.sys,-100; C:\Windows\System32\DRIVERS\cnghwassist.sys []
S4 ekbdflt;@oem34.inf,%ServiceName%;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys []
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys []
S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2022-08-17 41536]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ApHidMonitorService;@oem3.inf,%HidMonitor.SvcDisp%;Alps HID Monitor Service; C:\Program Files\DellTPad\HidMonitorSvc.exe [2015-07-09 87384]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 Audiosrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 BrokerInfrastructure;@%windir%\system32\bisrv.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 cbdhsvc_50919;Uživatelská služba schránky_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CDPUserSvc_50919;Uživatelská služba platformy připojených zařízení_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2022-12-27 9198496]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DcomLaunch;@combase.dll,-5012; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DellFFDPWmiService;@oem23.inf,%ST_Accel.WMISVCDisplayName%;Dell Free Fall Data Protection WMI Service; C:\Windows\System32\drivers\DellFFDPWmiService.exe []
R2 DeviceAssociationService;@%SystemRoot%\system32\das.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2023-01-18 3549872]
R2 EventLog;@%SystemRoot%\system32\wevtsvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R2 LSM;@%windir%\system32\lsm.dll,-1001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 mpssvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 DUMeterSvc;DU Meter Service; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2011-09-13 1432976]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2023-01-18 3549872]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 NcbService;@%SystemRoot%\system32\ncbservice.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 netprofm;@%SystemRoot%\system32\netprofmsvc.dll,-202; C:\Windows\System32\svchost.exe [2022-05-07 48096]
R3 NPSMSvc_50919;NPSMSvc_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2022-05-07 48096]
R3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S2 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S2 edgeupdate;Microsoft Edge Update Service (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2022-04-11 215992]
S2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AarSvc_50919;Agent Activation Runtime_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AppReadiness;@%SystemRoot%\System32\AppReadiness.dll,-1000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 AppXSvc;@%SystemRoot%\system32\appxdeploymentserver.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BcastDVRUserService_50919;Uživatelská služba pro GameDVR a vysílání her_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BluetoothUserService_50919;Služba pro podporu uživatelů Bluetooth_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CaptureService_50919;CaptureService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 CCleanerPerformanceOptimizerService;CCleaner Performance Optimizer Service; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [2022-08-12 1082896]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 cloudidsvc;@%SystemRoot%\system32\cloudidsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2022-05-07 20832]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ConsentUxUserSvc_50919;Uživatelská služba ConsentUX_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-03-09 300128]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\Windows\system32\CredentialEnrollmentManager.exe []
S3 CredentialEnrollmentManagerUserSvc_50919;CredentialEnrollmentManagerUserSvc_50919; C:\Windows\system32\CredentialEnrollmentManager.exe []
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 dcsvc;@%systemroot%\system32\dcsvc,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceAssociationBrokerSvc_50919;DeviceAssociationBroker_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DeviceInstall;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicePickerUserSvc_50919;DevicePicker_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevicesFlowUserSvc_50919;Tok zařízení_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 DsmSvc;@%SystemRoot%\system32\DeviceSetupManager.dll,-1000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 edgeupdatem;Microsoft Edge Update Service (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2022-04-11 215992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 fhsvc;@%systemroot%\system32\fhsvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2022-10-11 654848]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2022-05-06 45992]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 FrameServerMonitor;@%systemroot%\system32\FrameServerMonitor.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 hostcontrolsvc;@oem9.inf,%hostcontrolsvc.SvcDispName%;Credential Vault Host Control Service; C:\Windows\System32\HostControlService.exe []
S3 hoststoragesvc;@oem9.inf,%hoststoragesvc.SvcDispName%;Credential Vault Host Storage; C:\Windows\System32\HostStorageService.exe []
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 InventorySvc;@%SystemRoot%\system32\inventorysvc.dll,-501; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 McpManagementService;@%SystemRoot%\system32\McpManagementService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MessagingService_50919;Služba zasílání zpráv_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MixedRealityOpenXRSvc;@%SystemRoot%\system32\MixedRealityRuntime.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe []
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2022-05-07 145408]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NcaSvc;@%SystemRoot%\system32\ncasvc.dll,-3009; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NcdAutoSetup;@%SystemRoot%\system32\NcdAutoSetup.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe []
S3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 NlaSvc;@%SystemRoot%\system32\netprofmsvc.dll,-208; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 NPSMSvc;@%SystemRoot%\system32\npsm.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 P9RdrService;@%systemroot%\system32\p9rdrservice.dll,-102; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 P9RdrService_50919;P9RdrService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PenService;@%SystemRoot%\system32\PenService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PenService_50919;PenService_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe []
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2022-05-07 22016]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PimIndexMaintenanceSvc_50919;Data kontaktů_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 PrintNotify;@C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PrintWorkflowUserSvc_50919;PrintWorkflow_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe []
S4 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe []
S4 DialogBlockingService;@%SystemRoot%\system32\DialogBlockingService.dll,-100; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 lfsvc;@%SystemRoot%\System32\lfsvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 MsKeyboardFilter;@%SystemRoot%\system32\KeyboardFilterSvc.dll,-101; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2022-05-07 132520]
S4 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 OneSyncSvc_50919;Hostitel synchronizace_50919; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]
S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; C:\Windows\System32\svchost.exe [2022-05-07 48096]
S4 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2022-05-07 48096]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#2 Příspěvek od Rudy »

Zdravím!
Poprosím o logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . FRST je již za zenitem a není plněkompatibilní s 64b systémy. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#3 Příspěvek od kompanik »

Díky za odpověď. Ještě se domnívám jestli mi to do FF neleze do adresního řádku Firefoxu odněkud z GoogleCloud?
Tady je celý link:

