Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware detected. Moc prosím o kontrolu logu.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Hejdys84
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2026 00:23

Malware detected. Moc prosím o kontrolu logu.

#1 Příspěvek od Hejdys84 »

Dobrý den. Moc prosím o kontrolu. Avavst Premium mi nic nedetekuje, nicmíně pocítač se zasekává a vyskakuje okno prohlížeče, ktreré zobrazuje chyby a přítomnost malware. Děkuji


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2026
Ran by hejda (administrator) on HEJDYS (ASUSTeK COMPUTER INC. ASUS TUF Gaming A15 FA506NC_FA506NC) (27-02-2026 23:13:31)
Running from C:\Users\hejda\Desktop\FRST64.exe
Loaded Profiles: hejda
Platform: Microsoft Windows 11 Home Version 25H2 26200.7840 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOSD.exe
(C:\Program Files (x86)\LightingService\LightingService.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe
(C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA App\ShadowPlay\nvsphelper64.exe
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (GN Hearing A/S -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (GN Hearing A/S -> SteelSeries A/S) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\amdow.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.26011.42.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.26011.42.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MobiSystems.MobiOffice_11.30.14900.0_x64__bvgb55c3tfatp\MobiOffice\MobiOffice.ServiceHost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiOffice_11.30.14900.0_x64__bvgb55c3tfatp\MobiOffice\MobiOffice.Notifier.exe
(C:\Program Files\WindowsApps\MobiSystems.MobiPdf_11.30.14900.0_x64__bvgb55c3tfatp\MobiPdf\MobiPDF.ServiceHost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiPdf_11.30.14900.0_x64__bvgb55c3tfatp\MobiPdf\MobiPDF.Notifier.exe
(DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusHotkey.exe
(DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\u0404233.inf_amd64_397a6af4950eb5ee\B402913\atiesrxx.exe ->) (AMD Test Build -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0404233.inf_amd64_397a6af4950eb5ee\B402913\atieclxx.exe
(explorer.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <2>
(explorer.exe ->) (GN Hearing A/S -> SteelSeries A/S) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(services.exe ->) (AMD Test Build -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0404233.inf_amd64_397a6af4950eb5ee\B402913\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\GlideX\GlideXService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\GlideX\GlideXServiceExt.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_1e467870260bcd2f\AsusPTPService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MidiSrv.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\System32\DriverStore\FileRepository\rtkbtfilter.inf_amd64_899e279b64ed2cb5\RtkBtManServ.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_171f1746818db7fd\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a5b5950537cd134e\RtkAudUService64.exe <2>
(sihost.exe ->) (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe <5>
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Copilot_1.25121.84.0_x64__8wekyb3d8bbwe\Copilot.exe
(sihost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiDriveSync_4.2.63704.0_x64__bvgb55c3tfatp\MobiDrive\MobiDrive.exe
(sihost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiDriveSync_4.2.63704.0_x64__bvgb55c3tfatp\MobiDrive\MobiDrive.ServiceHost.exe
(sihost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiOffice_11.30.14900.0_x64__bvgb55c3tfatp\MobiOffice\MobiOffice.ServiceHost.exe
(sihost.exe ->) (MobiSystems, Inc. -> MobiSystems Inc.) C:\Program Files\WindowsApps\MobiSystems.MobiPdf_11.30.14900.0_x64__bvgb55c3tfatp\MobiPdf\MobiPDF.ServiceHost.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <3>
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Display Control\ASUSSmartDisplayControl.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Hotplug Controller\AsHotplugCtrl.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.229.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a5b5950537cd134e\RtkAudUService64.exe [2021320 2024-05-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [20234296 2026-02-24] (GN Hearing A/S -> SteelSeries A/S)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [887976 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
HKLM\...\Run: [Avast Cleanup UI] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [7279840 2026-02-25] (Gen Digital Inc. -> Gen Digital Inc.)
HKLM-x32\...\Run: [ASUS Smart Display Control] => C:\Program Files (x86)\ASUS\ASUS Smart Display Control\ASUSSmartDisplayControl.exe [178840 2024-03-29] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14593584 2026-01-27] (GOG sp. z o.o -> GOG.com)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1008336 2026-02-15] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [5760152 2026-01-21] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2580728 2026-01-27] (Wargaming Group Limited -> Wargaming.net)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3792032 2026-01-27] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [electron.app.Pi Network] => C:\Users\hejda\AppData\Local\Programs\pi-network-desktop\Pi Network.exe [199201592 2025-10-22] (SocialChain Inc -> Socialchain Inc.)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [13001648 2026-02-19] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Run: [MicrosoftEdgeAutoLaunch_E478EAC7BFC67F03F478E5F2D7931491] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4342352 2026-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\H3Blade.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb [2025-08-22]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2026-01-30] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\145.0.7632.117\Installer\chrmstp.exe [2026-02-26] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {410B4D63-12D8-4350-8F4A-E34014E8BDB6} - System32\Tasks\ASUS Hotplug Controller => C:\Program Files\ASUS\ASUS Hotplug Controller\AsHotplugCtrl.exe [208016 2024-04-08] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {F49AB492-642D-4938-B92E-B58FED3359C3} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusHotkey.exe [362032 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {E78D0C8F-6E32-4DF3-9CA8-F54C7208C281} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSoftwareManager\AsusUpdateChecker.exe [846384 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {92D0D783-9E50-4AC0-8238-534D411197DD} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [359784 2024-01-15] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {0F054585-BEFC-4EB3-B450-F416C7F164B9} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1812328 2024-01-15] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {E1B4053E-90F4-4FD6-8B4F-41D7D547725F} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [139091304 2024-04-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {C616FA06-B577-4015-A6D2-7BD478E4EFFA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {719E5C49-92AE-4012-AD17-40F53E10A2E1} - System32\Tasks\ASUSSmartDisplayControl => C:\Program Files (x86)\ASUS\ASUS Smart Display Control\ASUSSmartDisplayControl.exe [178840 2024-03-29] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {3F0AD4E5-9017-4943-AE79-009EA9898A62} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemAnalysis\AsusSystemAnalysis.exe [4471344 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {7BE216B5-A86E-4BB1-8F74-6EFFB6154541} - System32\Tasks\AsusSystemDiagnosis_DriverQuality => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [1598512 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
Task: {D2F02B02-EF68-4CC9-A3E5-C5F8BCE19511} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [9246944 2026-01-27] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {EF303337-1C6B-406A-9311-C51E91FD197D} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [6444768 2026-02-25] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup" --configpath "C:\ProgramData\Avast Software\Cleanup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\Cle (the data entry has 53 more characters).
Task: {F843CAFF-A462-41CA-9A1D-98D1D5A95CE6} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [9246944 2026-02-24] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {E3BEE0EC-9B6C-4B76-9664-5391117857F4} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5623464 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DE7DE9CD-3985-4517-815A-ED744A17135A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2977504 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {403F2053-B32D-4C26-96D1-2A0C891DD2C7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.6{3D6AC326-8B9E-4A63-AA4F-F47507849CAE} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.6\updater.exe [7056536 2026-02-10] (Google LLC -> Google LLC)
Task: {74EC72C1-7449-47F4-88ED-5D38454F3A22} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16258944 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8714EBC2-46D3-44F6-9726-201CE81199BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28625808 2026-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F0424AA-107E-4592-BD32-1DC984AF7721} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [73560 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {972025DF-F308-4E6C-86AD-6E92ACEB9D6D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28625808 2026-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {371A0366-3BFE-4A51-B760-369408FF1D0D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [310128 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {01627922-636F-410F-8C80-5110FDBE412A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [310128 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FE0C2FA-C39B-4AF5-8932-ABEA187A72AF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1346840 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D589F2D-3607-453D-986C-C13CB39BA9D8} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16258944 2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {69091364-5637-4A55-A62E-9C564F622FB2} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3337328 2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7CF7E640-EF7E-4565-954C-215037FBD7D4} - System32\Tasks\OBUpdate => C:\Users\hejda\AppData\Local\OneBrowser\Update\OBUpdateService.exe [3312144 2025-12-07] (WORK PRODUCT, INC. -> WORK PRODUCT, INC.) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1e830ae0-24bc-4813-841d-0138cb78e197}: [DhcpNameServer] 40.54.1.15
Tcpip\..\Interfaces\{1e830ae0-24bc-4813-841d-0138cb78e197}: [DhcpDomain] E3-WDS12.COM
Tcpip\..\Interfaces\{fd519ca8-774d-4d90-a1ae-17f0dd12ef8b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{fd519ca8-774d-4d90-a1ae-17f0dd12ef8b}: [DhcpDomain] home