Kód: Vybrat vše

http://www1.cdnsure.com/?tm=1&subid4=1677520213.0297840000&KW1=Google%20Cloud%20CDN&KW2=CDN%20Performance%20Monitoring&KW3=CDN%20Video%20Streaming%20Service&searchbox=0&domainname=0&backfill=0
---------------FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2023
Ran by o (administrator) on ° (Dell Inc. Latitude E6420) (27-02-2023 17:55:36)
Running from C:\Users\o\Downloads
Loaded Profiles: o
Platform: Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) Language: Čeština (Česko)
Default browser: "E:\Program Files\MozillaPortable\FirefoxPortable\App\Firefox\firefox.exe" -osint -url "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BonSoft) [File not signed] C:\Program Files (x86)\ClocX\ClocX.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) () [File not signed] C:\proces_killer.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2210.5.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(Mozilla Corporation -> Mozilla Corporation) E:\Program Files\MozillaPortable6061\FirefoxPortable\App\Firefox\firefox.exe <5>
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) C:\hiberfil\TrueCrypt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-08-21] (Open-Shell) [File not signed]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-01-18] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [3028880 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4704872 2015-10-07] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.61\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\proces_killer.exe – zástupce.lnk [2022-10-11]
ShortcutTarget: proces_killer.exe – zástupce.lnk -> C:\proces_killer.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk [2022-10-16]
ShortcutAndArgument: procexp.lnk -> C:\Program Files\Process Explorer\procexp.exe =>
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {29EB2A5C-9C1F-4110-B5DE-6E6A583B6F2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {445C8B71-64D3-4CDD-9D38-1AA7A0278D60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E0B2ECF-9D53-444A-9A1A-3C01E49B2DB8} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002UA => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E77781C-87AD-4A1F-8DFE-A6070CA7D5E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB76F84-1F05-49DA-AD85-5F5759159265} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [4997000 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {82A0D5DB-E759-4AA4-9216-E52D1B5AC682} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [6439584 2022-02-17] (HP Inc. -> HP Inc.)
Task: {AADFEBE1-0407-4DCA-9A72-DAD2DDBB0A86} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB4CC7D5-58DE-4DBA-ACB5-B35A777A87FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
Task: {E9F02B94-4D39-41E4-A11F-42712DB45C2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB8F0976-52E8-48E2-B73E-AF07DF842082} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002Core => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1EEE403-5583-4825-A620-E7B0637554D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{aac8e00e-0abd-42e1-9c7e-e56f0032480d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1d87705-c003-4799-8206-3924036d9dc4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [104.87.88.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.89.242.39,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.34.230,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.100,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.64,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.68,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 82 PersistentRoutes.


FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [33368 2022-01-27] ("STMicroelectronics Srl" -> )
R3 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1432976 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2022-10-11] (Macrovision Europe Ltd.) [File not signed]
S3 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [815616 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [161280 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304480 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249352 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [266240 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [265728 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe [873000 2011-09-13] (Ericsson AB -> Ericsson AB)
R2 wuauserv; C:\Windows\system32\wuauserv.dll [137560 2022-09-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bfs; C:\Windows\system32\drivers\bfs.sys [91504 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [102440 2011-09-06] (Ericsson AB -> Ericsson AB)
R3 d554scard; C:\Windows\system32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB -> Ericsson AB)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [163840 2009-05-31] (ReactOS Foundation -> )
R0 dc_fsf; C:\Windows\System32\drivers\dc_fsf.sys [21504 2009-05-31] (ReactOS Foundation -> )
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198416 2023-01-18] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119904 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [120928 2023-01-18] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237208 2023-01-18] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55392 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 GenPass; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S3 Mbm4NNd5; C:\Windows\System32\drivers\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S0 pvscsi; C:\Windows\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RoutePolicy; C:\Windows\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
R4 truecrypt; C:\hiberfil\truecrypt-x64.sys [231376 2017-11-01] (TrueCrypt Foundation -> TrueCrypt Foundation)
S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\Windows\System32\drivers\wtd.sys [118784 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 xTouch; system32\drivers\xtouch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-27 17:55 - 2023-02-27 17:56 - 000020166 _____ C:\Users\o\Downloads\FRST.txt
2023-02-27 17:55 - 2023-02-27 17:55 - 000000000 ____D C:\FRST
2023-02-27 17:54 - 2023-02-27 17:55 - 002378752 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2023-02-27 17:49 - 2023-02-27 17:51 - 000000000 ____D C:\Users\o\AppData\LocalLow\Mozilla
2023-02-27 16:42 - 2023-02-27 16:43 - 000000000 ____D C:\Program Files (x86)\trend micro
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\rsit
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\Program Files\trend micro
2023-02-27 16:22 - 2023-02-27 17:37 - 000000000 ____D C:\ProgramData\Mozilla
2023-02-27 16:21 - 2023-02-27 16:21 - 000730304 _____ C:\Windows\system32\perfh005.dat
2023-02-27 16:21 - 2023-02-27 16:21 - 000152472 _____ C:\Windows\system32\perfc005.dat
2023-02-27 15:22 - 2023-02-27 15:22 - 000000000 ____D C:\Users\o\AppData\Local\Mozilla
2023-02-27 15:13 - 2023-02-27 17:51 - 000000000 ____D C:\Users\o\AppData\Roaming\Mozilla
2023-02-27 14:50 - 2023-02-27 14:50 - 001804077 _____ C:\Users\o\Downloads\bookmarks.html
2023-02-27 13:30 - 2023-02-27 13:32 - 000029696 _____ C:\Users\o\Desktop\výpočet podílů.xls
2023-02-21 18:13 - 2023-02-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-02 12:20 - 2023-02-02 12:20 - 000000000 ____D C:\ProgramData\Delphi
2023-02-02 12:19 - 2023-02-02 12:19 - 000000000 ____D C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:18 - 2023-02-02 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E
2023-02-02 12:13 - 2023-02-02 12:18 - 000000000 ____D C:\Program Files (x86)\Delphi
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 15:04 - 2023-01-31 15:04 - 000000279 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2023-01-31 14:13 - 2023-01-31 14:13 - 000000000 ____D C:\ProgramData\Piriform
2023-01-31 14:02 - 2023-02-27 15:17 - 000000000 ____D C:\Program Files\CCleaner
2023-01-31 14:02 - 2023-01-31 14:02 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-01-31 14:02 - 2023-01-31 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:52 - 2023-01-31 13:52 - 000001499 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-27 17:50 - 2022-10-11 11:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-27 17:49 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-27 17:37 - 2022-10-11 19:08 - 000000000 ____D C:\Users\o\AppData\Local\WiFi Guard
2023-02-27 16:21 - 2022-09-18 20:31 - 001726784 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-27 16:21 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2023-02-27 16:16 - 2022-09-18 20:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-27 16:16 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2023-02-27 16:15 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o
2023-02-27 16:15 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-27 16:02 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\OpenShell
2023-02-27 15:43 - 2022-10-13 17:19 - 003784704 _____ C:\Users\o\hkcubackup.hiv
2023-02-27 15:17 - 2023-01-16 13:19 - 000000000 ____D C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 14:33 - 2023-01-16 10:50 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-27 13:14 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-27 12:29 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2023-02-26 17:31 - 2022-10-11 17:58 - 000000000 ____D C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 17:26 - 2022-10-11 16:45 - 000000000 ____D C:\Users\o\AppData\Local\EseeCloud
2023-02-26 15:32 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\GHISLER
2023-02-26 08:49 - 2022-10-18 13:58 - 000000000 ____D C:\Users\o\AppData\Roaming\vlc
2023-02-25 09:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-24 07:32 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-02-24 07:25 - 2022-10-18 17:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-02-23 07:47 - 2023-01-17 19:02 - 000000000 ____D C:\Users\o\AppData\Local\ElevatedDiagnostics
2023-02-21 18:13 - 2023-01-17 08:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-21 18:12 - 2022-09-18 20:55 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-16 16:32 - 2023-01-27 17:50 - 000000110 _____ C:\Users\o\AppData\default.pls
2023-02-15 07:40 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-08 12:14 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\VirtualStore
2023-02-03 08:37 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2023-02-02 12:32 - 2022-10-21 10:59 - 000000000 __SHD C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-01 18:35 - 2022-11-26 09:09 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2023-02-01 11:13 - 2022-11-30 10:26 - 000001064 _____ C:\Users\o\Desktop\TUFA ZÁMĚNA.lnk
2023-01-31 12:38 - 2022-11-08 19:01 - 000007637 _____ C:\Users\o\AppData\Local\resmon.resmoncfg
2023-01-31 10:13 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-01-28 18:33 - 2023-01-12 12:41 - 000000000 ____D C:\Users\o\AppData\Roaming\avidemux

==================== Files in the root of some directories ========

2022-10-11 16:18 - 2008-07-14 03:48 - 000087040 _____ (Redmond Pie) C:\Program Files\Turn Off LCD.exe
2022-10-31 11:14 - 2022-10-31 11:14 - 000001551 _____ () C:\Users\o\AppData\Local\recently-used.xbel
2022-11-08 19:01 - 2023-01-31 12:38 - 000007637 _____ () C:\Users\o\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2022-11-03 12:40 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

------------------Additional scan-----------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (27-02-2023 17:56:59)
Running from C:\Users\o\Downloads
Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) (2022-10-11 08:36:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-420885920-907360551-2966618288-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-420885920-907360551-2966618288-503 - Limited - Disabled)
Guest (S-1-5-21-420885920-907360551-2966618288-501 - Limited - Disabled)
o (S-1-5-21-420885920-907360551-2966618288-1002 - Administrator - Enabled) => C:\Users\o
WDAGUtilityAccount (S-1-5-21-420885920-907360551-2966618288-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
AIDA64 Extreme Edition v2.60 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.60 - FinalWire Ltd.)
Avidemux VC++ 64bits (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{b032475d-89d7-4b82-b9ba-98f560256cfc}) (Version: 2.8.1 - Mean)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.14.0.669 - Ilya Morozov)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 7.0.0.4 - Dell)
Delphi 2015 Release 1 rev. 3 for CDP+ DS150E (HKLM-x32\...\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E) (Version: - )
DiskCryptor 0.7 (HKLM\...\DiskCryptor_is1) (Version: 0.7 - hxxp://diskcryptor.net/)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
Easy GIF Animator 7.3 (HKLM-x32\...\Easy GIF Animator_is1) (Version: 7.0 - Karlis Blumentals)
eObčanka (HKLM\...\{ED161D20-FDCF-4C7C-A84E-45B7E05B9BC1}) (Version: 3.3.1.22411 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EseeCloud 3.0.3 (HKLM-x32\...\EseeCloud) (Version: 3.0.3 - My company, Inc.)
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.26.0 - ESET, spol. s r.o.)
ExplorerPatcher (HKLM\...\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher) (Version: 22621.608.51.1 - VALINET Solutions SRL)
Facemoods Toolbar (HKLM-x32\...\facemoods) (Version: - )
FotoMix version 8.7.4 (HKLM-x32\...\{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1) (Version: 8.7.4 - Digital Photo Software)
HP Dropbox Plugin (HKLM-x32\...\{D58993B3-BA5F-4181-8D1C-05D0302398EB}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C777EAED-CEE8-4AF4-A2DE-2A0FC510481A}) (Version: 40.13.54.81239 - HP)
Infovox Desktop 2.2 (HKLM-x32\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.220.3 - Acapela Group)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft Office LTSC Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Volume - cs-cz) (Version: 16.0.14332.20461 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Old Classic Calculator for Windows 11 and Windows 10 (HKLM\...\Old Classic Calculator for Windows 11 and Windows 10_is1) (Version: 2.0 - Winaero)
Open-Shell (HKLM\...\{D409C74C-5665-4D30-B7F3-C0E8DB2E6DE1}) (Version: 4.4.175 - The Open-Shell Team)
Revo Uninstaller Pro 5.0.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.6 - VS Revo Group, Ltd.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Studie vylepšování produktu HP DeskJet 3700 series (HKLM\...\{1453F5D7-75A6-40B0-B608-A6DC66592DF2}) (Version: 40.16.1234.2248 - HP Inc.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Telegram Desktop (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.3 - Telegram FZ-LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.0 beta 10 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
Základní software zařízení HP DeskJet 3700 series (HKLM\...\{80941248-1005-40AB-AB98-F061D5718F19}) (Version: 40.16.1234.2248 - HP Inc.)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-17] (Microsoft Corp.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2023-02-22] (0)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-18] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-11] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm [2023-02-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-11] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-10-11] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Komunikace\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()

==================== Loaded Modules (Whitelisted) =============

2022-09-18 21:00 - 2021-03-18 20:30 - 000006144 _____ () [File not signed] C:\Program Files\totalcmd\msimg32.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Windows\system32\wincorlib.dll] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib_orig.dll
2022-08-21 19:53 - 2022-08-21 19:53 - 002700288 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000198656 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2023-01-30 17:04 - 000021276 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net