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2026-01-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-12-07] (Microsoft Corporation -> Microsoft Corporation)

Edge:
=======
Edge Profile: C:\Users\hejda\AppData\Local\Microsoft\Edge\User Data\Default [2026-02-27]
Edge Extension: (Google Docs Offline) - C:\Users\hejda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-26]
Edge Extension: (Edge relevant text changes) - C:\Users\hejda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-08-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default [2026-02-27]
CHR HomePage: Default -> hxxps://thecharitych.com/hp?the=QUMyZGV3cwRUUHZ2AldWcHIEVFx1cAcYVHB0BlBUdD8DU1N0cgBQUHB1TiEkCCJ7NQojAFopLDR7Sx4IHgRADzQMFV4DHS4AcFYRBRB3MSAABmslNgACdwMsAhBiIDoDNHc%3D&source=hj
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.seznam.cz/"
CHR NewTab: Default -> Active:"chrome-extension://jnannpdmmiphnkpaooplhegabbghlplj/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://thecharitych.com/search?the=QUMyZGV3cwRUUHZ2AldWcHIEVFx1cAcYVHB0BlBUdD8DU1N0cgBQUHB1TiEkCCJ7NQojAFopLDR7Sx4IHgRADzQMFV4DHS4AcFYRBRB3MSAABmslNgACdwMsAhBiIDoDNHc%3D&q={searchTerms}&source=hj
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultNewTabURL: Default -> hxxps://thecharitych.com/nt?the=QUMyZGV3cwRUUHZ2AldWcHIEVFx1cAcYVHB0BlBUdD8DU1N0cgBQUHB1TiEkCCJ7NQojAFopLDR7Sx4IHgRADzQMFV4DHS4AcFYRBRB3MSAABmslNgACdwMsAhBiIDoDNHc%3D&source=hj
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command={searchTerms}
CHR Extension: (Google Docs Offline) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-25]
CHR Extension: (SearchProtect) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnannpdmmiphnkpaooplhegabbghlplj [2026-02-08] [UpdateUrl:0] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateControlInterface; C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe [212184 2025-09-01] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe [401880 2024-05-31] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusAppService; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\AsusAppService\AsusAppService.exe [1159216 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusOptimization.exe [642608 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 AsusPTPService; C:\Windows\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_1e467870260bcd2f\AsusPTPService.exe [229840 2024-09-04] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSoftwareManager\AsusSoftwareManager.exe [1410096 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSwitch\AsusSwitch.exe [652848 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemAnalysis\AsusSystemAnalysis.exe [4471344 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [1598512 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7844520 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [1039528 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2635432 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1092776 2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
R2 AvastCleanupSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [21549280 2026-02-25] (Gen Digital Inc. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2026-02-09] (Avast Software s.r.o. -> AVAST Software)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3386064 2026-02-23] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2025-08-25] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13235088 2026-02-14] (Microsoft Corporation -> Microsoft Corporation)
S4 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [39344 2026-02-19] (Docker Inc -> Docker Inc.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [442368 2023-12-17] (DTS, Inc. -> DTS Inc.)
S4 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [20372640 2026-01-27] (Electronic Arts, Inc. -> Electronic Arts)
S4 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [964336 2025-09-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 GalaxyClientService; \\?\C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2443312 2026-01-27] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7657008 2025-08-25] (GOG sp. z o.o -> GOG.com)
R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
R2 GlideXNearService; C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe [1825712 2025-11-13] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 GlideXRemoteService; C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteService.exe [486832 2025-11-12] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 GlideXService; C:\Program Files\ASUS\GlideX\GlideXService.exe [2985904 2025-11-13] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 GlideXServiceExt; C:\Program Files\ASUS\GlideX\GlideXServiceExt.exe [303024 2025-11-13] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [4926312 2024-05-06] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [963968 2026-02-20] (McAfee, LLC -> McAfee, LLC)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpDefenderCoreService.exe [2063376 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_171f1746818db7fd\Display.NvContainer\NVDisplay.Container.exe [1275624 2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [2045400 2024-05-13] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 RtkBtManServ; C:\Windows\System32\DriverStore\FileRepository\rtkbtfilter.inf_amd64_899e279b64ed2cb5\RtkBtManServ.exe [290192 2025-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1587712 2025-03-12] (GN Hearing A/S -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\NisSrv.exe [4426832 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MsMpEng.exe [290704 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrmgr.sys [36040 2024-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0404233.inf_amd64_397a6af4950eb5ee\B402913\amdkmdag.sys [106001688 2024-06-14] (AMD Test Build -> Advanced Micro Devices, Inc.)
R2 amd_dpfc; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_171f1746818db7fd\amd_dpfc.sys [47848 2026-01-22] (NVIDIA Corporation -> Advanced Micro Devices)
R3 AsusPTPDrv; C:\Windows\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_1e467870260bcd2f\AsusPTPFilter.sys [199632 2024-09-04] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSSystemAnalysis\AsusSAIO.sys [51296 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [286816 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [435808 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [304736 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [88160 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [29144 2026-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [32864 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [289888 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [586336 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [97376 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [898656 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [1315424 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [231008 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [404064 2026-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d5b92bc7afd7593a\ASUSOptimization\AsusWmiAcpi.sys [50424 2026-02-05] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [110592 2025-08-19] (Microsoft Corporation) [File not signed]
R0 fse; C:\Windows\System32\drivers\fse.sys [226688 2025-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [333192 2025-11-23] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\Windows\System32\drivers\l1vhlwf.sys [144768 2026-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [303848 2025-12-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_043a02d7d5d8270f\rt68cx21x64.sys [752496 2023-08-16] (Realtek Semiconductor Corp. -> Realtek)