There are 488 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-420885920-907360551-2966618288-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\o\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "procexp.lnk"
HKLM\...\StartupApproved\Run32: => "facemoods"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "ShowBatteryBar"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E89A73B4-759E-407D-974B-740245FA73B7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB36F47-5BCA-4F32-8201-27E1C1AA9479}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F65C52C-DD35-4DDE-AE93-72A1C127572B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4681033D-ABE3-4F2F-8D65-3B7740E1DD62}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{F90FF48F-75A7-47B6-8B2C-D05784D8451F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{6AE02390-E2D0-4584-83D7-8F062A6428E3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{22EECB14-8C91-4E40-81B2-CED145F37C89}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{F4A123EE-A742-42F7-8190-D48E19ACA39E}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{0EF61B22-064B-40EF-973D-CC5813B96FCA}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9983DAF1-2D01-4660-A58F-C58C4369728E}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{95FD8BC3-5A64-48F6-8DAD-E1DCD2EBD7F4}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BD5AAEB-E7D0-4C71-B32B-3904C2F0D393}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B8E0003-4F1F-4C5D-8AB7-7B9BA37C318E}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E1719C30-002C-4065-A1D7-2CD24AAB3229}] => (Allow) LPort=5357
FirewallRules: [{5723CE7E-00E5-48CA-A4DA-E5FCB15638B8}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{2AFF3862-E697-41A5-AE71-05F9E9F79416}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{62B6FAAA-F492-4674-A99F-A619E37C7D05}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AEB54618-045C-4B1C-A562-07F1DCDAEC59}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0F92009F-82EC-49F4-BEC7-E715ECF41C45}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{050828B2-E6D5-46FA-9F3C-2931E8162500}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{51FFCB4A-2A42-45A0-8D7B-A3A1038E4AF2}] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Síťový adaptér ladění jádra společnosti Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Řadič velkokapacitního paměťového zařízení
Description: Řadič velkokapacitního paměťového zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Description: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell
Service: Mbm4NNd5
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Virtuální adaptér Microsoft Wi-Fi Direct
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/27/2023 05:17:09 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/27/2023 05:02:53 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (02/27/2023 04:18:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/27/2023 04:18:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/27/2023 04:15:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/27/2023 04:15:05 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Výchozí správce prostředků transakcí na svazku E: zaznamenal neopakovatelnou chybu a nemohl být spuštěn. Data obsahují kód chyby.

Error: (02/27/2023 03:17:35 PM) (Source: DCOM) (EventID: 10000) (User: °)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/27/2023 03:14:48 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (02/27/2023 01:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/27/2023 01:09:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).


Windows Defender:
================Event[0]

Date: 2023-02-24 07:25:19
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 12:03:39
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

CodeIntegrity:
===============
Date: 2023-02-20 07:16:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-02-02 15:35:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A25 03/06/2018
Motherboard: Dell Inc. 0P6K8J
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8073.01 MB
Available physical RAM: 3784.25 MB
Total Virtual: 8073.01 MB
Available Virtual: 3985.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.47 GB) (Free:43.97 GB) (Model: LITEONIT LCT-256M3S) NTFS
Drive e: () (Fixed) (Total:160.35 GB) (Free:77.45 GB) (Model: LITEONIT LCT-256M3S) NTFS

\\?\Volume{d7b34521-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-206113000000}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-108813000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{bca44258-493f-11ed-91eb-c01885d85a3e}\ () () (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: D7B34521)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=622 MB) - (Type=27)
Partition 4: (Not Active) - (Size=160.3 GB) - (Type=06)

==================== End of Addition.txt =================

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#4 Příspěvek od kompanik »

Ještě poznámka:
Dělá mi to aktuální Firefox Portable nastavený jako výchozí. Přitom na stejném disku mám FF starší verze (60.6.1esr) a ten je ok. Také jsem zkusil ze zálohy na ext.HDD přetáhnout "zdravý" FF portable, ale po spuštění to tam bylo zase. Prohledal jsem celý komp pomocí TotalCommanderu a nic jako "cdnsure" nenašel. Také registr jsem celý prohledal a "cdnsure" nikde! Co se mi to spouští? Odkud?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#5 Příspěvek od Rudy »

OK, uvidíme, co v PC je. Spusťte teď tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#6 Příspěvek od kompanik »

Asi jsem to našel - skenoval jsem složku FF profile TotalCommanderem - vyhledávání textu slovo cdnsure. Našlo to soubor v Profile:
e:\Program Files\MozillaPortable\FirefoxPortable\Data\profile\storage\default\moz-extension+++a3da99dc-1466-4ab4-a338-6c4daa305ed2\idb\388818605isntshig.sqlite
Jenže po jeho odstranění to do adresního řádku stále skákalo.
Raději jsem vyměnil celý obsah složky Profile za nový z nově nainstalovaného FF - a pak to přestalo !! :happy: .
Zajímavé je, že při spojení s kamarádem přes TeamViewer jsem u sebe FF nespouštěl.
Přesto dávám log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-28-2023
# Duration: 00:00:01
# OS: Windows 11 (Build 22622.598)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****


No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5575 octets] - [28/02/2023 07:18:35]
AdwCleaner[C00].txt - [5052 octets] - [28/02/2023 07:20:47]
AdwCleaner[S01].txt - [1541 octets] - [28/02/2023 07:22:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
======================
Naposledy upravil(a) kompanik dne 28 úno 2023 08:47, celkem upraveno 1 x.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#7 Příspěvek od kompanik »

Tady je ukázka toho co mi zachytil Eset :

Obrázek

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#8 Příspěvek od Rudy »

Toto je OK, ještě dočistíme. Smazal jste nějaké javascripty. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File