R3 RtkBtFilter2; C:\Windows\System32\DriverStore\FileRepository\rtkbtfilter.inf_amd64_899e279b64ed2cb5\RtkBtFilter2.sys [209640 2025-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43568 2025-12-01] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [45632 2025-12-01] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_d2a852794d8f7bf8\SteelSeries-Sonar-VAD.sys [95912 2025-10-31] (GN Hearing A/S -> Windows (R) Win 7 DDK provider)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [51192 2025-08-19] (OpenVPN Inc. -> The OpenVPN Project)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [98304 2025-08-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [21928 2025-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [635272 2025-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [102792 2025-12-18] (Microsoft Windows -> Microsoft Corporation)
U3 aswArDisk; no ImagePath
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-02-27 23:13 - 2026-02-27 23:14 - 000040889 _____ C:\Users\hejda\Desktop\FRST.txt
2026-02-27 23:11 - 2026-02-27 23:13 - 000000000 ____D C:\FRST
2026-02-27 23:11 - 2026-02-27 23:11 - 002445312 _____ (Farbar) C:\Users\hejda\Desktop\FRST64.exe
2026-02-25 23:09 - 2026-02-25 23:09 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2026-02-25 23:09 - 2026-02-25 23:09 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2026-02-25 23:09 - 2026-02-25 23:09 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2026-02-25 23:09 - 2026-02-25 23:09 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2026-02-25 23:09 - 2026-02-25 23:09 - 000000000 ____D C:\Program Files (x86)\OpenAL
2026-02-25 23:03 - 2026-02-25 23:03 - 000000223 _____ C:\Users\hejda\Desktop\Half-Life Restored.url
2026-02-21 00:04 - 2026-02-27 01:35 - 000000000 ____D C:\Windows\CbsTemp
2026-02-20 23:51 - 2026-02-20 23:51 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2026-02-19 23:06 - 2026-02-10 00:04 - 000323752 _____ (Gen Digital Inc.) C:\Windows\system32\aswBoot.exe
2026-02-19 22:43 - 2026-02-19 22:43 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk
2026-02-19 22:43 - 2026-02-19 22:43 - 000002142 _____ C:\Users\hejda\Desktop\Docker Desktop.lnk
2026-02-19 22:42 - 2026-02-19 22:44 - 000000000 ____D C:\Program Files\Docker
2026-02-19 13:19 - 2026-02-19 13:19 - 000000000 ____D C:\Users\hejda\AppData\Roaming\AsusProArt
2026-02-16 18:26 - 2026-02-16 18:26 - 004896464 _____ (Blizzard Entertainment) C:\Users\hejda\Downloads\Battle.net-Setup.exe
2026-02-12 09:49 - 2026-02-12 09:49 - 000000000 ____D C:\Windows\system32\braille-tables
2026-02-11 18:11 - 2026-02-11 18:14 - 000000000 ___HD C:\$WinREAgent
2026-02-09 23:48 - 2026-02-12 09:50 - 000480856 _____ C:\Windows\system32\FNTCACHE.DAT
2026-02-09 23:37 - 2026-02-09 23:37 - 000002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Cleanup Premium.lnk
2026-02-09 23:37 - 2026-02-09 23:37 - 000002115 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2026-02-09 23:19 - 2026-02-19 23:06 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk
2026-02-09 23:19 - 2026-02-19 23:06 - 000002124 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2026-02-09 23:09 - 2026-02-17 21:54 - 000000000 ____D C:\Users\hejda\AppData\Local\AVAST Software
2026-02-09 23:09 - 2026-02-09 23:37 - 000000000 ____D C:\Users\hejda\AppData\Roaming\Avast Software
2026-02-09 23:09 - 2026-02-09 17:31 - 000056128 _____ (Gen Digital Inc.) C:\Windows\system32\icarus_rvrt.exe
2026-02-09 23:08 - 2026-02-26 23:50 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2026-02-09 23:08 - 2026-02-17 21:54 - 000000000 ____D C:\Program Files\Avast Software
2026-02-09 23:08 - 2026-02-09 23:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2026-02-09 23:08 - 2026-02-09 23:08 - 000000000 ____D C:\Windows\system32\o2
2026-02-09 23:07 - 2026-02-26 23:35 - 000000000 ____D C:\ProgramData\Avast Software
2026-02-09 23:07 - 2026-02-09 23:07 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
2026-02-09 23:07 - 2026-02-09 23:07 - 000249584 _____ (Gen Digital Inc.) C:\Users\hejda\Downloads\avast_free_antivirus_setup_online_85nb.exe
2026-02-05 21:03 - 2026-02-05 21:28 - 000000000 ____D C:\Users\hejda\AppData\Roaming\steelseries-gg-client
2026-02-05 21:01 - 2026-02-05 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2026-02-05 21:00 - 2026-02-05 21:00 - 000000000 ____D C:\ProgramData\SteelSeries
2026-02-05 21:00 - 2026-02-05 21:00 - 000000000 ____D C:\Program Files\SteelSeries
2026-02-05 20:33 - 2026-02-17 21:53 - 000000000 ____D C:\Users\hejda\AppData\Local\PulseSoftware
2026-02-05 18:41 - 2026-02-09 23:38 - 000000000 ____D C:\Users\hejda\AppData\Local\SquirrelTemp
2026-02-05 18:41 - 2026-02-05 18:41 - 000001246 _____ C:\Users\hejda\Desktop\Wand (WeMod).lnk
2026-02-05 18:41 - 2026-02-05 18:41 - 000000000 ____D C:\Users\hejda\AppData\Local\Wand
2026-02-05 18:40 - 2026-02-05 21:02 - 000000000 ____D C:\Users\hejda\AppData\Roaming\Wand
2026-02-05 18:35 - 2026-02-05 18:35 - 000000000 ____D C:\Users\hejda\AppData\Local\FLiNGTrainer
2026-02-04 23:54 - 2026-01-20 14:42 - 000127208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2026-02-04 23:53 - 2026-01-22 00:52 - 002421296 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2026-02-04 23:53 - 2026-01-22 00:52 - 002421296 _____ C:\Windows\system32\vulkaninfo.exe
2026-02-04 23:53 - 2026-01-22 00:52 - 001923120 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2026-02-04 23:53 - 2026-01-22 00:52 - 001923120 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2026-02-04 23:53 - 2026-01-22 00:52 - 001625648 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2026-02-04 23:53 - 2026-01-22 00:52 - 001625648 _____ C:\Windows\system32\vulkan-1.dll
2026-02-04 23:53 - 2026-01-22 00:52 - 001434672 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2026-02-04 23:53 - 2026-01-22 00:52 - 001434672 _____ C:\Windows\SysWOW64\vulkan-1.dll
2026-02-04 23:53 - 2026-01-22 00:52 - 000478952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2026-02-04 23:53 - 2026-01-22 00:52 - 000375016 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2026-02-04 23:53 - 2026-01-22 00:48 - 001344744 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2026-02-04 23:53 - 2026-01-22 00:48 - 000675048 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2026-02-04 23:53 - 2026-01-22 00:48 - 000509160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 027559656 _____ C:\Windows\system32\nvidia-pcc.exe
2026-02-04 23:53 - 2026-01-22 00:47 - 002319080 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 001716968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 001616104 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2026-02-04 23:53 - 2026-01-22 00:47 - 001574632 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 001224936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 001055976 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2026-02-04 23:53 - 2026-01-22 00:47 - 000812264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 022613224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 018277608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 007908072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 005925096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 005687448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 005586664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 004288232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2026-02-04 23:53 - 2026-01-22 00:46 - 000469224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2026-02-04 23:53 - 2026-01-22 00:45 - 004975632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2026-02-04 23:53 - 2026-01-22 00:45 - 000853736 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2026-02-04 23:53 - 2026-01-20 14:42 - 000153562 _____ C:\Windows\system32\nvinfo.pb
2026-02-04 23:52 - 2026-01-16 15:37 - 000161912 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2026-02-04 23:52 - 2026-01-16 15:37 - 000060568 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2026-02-04 22:30 - 2026-02-04 22:30 - 000000000 ____D C:\ProgramData\Jagex