Hosts:
EmptyTemp:
End
Uložte do C:\Users\o\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#9 Příspěvek od kompanik »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2023
Ran by o (administrator) on ° (Dell Inc. Latitude E6420) (28-02-2023 12:23:00)
Running from C:\Users\o\Downloads
Loaded Profiles: o
Platform: Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(BonSoft) [File not signed] C:\Program Files (x86)\ClocX\ClocX.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) () [File not signed] C:\proces_killer.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2210.5.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use] C:\Program Files (x86)\DU Meter\DUMeter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) C:\hiberfil\TrueCrypt.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-08-21] (Open-Shell) [File not signed]
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194704 2023-01-18] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [3028880 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4704872 2015-10-07] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.61\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
IFEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP64.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\proces_killer.exe – zástupce.lnk [2022-10-11]
ShortcutTarget: proces_killer.exe – zástupce.lnk -> C:\proces_killer.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.lnk [2022-10-16]
ShortcutAndArgument: procexp.lnk -> C:\Program Files\Process Explorer\procexp.exe =>
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {29EB2A5C-9C1F-4110-B5DE-6E6A583B6F2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {445C8B71-64D3-4CDD-9D38-1AA7A0278D60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E0B2ECF-9D53-444A-9A1A-3C01E49B2DB8} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002UA => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E77781C-87AD-4A1F-8DFE-A6070CA7D5E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB76F84-1F05-49DA-AD85-5F5759159265} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [4997000 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
Task: {82A0D5DB-E759-4AA4-9216-E52D1B5AC682} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [6439584 2022-02-17] (HP Inc. -> HP Inc.)
Task: {AADFEBE1-0407-4DCA-9A72-DAD2DDBB0A86} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACB42C3E-81AE-4276-B5F3-BBB70F926698} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {CB4CC7D5-58DE-4DBA-ACB5-B35A777A87FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {D5DE618F-0A36-4713-A6D5-CFE385B70B26} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-14] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
Task: {E9F02B94-4D39-41E4-A11F-42712DB45C2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB8F0976-52E8-48E2-B73E-AF07DF842082} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-420885920-907360551-2966618288-1002Core => C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1EEE403-5583-4825-A620-E7B0637554D4} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{aac8e00e-0abd-42e1-9c7e-e56f0032480d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1d87705-c003-4799-8206-3924036d9dc4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [104.87.88.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.89.242.39,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.34.230,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.100,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.64,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.61.68,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 82 PersistentRoutes.


FireFox:
========
FF DefaultProfile: i32rvwlq.default
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\i32rvwlq.default [2023-02-27]
FF ProfilePath: C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release [2023-02-28]
FF Homepage: Mozilla\Firefox\Profiles\s668ffa6.default-release -> hxxp://tyrs.webzdarma.cz/Tirsch.html
FF Extension: (Close Tab Button) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\close-tab-single@codefisher.org.xpi [2022-11-03]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\firefox@ghostery.com.xpi [2022-12-25]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-09-11]
FF Extension: (I don't care about cookies) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2023-02-27]
FF Extension: (Tab Mix - Links) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\webext@tabmixplus.org.xpi [2018-12-26]
FF Extension: (Zoom Page WE) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\zoompage-we@DW-dev.xpi [2023-02-11]
FF Extension: (Color of Rainbow) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{0764362e-a64d-4da8-aac2-c392b8826d7d}.xpi [2020-01-01]
FF Extension: (Cookie Cleaner (Cookie Eraser)) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{22b80bb1-c181-4870-8fc0-951f6966b703}.xpi [2022-11-03]
FF Extension: (candy happy happy colorful pretty) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{48d3eaef-26d9-4edd-9041-981eb48ba56f}.xpi [2023-02-27]
FF Extension: (undo) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{5997e7bd-1940-4058-a5f4-1562afce6353}.xpi [2022-11-03]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2023-01-27]
FF Extension: (User-Agent Switcher and Manager) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}.xpi [2022-12-25]
FF Extension: (Feedbro) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi [2023-02-24]
FF Extension: (No Name) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-02-11]
FF Extension: (FVD Video Downloader) - C:\Users\o\AppData\Roaming\Mozilla\Firefox\Profiles\s668ffa6.default-release\Extensions\{f171ff98-4433-4de4-9976-d87525a80c45}.xpi [2019-05-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2023-02-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [33368 2022-01-27] ("STMicroelectronics Srl" -> )
R3 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1432976 2011-09-13] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) [File not signed] [File is in use]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549872 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2022-10-11] (Macrovision Europe Ltd.) [File not signed]
S3 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [815616 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [161280 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 InventorySvc; C:\Windows\system32\inventorysvc.dll [304480 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249352 2022-09-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\Windows\System32\TabSvc.dll [266240 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [265728 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe [873000 2011-09-13] (Ericsson AB -> Ericsson AB)
R2 wuauserv; C:\Windows\system32\wuauserv.dll [137560 2022-09-18] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bfs; C:\Windows\system32\drivers\bfs.sys [91504 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
R3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [102440 2011-09-06] (Ericsson AB -> Ericsson AB)
R3 d554scard; C:\Windows\system32\DRIVERS\d554scard.sys [61992 2011-08-17] (Ericsson AB -> Ericsson AB)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [163840 2009-05-31] (ReactOS Foundation -> )
R0 dc_fsf; C:\Windows\System32\drivers\dc_fsf.sys [21504 2009-05-31] (ReactOS Foundation -> )
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198416 2023-01-18] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [119904 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [120928 2023-01-18] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237208 2023-01-18] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55392 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81696 2023-01-18] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2023-01-18] (ESET, spol. s r.o. -> ESET)
S3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S0 GenPass; C:\Windows\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S3 Mbm4NNd5; C:\Windows\System32\drivers\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation -> MCCI Corporation)
R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation -> MCCI Corporation)
S0 pvscsi; C:\Windows\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RoutePolicy; C:\Windows\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
R4 truecrypt; C:\hiberfil\truecrypt-x64.sys [231376 2017-11-01] (TrueCrypt Foundation -> TrueCrypt Foundation)
S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\Windows\System32\drivers\wtd.sys [118784 2022-09-18] (Microsoft Windows -> Microsoft Corporation)
S3 xTouch; system32\drivers\xtouch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-28 12:09 - 2023-02-28 12:09 - 000730304 _____ C:\Windows\system32\perfh005.dat
2023-02-28 12:09 - 2023-02-28 12:09 - 000152472 _____ C:\Windows\system32\perfc005.dat
2023-02-28 12:08 - 2023-02-27 17:55 - 002378752 _____ (Farbar) C:\Users\o\Downloads\FRST64.exe
2023-02-28 12:06 - 2023-02-28 12:06 - 000002988 _____ C:\Users\o\Downloads\fixlist..txt
2023-02-28 07:18 - 2023-02-28 07:20 - 000000000 ____D C:\AdwCleaner
2023-02-28 07:14 - 2023-02-28 07:14 - 008791352 _____ (Malwarebytes) C:\Users\o\Downloads\adwcleaner.exe
2023-02-27 21:23 - 2023-02-27 21:23 - 000152088 _____ C:\Users\o\Downloads\logins.csv
2023-02-27 19:44 - 2023-02-28 12:04 - 000000000 ____D C:\Users\o\AppData\LocalLow\Mozilla
2023-02-27 19:44 - 2023-02-27 22:00 - 000000000 ____D C:\Users\o\AppData\Roaming\Mozilla
2023-02-27 19:38 - 2023-02-28 07:15 - 000000586 _____ C:\Users\o\Desktop\cdkokotina.txt
2023-02-27 19:08 - 2023-02-27 19:48 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-02-27 19:08 - 2023-02-27 19:08 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk
2023-02-27 19:08 - 2023-02-27 19:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-27 19:08 - 2023-02-27 19:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-27 19:08 - 2023-02-27 19:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-27 18:55 - 2023-02-27 18:55 - 000350080 _____ (Mozilla) C:\Users\o\Downloads\Firefox Installer.exe
2023-02-27 17:56 - 2023-02-28 12:13 - 000045141 _____ C:\Users\o\Downloads\Addition.txt
2023-02-27 17:55 - 2023-02-28 12:23 - 000023907 _____ C:\Users\o\Downloads\FRST.txt
2023-02-27 17:55 - 2023-02-28 12:23 - 000000000 ____D C:\FRST
2023-02-27 16:42 - 2023-02-27 16:43 - 000000000 ____D C:\Program Files (x86)\trend micro
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\rsit
2023-02-27 16:29 - 2023-02-27 16:30 - 000000000 ____D C:\Program Files\trend micro
2023-02-27 15:22 - 2023-02-27 18:38 - 000000000 ____D C:\Users\o\AppData\Local\Mozilla
2023-02-27 14:50 - 2023-02-27 14:50 - 001804077 _____ C:\Users\o\Downloads\bookmarks.html
2023-02-21 18:13 - 2023-02-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-02 12:20 - 2023-02-02 12:20 - 000000000 ____D C:\ProgramData\Delphi
2023-02-02 12:19 - 2023-02-02 12:19 - 000000000 ____D C:\Users\o\AppData\Roaming\Delphi
2023-02-02 12:18 - 2023-02-02 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E
2023-02-02 12:13 - 2023-02-02 12:18 - 000000000 ____D C:\Program Files (x86)\Delphi
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2023-02-02 12:11 - 2023-02-02 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2023-01-31 15:04 - 2023-01-31 15:04 - 000000279 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2023-01-31 14:13 - 2023-01-31 14:13 - 000000000 ____D C:\ProgramData\Piriform
2023-01-31 14:02 - 2023-02-27 15:17 - 000000000 ____D C:\Program Files\CCleaner
2023-01-31 14:02 - 2023-01-31 14:02 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-01-31 14:02 - 2023-01-31 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-01-31 13:52 - 2023-01-31 13:52 - 000001499 _____ C:\Users\o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-28 12:20 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-28 12:09 - 2022-09-18 20:31 - 001726784 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-28 12:09 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2023-02-28 12:06 - 2022-10-11 19:08 - 000000000 ____D C:\Users\o\AppData\Local\WiFi Guard
2023-02-28 12:05 - 2022-10-11 11:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-28 12:02 - 2022-09-18 20:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-28 12:02 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2023-02-28 11:46 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\OpenShell
2023-02-28 11:46 - 2022-05-07 06:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-28 11:06 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-28 07:36 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-28 07:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2023-02-27 16:15 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o
2023-02-27 15:43 - 2022-10-13 17:19 - 003784704 _____ C:\Users\o\hkcubackup.hiv
2023-02-27 15:17 - 2023-01-16 13:19 - 000000000 ____D C:\Users\o\AppData\Roaming\TeamViewer
2023-02-27 14:33 - 2023-01-16 10:50 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-26 17:31 - 2022-10-11 17:58 - 000000000 ____D C:\Users\o\AppData\Roaming\Telegram Desktop
2023-02-26 17:26 - 2022-10-11 16:45 - 000000000 ____D C:\Users\o\AppData\Local\EseeCloud
2023-02-26 15:32 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\GHISLER
2023-02-26 08:49 - 2022-10-18 13:58 - 000000000 ____D C:\Users\o\AppData\Roaming\vlc
2023-02-24 07:32 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-02-24 07:25 - 2022-10-18 17:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-02-23 07:47 - 2023-01-17 19:02 - 000000000 ____D C:\Users\o\AppData\Local\ElevatedDiagnostics
2023-02-21 18:13 - 2023-01-17 08:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-21 18:13 - 2023-01-17 08:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-21 18:12 - 2022-09-18 20:55 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-16 16:32 - 2023-01-27 17:50 - 000000110 _____ C:\Users\o\AppData\default.pls
2023-02-15 07:40 - 2022-09-18 20:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-08 12:14 - 2022-10-11 09:38 - 000000000 ____D C:\Users\o\AppData\Local\VirtualStore
2023-02-03 08:37 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2023-02-02 12:32 - 2022-10-21 10:59 - 000000000 __SHD C:\Users\o\AppData\Roaming\wyUpdate AU
2023-02-01 18:35 - 2022-11-26 09:09 - 000000000 ____D C:\Users\o\AppData\Local\CrashDumps
2023-02-01 11:13 - 2022-11-30 10:26 - 000001064 _____ C:\Users\o\Desktop\TUFA ZÁMĚNA.lnk
2023-01-31 12:38 - 2022-11-08 19:01 - 000007637 _____ C:\Users\o\AppData\Local\resmon.resmoncfg
2023-01-31 10:13 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