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-02-27 23:11 - 2025-08-19 13:38 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2026-02-27 23:05 - 2025-08-19 14:43 - 000000000 ____D C:\Users\hejda\AppData\Roaming\asus_framework
2026-02-27 23:05 - 2025-03-13 00:24 - 000000000 ____D C:\Windows\system32\ASUSACCI
2026-02-27 23:05 - 2024-05-26 09:14 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-02-27 23:05 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SystemTemp
2026-02-27 23:04 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\AppReadiness
2026-02-27 23:04 - 2024-04-01 07:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-02-27 01:46 - 2026-01-21 16:57 - 000003104 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2026-02-27 01:46 - 2025-12-14 17:57 - 000002904 _____ C:\Windows\system32\Tasks\AsusSystemDiagnosis_DriverQuality
2026-02-27 01:46 - 2025-12-07 16:24 - 000002740 _____ C:\Windows\system32\Tasks\OBUpdate
2026-02-27 01:46 - 2025-09-14 21:39 - 000000000 ____D C:\Users\hejda\AppData\Roaming\Pi Network
2026-02-27 01:46 - 2025-09-08 03:35 - 000003010 _____ C:\Windows\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2026-02-27 01:46 - 2025-08-19 15:10 - 000000000 ____D C:\Users\hejda\AppData\Local\Battle.net
2026-02-27 01:46 - 2025-08-19 14:44 - 000003090 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-1589204013-1864288644-3288743639-1001
2026-02-27 01:46 - 2025-08-19 14:43 - 000003066 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1589204013-1864288644-3288743639-1001
2026-02-27 01:46 - 2025-08-19 14:43 - 000002862 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1589204013-1864288644-3288743639-1001
2026-02-27 01:46 - 2025-03-13 00:24 - 000002552 _____ C:\Windows\system32\Tasks\ASUSSmartDisplayControl
2026-02-27 01:46 - 2025-03-13 00:19 - 000002490 _____ C:\Windows\system32\Tasks\ASUS Hotplug Controller
2026-02-27 01:46 - 2025-03-13 00:13 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1589204013-1864288644-3288743639-500
2026-02-27 01:46 - 2025-03-13 00:13 - 000000000 ____D C:\ProgramData\NVIDIA
2026-02-27 01:46 - 2025-03-13 00:06 - 000003034 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2026-02-27 01:46 - 2024-05-26 09:14 - 000003538 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{0D77E3DA-EDAC-4B78-8B97-3078243A3EB0}
2026-02-27 01:46 - 2024-05-26 09:14 - 000003312 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{04F810C2-61C9-48F3-A74E-6C906168D8E8}
2026-02-26 23:43 - 2025-08-19 14:33 - 000000000 ____D C:\Users\hejda\AppData\Local\D3DSCache
2026-02-26 23:42 - 2025-03-13 00:19 - 000791266 _____ C:\Windows\system32\PerfStringBackup.INI
2026-02-26 23:42 - 2024-04-01 07:24 - 000000000 ____D C:\Windows\INF
2026-02-26 23:35 - 2025-03-13 00:52 - 000011388 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-02-26 23:35 - 2024-05-26 09:14 - 000012288 ___SH C:\DumpStack.log.tmp
2026-02-26 23:35 - 2024-05-26 09:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2026-02-26 23:35 - 2024-04-01 07:21 - 000786432 _____ C:\Windows\system32\config\BBI
2026-02-26 23:06 - 2025-08-19 15:58 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-02-26 23:06 - 2025-08-19 15:58 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2026-02-25 23:35 - 2024-04-01 07:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-02-25 23:32 - 2025-08-19 17:05 - 000000000 ____D C:\Program Files (x86)\Steam
2026-02-22 18:53 - 2025-08-24 19:51 - 000000000 ____D C:\Users\hejda\Documents\OpenTTD
2026-02-22 16:52 - 2024-05-26 09:17 - 000000000 ____D C:\Program Files\Microsoft Office
2026-02-20 23:51 - 2025-08-19 14:33 - 000000000 ____D C:\Users\hejda\AppData\Local\Packages
2026-02-20 23:51 - 2025-03-13 00:10 - 000000000 ____D C:\ProgramData\Packages
2026-02-19 23:06 - 2024-04-01 07:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2026-02-19 23:05 - 2025-08-19 14:33 - 000002354 _____ C:\Users\hejda\Desktop\Microsoft Edge.lnk
2026-02-19 22:44 - 2025-10-13 20:29 - 000000000 ____D C:\ProgramData\DockerDesktop
2026-02-19 22:12 - 2026-01-27 13:51 - 000002630 _____ C:\Users\hejda\Desktop\MobiSlides.lnk
2026-02-19 22:12 - 2026-01-27 13:51 - 000002630 _____ C:\Users\hejda\Desktop\MobiSheets.lnk
2026-02-19 22:12 - 2026-01-27 13:51 - 000002612 _____ C:\Users\hejda\Desktop\MobiDocs.lnk
2026-02-19 22:11 - 2026-01-27 13:50 - 000002572 _____ C:\Users\hejda\Desktop\MobiPDF.lnk
2026-02-17 21:55 - 2025-08-22 09:40 - 000000000 ____D C:\Users\hejda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2026-02-17 21:54 - 2025-03-13 00:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2026-02-17 02:32 - 2025-08-19 14:43 - 000002385 _____ C:\Users\hejda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-02-15 20:37 - 2025-08-19 15:10 - 000000000 ____D C:\Program Files (x86)\Battle.net
2026-02-15 15:51 - 2025-08-19 14:30 - 000000000 ___SD C:\Users\hejda\AppData\Roaming\Microsoft\Protect
2026-02-12 19:05 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
2026-02-12 09:51 - 2025-03-13 00:19 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2026-02-12 09:49 - 2025-12-10 10:12 - 000000000 ____D C:\Windows\system32\NarratorMCAT
2026-02-12 09:49 - 2025-03-13 01:03 - 000000000 ____D C:\Windows\InboxApps
2026-02-12 09:49 - 2024-05-26 09:54 - 000000000 ____D C:\Windows\en-GB
2026-02-12 09:49 - 2024-04-01 08:08 - 000000000 ____D C:\Windows\system32\OpenSSH
2026-02-12 09:49 - 2024-04-01 08:08 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ___SD C:\Windows\system32\F12
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\WUModels
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\UUS
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\SystemResources
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\setup
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\oobe
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\migwiz
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\km-KH
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\Dism
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\system32\DDFs
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\ShellExperiences
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\ShellComponents
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\Provisioning
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\BrowserCore
2026-02-12 09:49 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\bcastdvr
2026-02-12 09:49 - 2024-04-01 07:21 - 000000000 ____D C:\Windows\servicing
2026-02-12 09:48 - 2024-05-26 09:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2026-02-12 06:52 - 2024-04-01 07:26 - 000000000 ____D C:\Windows\LiveKernelReports
2026-02-11 20:31 - 2025-08-19 14:51 - 000000000 ____D C:\Users\hejda\AppData\Local\CrashDumps
2026-02-11 18:10 - 2024-05-26 09:16 - 003276288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2026-02-11 18:07 - 2025-08-19 20:11 - 000000000 ____D C:\Windows\system32\MRT
2026-02-11 18:05 - 2025-08-19 20:11 - 221154392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2026-02-09 23:42 - 2025-12-07 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 3 Arena Demo
2026-02-09 23:42 - 2025-08-22 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 3 Complete [GOG.com]
2026-02-09 23:38 - 2025-10-05 19:17 - 000000000 ____D C:\Users\hejda\Documents\Rise of the Tomb Raider
2026-02-09 23:38 - 2025-09-08 15:24 - 000000000 ____D C:\Users\hejda\AppData\Roaming\EasyAntiCheat
2026-02-09 23:38 - 2025-08-29 00:31 - 000000000 ____D C:\Users\hejda\Documents\Euro Truck Simulator 2
2026-02-09 23:38 - 2025-03-13 00:35 - 000000000 ____D C:\Windows\Minidump
2026-02-09 23:38 - 2024-05-26 09:53 - 000000000 ____D C:\Windows\Panther
2026-02-05 16:31 - 2025-08-19 14:33 - 000000000 ____D C:\Users\hejda\AppData\Local\AMD
2026-02-05 01:57 - 2025-08-19 14:32 - 000000000 ____D C:\Users\hejda\AppData\Local\PlaceholderTileLogoFolder
2026-02-05 00:50 - 2025-08-19 14:43 - 000000000 ____D C:\Users\hejda\AppData\Local\NVIDIA Corporation
2026-02-05 00:45 - 2025-08-19 17:12 - 000000000 ____D C:\Users\hejda\AppData\Local\NVIDIA
2026-02-05 00:05 - 2025-12-07 16:24 - 000000000 ____D C:\Users\hejda\AppData\Roaming\pdf-proton-nativefier-72c1c6
2026-02-04 23:56 - 2025-03-13 00:13 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2026-02-04 23:52 - 2025-09-08 03:42 - 000001436 _____ C:\Users\Public\Desktop\NVIDIA App.lnk
2026-02-04 23:52 - 2025-03-13 00:14 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2026-02-04 23:40 - 2025-08-19 14:43 - 000000000 ___RD C:\Users\hejda\OneDrive

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119810
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware detected. Moc prosím o kontrolu logu.

#2 Příspěvek od Rudy »

Zdravím!
Přidejte ještě log Addition. Je na ploše v souboru addition.txt. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Hejdys84
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2026 00:23

Re: Malware detected. Moc prosím o kontrolu logu.

#3 Příspěvek od Hejdys84 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by hejda (27-02-2026 23:14:40)
Running from C:\Users\hejda\Desktop
Microsoft Windows 11 Home Version 25H2 26200.7840 (X64) (2025-03-13 00:47:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1589204013-1864288644-3288743639-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-1589204013-1864288644-3288743639-503 - Limited - Disabled)
Guest (S-1-5-21-1589204013-1864288644-3288743639-501 - Limited - Disabled)
hejda (S-1-5-21-1589204013-1864288644-3288743639-1001 - Administrators - Enabled) => C:\Users\hejda
WDAGUtilityAccount (S-1-5-21-1589204013-1864288644-3288743639-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ARMOURY CRATE Service (HKLM\...\{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 5.9.3 - ASUS)
ASUS Aac_GmAcc HAL (HKLM\...\{998249B1-6913-447E-AA37-F445B8CA33D0}) (Version: 1.0.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_GmAcc HAL (HKLM-x32\...\{c3219916-0c5a-483c-8b38-bdd71cf96365}) (Version: 1.0.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.5.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{0ca47681-d391-4e38-9ba6-08f1610a6fa7}) (Version: 2.5.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM\...\{882FD779-4E7C-41FB-9608-37E1C446B688}) (Version: 5.4.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM-x32\...\{59619f05-1630-4088-bdcb-20b479b719ed}) (Version: 5.4.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.44 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.1.1.5 - ASUSTeK Computer Inc.)
ASUS Hotplug Controller (HKLM\...\{167A9DAC-ED7E-42CC-9A58-9E7A0C24B91F}) (Version: 3.0.0 - ASUS)
ASUS Keyboard HAL (HKLM\...\{AF92E89C-547B-4043-9298-0BAABD1F70EA}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{6df9a8c3-1f55-4422-ac64-4cd95989a3cf}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM\...\{B10F0624-60C6-4527-9CD8-C677A7B3A545}) (Version: 1.2.0.84 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{7e046d7d-3f14-423f-b793-0cbc7def52ef}) (Version: 1.2.0.84 - ASUSTek COMPUTER INC.) Hidden
ASUS Smart Display Control (HKLM-x32\...\{8714A8D1-0F08-4681-9DF6-A8C4607A58B4}) (Version: 2.10.0 - ASUSTek COMPUTER INC.)
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.44 - ASUSTek COMPUTER INC.)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.44 - ASUSTek COMPUTER INC.)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.47 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{89094680-522b-4a33-8ec5-c138926a56a5}) (Version: 3.07.47 - ASUSTeK Computer Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 26.3.18484.22892 - Gen Digital Inc.)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 26.1.10738.3400 - Gen Digital Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1995.6 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Desperados 3 (HKLM-x32\...\1914500649_is1) (Version: 1.7 - GOG.com)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo IV (HKLM-x32\...\Diablo IV) (Version: - Blizzard Entertainment)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.61.0 - Docker Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.631.0.6144 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{a5316e04-4f57-44b2-bc29-c4e58fa0fea1}) (Version: 13.631.0.6144 - Electronic Arts)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
GlideX Service Installer (HKLM\...\{A06BDD76-D95C-4AC7-A0DA-73971F366D9B}) (Version: 3.8.7.0 - ASUSTeK COMPUTER INC.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.94.27 - GOG.com)
Google Chrome (HKLM\...\{0BC7BD0C-157D-3A5B-B003-0B191F21044E}) (Version: 145.0.7632.117 - Google LLC)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\1207658787_is1) (Version: 4.0 (3.2) GOG 0.1 - GOG.com)
Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA + HD_is1) (Version: 1.7.3 - HotA Crew)
HoMM III Compatibility Database (HKLM\...\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb) (Version: - )
Mafia II Definitive Edition (HKLM-x32\...\1449710114_is1) (Version: 1.0 - GOG.com)
Mafia: Definitive Edition (HKLM-x32\...\1993581340_is1) (Version: 1.0.3 GOG v2 - GOG.com)
Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM-x32\...\{2a8d0f2b-911b-4b58-8252-46b29e7a4590}) (Version: 6.0.16.32323 - Microsoft Corporation)
Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.19628.20214 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 145.0.3800.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 145.0.3800.82 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\OneDriveSetup.exe) (Version: 26.017.0126.0002 - Microsoft Corporation)
Microsoft OneNote - en-gb (HKLM\...\OneNoteFreeRetail - en-gb) (Version: 16.0.19628.20214 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
NVIDIA App 11.0.6.383 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.6.383 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.11821.36727370 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11821.36727370 - NVIDIA Corporation)
NVIDIA Graphics Driver 591.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 591.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.5.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.5.7 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19628.20214 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
OneBrowser (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\OneBrowser) (Version: 137.0.7151.69 - OneBrowser) <==== ATTENTION
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pi Network 0.5.4 (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\375fce00-6280-59a8-8dfe-c557d5fd3e90) (Version: 0.5.4 - Socialchain Inc.)
Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version: - )
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.4.7.0 - ASUSTek COMPUTER INC.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Hunters (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\415390742) (Version: - Wargaming.net)
SteelSeries GG 105.0.0 (HKLM\...\SteelSeries GG) (Version: 105.0.0 - SteelSeries ApS)
Wand (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Wand) (Version: 12.10.1 - WeMod)
Wargaming.net Game Center (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Wargaming.net Game Center) (Version: 25.7.0.1174 - Wargaming.net)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1088 - McAfee, LLC)
Windows Subsystem for Linux (HKLM\...\{8705254B-3AE0-4CFA-93D5-F71DCDE9ED2B}) (Version: 2.6.1.0 - Microsoft Corporation) Hidden
World of Tanks EU (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\2314027414) (Version: - Wargaming.net)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m [2025-08-19] (Advanced Micro Devices Inc.) [Startup Task]
Armoury Crate -> C:\Program Files\ASUS\AacAmbientHal [2025-08-20] (Sparse Package)
Armoury Crate -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_6.4.7.0_x64__qmba6cd70vzyy [2026-02-01] (ASUSTeK COMPUTER INC.)
ASUS GlideX -> C:\Program Files\WindowsApps\B9ECED6F.Glidex_4.0.10.0_x64__qmba6cd70vzyy [2026-02-24] (ASUSTeK COMPUTER INC.)
ChatGPT -> C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0 [2026-02-13] (OpenAI) [Startup Task]
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.19.0_x64__t5j2fzbtdg37r [2026-01-16] (DTS, Inc.)
Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2026-02-22] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-08-19] (Microsoft Corp.)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2026-02-22] ()
MobiDrive -> C:\Program Files\WindowsApps\MobiSystems.MobiDriveSync_4.2.63704.0_x64__bvgb55c3tfatp [2026-01-27] (MobiSystems) [Startup Task]
MobiOffice -> C:\Program Files\WindowsApps\MobiSystems.MobiOffice_11.30.14900.0_x64__bvgb55c3tfatp [2026-02-19] () [Startup Task]
MobiPDF - Edit, View, Fill, Sign & Convert PDFs -> C:\Program Files\WindowsApps\MobiSystems.MobiPdf_11.30.14900.0_x64__bvgb55c3tfatp [2026-02-19] () [Startup Task]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy [2026-02-25] (ASUSTeK COMPUTER INC.) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-06] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2026-02-22] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.330.0_x64__dt26b99r8h8gj [2025-03-13] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0 [2026-02-13] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2025-03-13] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{545E2FA6-A703-4B18-BCBA-6722371B26DA} -> [Galaxy S25 Ultra] => C:\Users\hejda\CrossDevice\Galaxy S25 Ultra [2025-08-22 09:03]
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{6CC580B0-9BA7-4BE5-B9AB-D438D11CFCED} -> [MobiDrive] => D:\Documents\MobiDrive [2026-02-04 13:54]
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{92a10339-c580-dfd8-94c3-030311ba18f4}\localserver32 -> C:\ProgramData\ASUS\AsusSurvey\AsusSurvey.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers5: [NvAppDesktopContext] -> {F2E8B4A1-9C7D-4F6E-B3A5-8D2C1F4E9B7A} => C:\Program Files\NVIDIA Corporation\NVIDIA App\NvCpl\nvui.dll [2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_171f1746818db7fd\nvshext.dll [2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [MidisrvTransferComplete] => 1
HKLM\...\Drivers32: [midi1] => C:\Windows\system32\wdmaud2.drv [126976 2026-02-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\wdmaud2.drv [78848 2026-02-11] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2025-03-13 00:21 - 2024-04-17 14:03 - 000443392 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2025-03-13 00:21 - 2024-04-08 11:31 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2026-02-04 23:52 - 2026-02-04 23:52 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA App\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\plugins\NVIDIA Overlay\MessageBusRouter.dll
2025-09-08 03:35 - 2026-02-04 23:52 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2026-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-04-01 07:26 - 2025-10-13 20:31 - 000001056 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.157 host.docker.internal
192.168.1.157 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