==================== Files in the root of some directories ========

2022-10-11 16:18 - 2008-07-14 03:48 - 000087040 _____ (Redmond Pie) C:\Program Files\Turn Off LCD.exe
2022-10-31 11:14 - 2022-10-31 11:14 - 000001551 _____ () C:\Users\o\AppData\Local\recently-used.xbel
2022-11-08 19:01 - 2023-01-31 12:38 - 000007637 _____ () C:\Users\o\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2022-11-03 12:40 C:\Windows\UV_LastPW.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (28-02-2023 12:24:11)
Running from C:\Users\o\Downloads
Microsoft Windows 11 Pro Version 22H2 22622.598 (X64) (2022-10-11 08:36:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-420885920-907360551-2966618288-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-420885920-907360551-2966618288-503 - Limited - Disabled)
Guest (S-1-5-21-420885920-907360551-2966618288-501 - Limited - Disabled)
o (S-1-5-21-420885920-907360551-2966618288-1002 - Administrator - Enabled) => C:\Users\o
WDAGUtilityAccount (S-1-5-21-420885920-907360551-2966618288-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
AIDA64 Extreme Edition v2.60 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.60 - FinalWire Ltd.)
Avidemux VC++ 64bits (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{b032475d-89d7-4b82-b9ba-98f560256cfc}) (Version: 2.8.1 - Mean)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.14.0.669 - Ilya Morozov)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 7.0.0.4 - Dell)
Delphi 2015 Release 1 rev. 3 for CDP+ DS150E (HKLM-x32\...\Delphi 2015 Release 1 rev. 3 for CDP+ DS150E) (Version: - )
DiskCryptor 0.7 (HKLM\...\DiskCryptor_is1) (Version: 0.7 - hxxp://diskcryptor.net/)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
Easy GIF Animator 7.3 (HKLM-x32\...\Easy GIF Animator_is1) (Version: 7.0 - Karlis Blumentals)
eObčanka (HKLM\...\{ED161D20-FDCF-4C7C-A84E-45B7E05B9BC1}) (Version: 3.3.1.22411 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EseeCloud 3.0.3 (HKLM-x32\...\EseeCloud) (Version: 3.0.3 - My company, Inc.)
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.26.0 - ESET, spol. s r.o.)
ExplorerPatcher (HKLM\...\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher) (Version: 22621.608.51.1 - VALINET Solutions SRL)
FotoMix version 8.7.4 (HKLM-x32\...\{10A0255E-0B73-4397-AB4E-E3667EDA70E4}_is1) (Version: 8.7.4 - Digital Photo Software)
HP Dropbox Plugin (HKLM-x32\...\{D58993B3-BA5F-4181-8D1C-05D0302398EB}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C777EAED-CEE8-4AF4-A2DE-2A0FC510481A}) (Version: 40.13.54.81239 - HP)
Infovox Desktop 2.2 (HKLM-x32\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.220.3 - Acapela Group)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft Office LTSC Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Volume - cs-cz) (Version: 16.0.14332.20461 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\OneDriveSetup.exe) (Version: 22.176.0821.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 110.0 (x64 cs)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 110.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 7 Essentials (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Old Classic Calculator for Windows 11 and Windows 10 (HKLM\...\Old Classic Calculator for Windows 11 and Windows 10_is1) (Version: 2.0 - Winaero)
Open-Shell (HKLM\...\{D409C74C-5665-4D30-B7F3-C0E8DB2E6DE1}) (Version: 4.4.175 - The Open-Shell Team)
Revo Uninstaller Pro 5.0.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.6 - VS Revo Group, Ltd.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Studie vylepšování produktu HP DeskJet 3700 series (HKLM\...\{1453F5D7-75A6-40B0-B608-A6DC66592DF2}) (Version: 40.16.1234.2248 - HP Inc.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Telegram Desktop (HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.3 - Telegram FZ-LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.0 beta 10 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version: - Christian Taubenheim)
Základní software zařízení HP DeskJet 3700 series (HKLM\...\{80941248-1005-40AB-AB98-F061D5718F19}) (Version: 40.16.1234.2248 - HP Inc.)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-17] (Microsoft Corp.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2023-02-22] (0)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-18] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-11] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm [2023-02-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-11] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-10-11] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\o\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-420885920-907360551-2966618288-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-01-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6-x32: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm.dll [2010-08-18] () [File not signed]
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll [2010-09-06] () [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2022-08-21] (Open-Shell) [File not signed]
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()
Shortcut: C:\Users\o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Komunikace\ChangeID.bat – zástupce.lnk -> C:\Program Files\TeamViewer\ChangeID.bat ()

==================== Loaded Modules (Whitelisted) =============

2022-09-18 21:00 - 2021-03-18 20:30 - 000006144 _____ () [File not signed] C:\Program Files\totalcmd\msimg32.dll
2022-10-11 13:29 - 2010-09-06 20:21 - 000538435 _____ () [File not signed] E:\INSTALAČKY\Media\JpegResamplerZmenšujeHromadněFoto\JRcm64.dll
2007-01-19 03:23 - 2007-05-10 22:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Windows\system32\wincorlib.dll] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib_orig.dll
2022-08-21 19:53 - 2022-08-21 19:53 - 002700288 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2022-08-21 19:52 - 2022-08-21 19:52 - 000412160 _____ (Open-Shell) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll
2022-10-15 10:31 - 2022-10-15 10:31 - 000198656 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL
2022-10-15 10:31 - 2022-10-15 10:31 - 000631296 _____ (VALINET Solutions SRL) [File not signed] C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-08-21] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2022-10-30] () [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 06:24 - 2023-01-30 17:04 - 000021276 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 ars.smartscreen.microsoft.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 blob.weather.microsoft.com
0.0.0.0 candycrushsoda.king.com
0.0.0.0 cdn.content.prod.cms.msn.com
0.0.0.0 cdn.onenote.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 client.wns.windows.com
0.0.0.0 client-s.gateway.messenger.live.com
0.0.0.0 clientconfig.passport.net
0.0.0.0 deploy.static.akamaitechnologies.com
0.0.0.0 device.auth.xboxlive.com
0.0.0.0 dmd.metaservices.microsoft.com
0.0.0.0 dns.msftncsi.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 img-s-msn-com.akamaized.net
0.0.0.0 insiderppe.cloudapp.net
0.0.0.0 licensing.mp.microsoft.com
0.0.0.0 mediaredirect.microsoft.com
0.0.0.0 msftncsi.com
0.0.0.0 officeclient.microsoft.com
0.0.0.0 oneclient.sfx.ms
0.0.0.0 pti.store.microsoft.com
0.0.0.0 query.prod.cms.rt.microsoft.com
0.0.0.0 register.cdpcs.microsoft.com
0.0.0.0 s0.2mdn.net

There are 488 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-420885920-907360551-2966618288-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\o\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "procexp.lnk"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "ShowBatteryBar"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D00C0CEE96A4247AC77E9CCCCA600BF0"
HKU\S-1-5-21-420885920-907360551-2966618288-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E89A73B4-759E-407D-974B-740245FA73B7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB36F47-5BCA-4F32-8201-27E1C1AA9479}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F65C52C-DD35-4DDE-AE93-72A1C127572B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4681033D-ABE3-4F2F-8D65-3B7740E1DD62}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{F90FF48F-75A7-47B6-8B2C-D05784D8451F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{6AE02390-E2D0-4584-83D7-8F062A6428E3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{22EECB14-8C91-4E40-81B2-CED145F37C89}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{F4A123EE-A742-42F7-8190-D48E19ACA39E}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{0EF61B22-064B-40EF-973D-CC5813B96FCA}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9983DAF1-2D01-4660-A58F-C58C4369728E}E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{95FD8BC3-5A64-48F6-8DAD-E1DCD2EBD7F4}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BD5AAEB-E7D0-4C71-B32B-3904C2F0D393}] => (Block) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B8E0003-4F1F-4C5D-8AB7-7B9BA37C318E}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E1719C30-002C-4065-A1D7-2CD24AAB3229}] => (Allow) LPort=5357
FirewallRules: [{5723CE7E-00E5-48CA-A4DA-E5FCB15638B8}] => (Allow) C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{2AFF3862-E697-41A5-AE71-05F9E9F79416}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{62B6FAAA-F492-4674-A99F-A619E37C7D05}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AEB54618-045C-4B1C-A562-07F1DCDAEC59}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0F92009F-82EC-49F4-BEC7-E715ECF41C45}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{050828B2-E6D5-46FA-9F3C-2931E8162500}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{51FFCB4A-2A42-45A0-8D7B-A3A1038E4AF2}] => (Allow) E:\program files\mozillaportable\firefoxportable\app\firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CD11FFA7-F9C2-4AE8-B2CB-1D872C550581}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B8C1358A-D80A-4AB8-ADD6-C556D3D62AF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

28-02-2023 07:20:25 AdwCleaner_BeforeCleaning_28/02/2023_07:20:25

==================== Faulty Device Manager Devices ============

Name: Intel(R) 82579LM Gigabit Network Connection
Description: Intel(R) 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Síťový adaptér ladění jádra společnosti Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Řadič velkokapacitního paměťového zařízení
Description: Řadič velkokapacitního paměťového zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Description: Dell Wireless 5550 HSPA+ Mini-Card Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell
Service: Mbm4NNd5
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Virtuální adaptér Microsoft Wi-Fi Direct
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/27/2023 05:17:09 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:17:07 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/27/2023 05:02:53 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/27/2023 05:02:51 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (02/28/2023 12:04:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 12:04:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/28/2023 12:01:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/28/2023 11:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 11:08:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).

Error: (02/28/2023 11:05:53 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/28/2023 07:32:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/28/2023 07:32:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft Edge Update Service (edgeupdate) bylo dosaženo časového limitu (180000 ms).


Windows Defender:
================Event[0]

Date: 2023-02-24 07:25:19
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 12:03:39
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

Date: 2023-02-03 08:21:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2696.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80072efd
Popis chyby: Spojení se serverem nebylo navázáno.

CodeIntegrity:
===============
Date: 2023-02-20 07:16:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-02-02 15:35:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A25 03/06/2018
Motherboard: Dell Inc. 0P6K8J
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 8073.01 MB
Available physical RAM: 4124.59 MB
Udělal jsem to a šlo to do restartu.
Mj. mám šparný čas o hod. méně - opravím

Total Virtual: 8073.01 MB
Available Virtual: 4067.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.47 GB) (Free:42.94 GB) (Model: LITEONIT LCT-256M3S) NTFS
Drive e: () (Fixed) (Total:160.35 GB) (Free:77.38 GB) (Model: LITEONIT LCT-256M3S) NTFS

\\?\Volume{d7b34521-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-206113000000}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{d7b34521-0000-0000-0000-108813000000}\ () (Fixed) (Total:0 GB) (Free:0 GB)

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: D7B34521)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=622 MB) - (Type=27)
Partition 4: (Not Active) - (Size=160.3 GB) - (Type=06)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#10 Příspěvek od Rudy »

Potřebuji vidět obsah souboru fixlog.txt. Měl by být v C:\Users\o\Downloads. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#11 Příspěvek od kompanik »

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by o (28-02-2023 12:25:27) Run:1
Running from C:\Users\o\Downloads
Loaded Profiles: o
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2020-07-05] () [File not signed]
Task: {073613C6-DEA3-48A3-8543-DB9844050F0F} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {D280B879-0334-433A-B737-9D19790E9B5C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {D3B2319F-5CB4-4ED6-997D-AA89A7251BE3} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe (No File)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => -> No File
ContextMenuHandlers1_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-420885920-907360551-2966618288-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File


Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{073613C6-DEA3-48A3-8543-DB9844050F0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{073613C6-DEA3-48A3-8543-DB9844050F0F}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HPDeviceCheck => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HPDeviceCheck" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D280B879-0334-433A-B737-9D19790E9B5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D280B879-0334-433A-B737-9D19790E9B5C}" => removed successfully
C:\Windows\System32\Tasks\CCleaner Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3B2319F-5CB4-4ED6-997D-AA89A7251BE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B2319F-5CB4-4ED6-997D-AA89A7251BE3}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Web Products Detection => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Web Products Detection" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Balabolka => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\S-1-5-21-420885920-907360551-2966618288-1002\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7535987 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1162120 B
Edge => 0 B
Firefox => 97760587 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 114508 B
ProgramData => 114508 B
Public => 114508 B
systemprofile => 114508 B
systemprofile32 => 114508 B
LocalService => 783911 B
NetworkService => 793905 B
o => 11050514 B

RecycleBin => 0 B
EmptyTemp: => 114.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:25:35 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#12 Příspěvek od Rudy »

Bylo smazáno, lo by již měl být OK. Vše v pořádku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#13 Příspěvek od kompanik »

Vše v pořádku. Díky moc. Co jsem dlužen za pomoc?
Ale ... chci udělat zálohu na ext. HDD a nejde mi to. Disk je dost velký, vyčištěný a po několika minutách to ohlási kód chyby 0x811000033.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: příliv trojanů

#14 Příspěvek od Rudy »

Dlužen nejste nic a pokud chcete zaslat nějaký dobrovolný příspěvek, klikněte vpravo dole na bublinu "Přispějte....". Má disk správný souborový systém? Pokud ano, spusťte CrystalDoskInfo: https://www.instaluj.cz/crystaldiskinfo a přes Úpravy>Kopírovat sem dejte log. O vámi uvedené chybě není na Googlu prakticky žádné info.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

kompanik
Návštěvník
Návštěvník
Příspěvky: 54
Registrován: 07 říj 2010 03:02

Re: příliv trojanů

#15 Příspěvek od kompanik »

Už jsem zálohu vyřešil.
Našel jsem na YouTube návod, kde je postup že se musí rozšířit oddíl "Rezervováno systémem"
Obrázek
Pak jsem zapnul Historii souborů a udělal zálohu s bitovou kopií.
Vše je ok
Díky moc

Zamčeno