2025-10-13 20:36 - 2025-12-08 19:44 - 000000433 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.22.96.1 Hejdys.mshome.net # 2030 12 6 7 19 44 47 87

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.254
Windows Firewall is enabled.

Network Binding:
=============
WiFi: Realtek 8852BE Wireless LAN WiFi 6 PCI-E NIC -> rtwlane601.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys

vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hejda\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\6125478849779484494\134167071954378240.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E478EAC7BFC67F03F478E5F2D7931491"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "electron.app.Pi Network"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7877DDAC-A98B-49AB-BA8E-67B50AB8EBD4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{6A321DC3-BB69-481F-9B81-0AF0916DA6A1}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{07AB0667-96CA-4021-AF04-C56897D6E601}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{BB3235B9-88B2-498A-8AA8-721D1320F775}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{96B33890-3165-466B-9D6F-D29FF38C5DAF}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{7CE20F88-112E-40EF-912F-426141421CDF}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{252745EB-817B-4FD8-A160-DA953FFCE44E}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{E6E3B5B4-CE96-4BCA-B567-822FE3EFBA45}] => (Allow) C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{D0CC5565-E3C4-4518-9DF9-83F3FE2319BD}] => (Allow) C:\program files\asus\aacambienthal\aacambientlighting.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [TCP Query User{89ED0206-1BE9-4575-8E82-35E89263E866}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{BA4E7E9D-A170-41FC-A8AF-2DE36540D076}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{20B400F7-1217-47BA-8716-1B8272C016C6}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{E7009F3E-3EAA-43D1-B988-FE15608BCAD8}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{030EA5D9-2AE5-420D-BA82-F063CBFA1BD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77574E1A-27EE-4799-BE6C-BD7ADB3013B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{10AA2C6F-CAD6-40E0-837E-C557F7C41810}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{1FA9AEFE-8C4A-498B-B7F8-DE34FAD0F0B7}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [TCP Query User{71DA0D74-CC72-4BE4-8A3D-8F8AE39D6822}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5FCD15FA-67C1-478D-AA50-8539D1986A58}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{19CEEDC3-7FA4-4784-8118-6B0E17A74FD3}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{AD4C37B9-CB6D-433D-AE43-D78D04D2ABA1}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{B4E14E29-DEF4-4B4F-886F-332A5E1A8DBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C3733682-C70E-47FE-B0F2-63DA12608960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{EDB2B0D6-3D09-42DB-9380-187C1868CCAD}] => (Allow) D:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution Ltd -> OpenTTD Development Team)
FirewallRules: [{0089A2F8-7A0C-4BCD-8BBF-DF00DB669B94}] => (Allow) D:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution Ltd -> OpenTTD Development Team)
FirewallRules: [TCP Query User{85874381-EA21-4BA8-91F3-0F009D3CBC92}D:\games\diablo iv\diablo iv.exe] => (Allow) D:\games\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB9945C9-B898-42ED-AE7C-972D9D905551}D:\games\diablo iv\diablo iv.exe] => (Allow) D:\games\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0AC18417-314C-43BE-890D-236490CF5EEE}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{18784171-23D7-421C-BA5E-A8749E4E5AF4}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{26F4886F-33D7-434D-9A23-5785B5ED604A}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{36A03FF3-CF0D-46DF-A643-F913ECF3F5EA}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{678C83E6-240E-4624-8F82-79DAF64A729F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{A8DC3632-5DF6-4666-9333-D8222584D5E0}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{B3CAC433-9A90-47A7-971C-24B646F4A1C7}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{72DEBAF0-689D-476C-9481-04FF9A4E19BB}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [{64B2869A-5786-45E9-A0C1-82C57AC83E31}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3BAE1ABE-0418-4229-BDC7-50A1BE57CDAF}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7610F4BD-C4AE-4A4F-91A9-7A3F86D62B88}D:\games\starcraft\x86_64\starcraft.exe] => (Allow) D:\games\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{85E9337E-8FEA-40FF-8BFD-799790677E0F}D:\games\starcraft\x86_64\starcraft.exe] => (Allow) D:\games\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{4607A939-F8BD-4702-832A-EF2931DD75A9}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E10DEFA4-5835-4CE1-9D52-DEF6C7123182}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{406B75ED-88BE-4788-99E6-88685412B6B0}] => (Allow) D:\SteamLibrary\steamapps\common\MTGA\MTGA.exe () [File not signed]
FirewallRules: [{66ADFD22-9719-4E12-824A-68BBB3D7F5D4}] => (Allow) D:\SteamLibrary\steamapps\common\MTGA\MTGA.exe () [File not signed]
FirewallRules: [TCP Query User{B2989826-12C9-49E2-9E57-F997A16B9210}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3A4CC814-F9BD-43AC-9443-D764D5BADD91}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0BDD9C84-6C46-4BEB-88A1-E5E48FE06C78}] => (Allow) D:\SteamLibrary\steamapps\common\Conflict of Nations\Conflict of Nations.exe (Bytro Labs GmbH) [File not signed]
FirewallRules: [{4FED95C1-EFE9-4E5E-9F0F-6DFAEE35397A}] => (Allow) D:\SteamLibrary\steamapps\common\Conflict of Nations\Conflict of Nations.exe (Bytro Labs GmbH) [File not signed]
FirewallRules: [{64AF8CB8-6A58-4865-AA17-4B1D8651CC21}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EF3A10CD-78E8-4723-AB43-AB9B561CDD3A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5833E5FB-BD7E-41CC-873C-E0590FCE9B23}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{21F619D9-6989-4B7E-8A73-8F1C8D06AE10}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A14EEE7C-D48F-4B0B-8C8F-FE1C2922DC63}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A519E2A1-174A-4121-8571-A2FC30F16409}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{199D7C13-2E7B-41A2-AEF8-F2C1B59009A5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D56CD330-F46B-46AE-A158-324995891BFC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F26E121C-B051-48EE-9F17-9B3B2118CB78}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D1B6B7CE-BA18-46D4-A6F1-5F4C33B6EED1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{BEEB9905-0323-4B51-91AD-C14C549752D3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{061B8C01-64FE-4C27-B495-DC9F713C33BF}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{DB5B45C7-ECBA-404A-9E01-48F3DA777ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [TCP Query User{4AE84827-8928-4346-AC19-165978CCA71B}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C01073CE-7310-47F6-9D9F-612ACBD38CA4}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [{3F55BA54-4CCF-4613-90B5-AEA5AE261A06}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic Olden Era Demo\HeroesOE.exe () [File not signed]
FirewallRules: [{7A1CE8AF-CA39-4097-A7A0-23204642DD01}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic Olden Era Demo\HeroesOE.exe () [File not signed]
FirewallRules: [TCP Query User{7E3E1343-4664-49FD-8260-965E6A26A4D4}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [UDP Query User{1B9B624E-10D8-4490-AD1A-864F3AC1D74C}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [TCP Query User{244A2A3A-7396-4877-9D1A-38EE5A91EB5E}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [UDP Query User{6980A89D-029B-4936-AA9E-4E07D1DA3FE8}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [TCP Query User{742A78B5-6C96-4EBE-8073-7B6B129502FE}D:\quake3.exe] => (Allow) D:\quake3.exe () [File not signed]
FirewallRules: [UDP Query User{1614ED3B-BD04-4527-8486-9F924425818B}D:\quake3.exe] => (Allow) D:\quake3.exe () [File not signed]
FirewallRules: [TCP Query User{A4E7D63F-BC9A-4A91-8340-F4B18D11DA02}D:\games\starcraft ii\versions\base95841\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95841\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{0AEFC662-B3B2-40D0-A10C-95001FF13DFF}D:\games\starcraft ii\versions\base95841\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95841\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{3659A531-DAA4-46EC-AECD-36C5181AA432}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{69D8A08C-9C59-4237-AE55-547D83AFE464}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8D0BE164-A438-4F55-92A9-0F9948BAAAB9}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{B3D5CC6D-2F6B-4DBA-89B7-D204640C06D0}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [TCP Query User{9139277C-BA80-4364-B5D3-C2D94351AF56}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{2C9625E7-643A-4E1F-8D7F-E11904F3AB9F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [{80C48AA0-A753-4CA4-9E4F-AAD8CBA7A10D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{6C02BB8C-0E11-4AE1-8901-02D536189C15}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{97688777-F434-4ABF-8B58-E648F33C79FC}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8699C4B8-2D8C-43BE-B80B-3C7586D92DB8}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8A782C35-6DAA-486E-AB3E-56ABF296BD6A}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{F57CDAC7-CF04-45FE-B598-2B9950A544FA}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{3F488EAF-FB2E-411E-90B6-7C18A4BD182E}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{0B66B9B4-2A90-413D-87C1-601DE5ACAB05}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{1EFBC696-2DBE-4010-8D45-66308296BB62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3D09E45C-ABF1-4F05-B47F-0FFA6A1EF614}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0C889360-3066-4BC4-8433-381F80968263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0DCFFDDF-663E-4C06-9356-F8B7B607C844}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{90975A00-3AAA-4317-B5FE-F618F0CBC5FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5EDCAC89-8CAD-4C69-8292-B4861FCFB6EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8A3D8C6-305C-4937-8F06-9ED9F8084867}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{23668B66-02C0-435A-980F-63FA54CE5504}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6C8B3715-CA1F-40CA-BC97-4CCB67249AEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0F152092-BBAA-4F6F-99A6-8541E911A858}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7930EFE0-3DD7-4215-926B-7F53D6C988A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7425783E-C139-48F0-BDB3-33F7729C04D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FA7B837A-5612-4457-8BE3-2DEE4EB978B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AF3BD263-486A-419E-BB13-1D37353F4012}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life Restored\restored.exe () [File not signed]
FirewallRules: [{A0A9B1D4-1646-4E97-992F-35DED80663D8}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life Restored\restored.exe () [File not signed]
FirewallRules: [{0880E82E-FE63-436F-B513-DD50099DAF80}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{CBCDD41B-5199-4F14-82DE-3CC14D6A6AC4}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{F357D94B-1BE9-437F-A523-38369343CEA0}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{811E8FF4-16A9-4901-BF66-ADF58D876455}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{7B0175A4-2B12-430B-8E3E-856CABB1CE61}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{075B3257-0998-48C2-B3CB-9CEEE791705E}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{7C6D50BD-069F-42DA-A7F8-45EA89BB68AA}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXService.exe (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
FirewallRules: [{7F6668AD-669D-49FB-936A-ADF7087FAE3A}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:447.58 GB) (Free:231.7 GB) (52%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Hejdys.local already in use; will try Hejdys-2.local instead

Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hejdys.local. Addr 192.168.1.157

Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.157:5353 16 Hejdys.local. AAAA 2A00:23C4:D11C:5201:CEC3:4EFE:624D:B0D8

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Hejdys.local already in use; will try Hejdys-2.local instead

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Hejdys.local. Addr 192.168.1.157

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.157:5353 16 Hejdys.local. AAAA 2A00:23C4:D11C:5201:CEC3:4EFE:624D:B0D8

Error: (02/19/2026 10:10:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (02/19/2026 10:10:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..


System errors:
=============
Error: (02/27/2026 11:04:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {c7f32355-3baa-4879-a0a8-be7d19079dec}, had event 74

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {740FE937-01F7-4482-AA62-C83F0AD3D6D0} did not register with DCOM within the required timeout.

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.

Error: (02/26/2026 11:40:44 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY)
Description: Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends International, LLC.;FirmwareVersion:FA506NC.308;OEMModelBaseBoard:FA506NC;OEMManufacturerName:ASUSTeK COMPUTER INC.;OSArchitecture:amd64;
BucketId: 023969b791ef4626fa6a492cdad583ffebb403b91978a8abfaaf032a7f73a02b
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

Error: (02/26/2026 11:35:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.

Error: (02/26/2026 11:34:50 PM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/26/2026 11:34:50 PM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2026-02-08 15:57:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-02-07 15:31:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-02-06 15:44:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown

Date: 2026-02-04 23:49:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/SparkOnSoft!AMTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hejda\Downloads\cleareditpdf_593524.exe; file:_C:\Users\hejda\Downloads\cleareditpdf_984946.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.443.1000.0, AS: 1.443.1000.0, NIS: 1.443.1000.0
Engine Version: AM: 1.1.25110.1, NIS: 1.1.25110.1

Date: 2026-02-04 23:49:27
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/SparkOnSoft!AMTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hejda\Downloads\cleareditpdf_593524.exe; file:_C:\Users\hejda\Downloads\cleareditpdf_984946.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.443.1000.0, AS: 1.443.1000.0, NIS: 1.443.1000.0
Engine Version: AM: 1.1.25110.1, NIS: 1.1.25110.1

CodeIntegrity:
===============
Date: 2026-02-23 23:09:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-11-17 20:00:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\wps\1.34.154.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

Date: 2025-11-17 19:59:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\wps\1.34.154.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. FA506NC.308 01/08/2025
Motherboard: ASUSTeK COMPUTER INC. FA506NC
Processor: AMD Ryzen 5 7535HS with Radeon Graphics
Percentage of memory in use: 23%
Total physical RAM: 64840.25 MB
Available physical RAM: 49419.41 MB
Total Virtual: 68936.25 MB
Available Virtual: 49891.65 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:447.58 GB) (Free:231.7 GB) (Model: WD PC SN5000S SDEQNSJ-512G-1002) (Protected) NTFS
Drive d: (Samsung) (Fixed) (Total:3725.73 GB) (Free:3101.2 GB) (Model: Microsoft Storage Space Device) (Protected) NTFS

\\?\Volume{b4cad33f-6956-4e07-a765-6433638d4805}\ (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.06 GB) NTFS
\\?\Volume{1e75c4b2-5ccb-42b2-a04b-d7f061dbf8f4}\ (RESTORE) (Fixed) (Total:28 GB) (Free:9.31 GB) NTFS
\\?\Volume{b5b6a590-29f2-475b-ae4b-49915211f235}\ (MYASUS) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{79ac1d17-d260-4c78-af89-fe3d612c135a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 53E7ED41)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 3725.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Hejdys84
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2026 00:23

Re: Malware detected. Moc prosím o kontrolu logu.

#4 Příspěvek od Hejdys84 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by hejda (27-02-2026 23:14:40)
Running from C:\Users\hejda\Desktop
Microsoft Windows 11 Home Version 25H2 26200.7840 (X64) (2025-03-13 00:47:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1589204013-1864288644-3288743639-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-1589204013-1864288644-3288743639-503 - Limited - Disabled)
Guest (S-1-5-21-1589204013-1864288644-3288743639-501 - Limited - Disabled)
hejda (S-1-5-21-1589204013-1864288644-3288743639-1001 - Administrators - Enabled) => C:\Users\hejda
WDAGUtilityAccount (S-1-5-21-1589204013-1864288644-3288743639-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ARMOURY CRATE Service (HKLM\...\{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 5.9.3 - ASUS)
ASUS Aac_GmAcc HAL (HKLM\...\{998249B1-6913-447E-AA37-F445B8CA33D0}) (Version: 1.0.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_GmAcc HAL (HKLM-x32\...\{c3219916-0c5a-483c-8b38-bdd71cf96365}) (Version: 1.0.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.5.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{0ca47681-d391-4e38-9ba6-08f1610a6fa7}) (Version: 2.5.40.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM\...\{882FD779-4E7C-41FB-9608-37E1C446B688}) (Version: 5.4.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM-x32\...\{59619f05-1630-4088-bdcb-20b479b719ed}) (Version: 5.4.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.44 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{339A6383-7862-46DA-8A9D-E84180EF9424}) (Version: 4.1.1.5 - ASUSTeK Computer Inc.)
ASUS Hotplug Controller (HKLM\...\{167A9DAC-ED7E-42CC-9A58-9E7A0C24B91F}) (Version: 3.0.0 - ASUS)
ASUS Keyboard HAL (HKLM\...\{AF92E89C-547B-4043-9298-0BAABD1F70EA}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{6df9a8c3-1f55-4422-ac64-4cd95989a3cf}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM\...\{B10F0624-60C6-4527-9CD8-C677A7B3A545}) (Version: 1.2.0.84 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{7e046d7d-3f14-423f-b793-0cbc7def52ef}) (Version: 1.2.0.84 - ASUSTek COMPUTER INC.) Hidden
ASUS Smart Display Control (HKLM-x32\...\{8714A8D1-0F08-4681-9DF6-A8C4607A58B4}) (Version: 2.10.0 - ASUSTek COMPUTER INC.)
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.44 - ASUSTek COMPUTER INC.)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.44 - ASUSTek COMPUTER INC.)
AURA Service (HKLM-x32\...\{56EEEF7D-0AE3-401A-898B-581719D005AE}) (Version: 3.07.47 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{89094680-522b-4a33-8ec5-c138926a56a5}) (Version: 3.07.47 - ASUSTeK Computer Inc.)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 26.3.18484.22892 - Gen Digital Inc.)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 26.1.10738.3400 - Gen Digital Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1995.6 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Desperados 3 (HKLM-x32\...\1914500649_is1) (Version: 1.7 - GOG.com)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo IV (HKLM-x32\...\Diablo IV) (Version: - Blizzard Entertainment)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.61.0 - Docker Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.631.0.6144 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{a5316e04-4f57-44b2-bc29-c4e58fa0fea1}) (Version: 13.631.0.6144 - Electronic Arts)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
GlideX Service Installer (HKLM\...\{A06BDD76-D95C-4AC7-A0DA-73971F366D9B}) (Version: 3.8.7.0 - ASUSTeK COMPUTER INC.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.94.27 - GOG.com)
Google Chrome (HKLM\...\{0BC7BD0C-157D-3A5B-B003-0B191F21044E}) (Version: 145.0.7632.117 - Google LLC)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\1207658787_is1) (Version: 4.0 (3.2) GOG 0.1 - GOG.com)
Heroes of Might and Magic® III: Horn of the Abyss (HKLM-x32\...\HotA + HD_is1) (Version: 1.7.3 - HotA Crew)
HoMM III Compatibility Database (HKLM\...\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb) (Version: - )
Mafia II Definitive Edition (HKLM-x32\...\1449710114_is1) (Version: 1.0 - GOG.com)
Mafia: Definitive Edition (HKLM-x32\...\1993581340_is1) (Version: 1.0.3 GOG v2 - GOG.com)
Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM-x32\...\{2a8d0f2b-911b-4b58-8252-46b29e7a4590}) (Version: 6.0.16.32323 - Microsoft Corporation)
Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.19628.20214 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 145.0.3800.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 145.0.3800.82 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\OneDriveSetup.exe) (Version: 26.017.0126.0002 - Microsoft Corporation)
Microsoft OneNote - en-gb (HKLM\...\OneNoteFreeRetail - en-gb) (Version: 16.0.19628.20214 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
NVIDIA App 11.0.6.383 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.6.383 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.11821.36727370 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11821.36727370 - NVIDIA Corporation)
NVIDIA Graphics Driver 591.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 591.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.5.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.5.7 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19628.20214 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
OneBrowser (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\OneBrowser) (Version: 137.0.7151.69 - OneBrowser) <==== ATTENTION
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pi Network 0.5.4 (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\375fce00-6280-59a8-8dfe-c557d5fd3e90) (Version: 0.5.4 - Socialchain Inc.)
Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version: - )
ROG Live Service (HKLM\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 2.4.7.0 - ASUSTek COMPUTER INC.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steel Hunters (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\415390742) (Version: - Wargaming.net)
SteelSeries GG 105.0.0 (HKLM\...\SteelSeries GG) (Version: 105.0.0 - SteelSeries ApS)
Wand (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Wand) (Version: 12.10.1 - WeMod)
Wargaming.net Game Center (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\Wargaming.net Game Center) (Version: 25.7.0.1174 - Wargaming.net)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1088 - McAfee, LLC)
Windows Subsystem for Linux (HKLM\...\{8705254B-3AE0-4CFA-93D5-F71DCDE9ED2B}) (Version: 2.6.1.0 - Microsoft Corporation) Hidden
World of Tanks EU (HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\2314027414) (Version: - Wargaming.net)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m [2025-08-19] (Advanced Micro Devices Inc.) [Startup Task]
Armoury Crate -> C:\Program Files\ASUS\AacAmbientHal [2025-08-20] (Sparse Package)
Armoury Crate -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_6.4.7.0_x64__qmba6cd70vzyy [2026-02-01] (ASUSTeK COMPUTER INC.)
ASUS GlideX -> C:\Program Files\WindowsApps\B9ECED6F.Glidex_4.0.10.0_x64__qmba6cd70vzyy [2026-02-24] (ASUSTeK COMPUTER INC.)
ChatGPT -> C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0 [2026-02-13] (OpenAI) [Startup Task]
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.19.0_x64__t5j2fzbtdg37r [2026-01-16] (DTS, Inc.)
Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2026-02-22] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-08-19] (Microsoft Corp.)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2026-02-22] ()
MobiDrive -> C:\Program Files\WindowsApps\MobiSystems.MobiDriveSync_4.2.63704.0_x64__bvgb55c3tfatp [2026-01-27] (MobiSystems) [Startup Task]
MobiOffice -> C:\Program Files\WindowsApps\MobiSystems.MobiOffice_11.30.14900.0_x64__bvgb55c3tfatp [2026-02-19] () [Startup Task]
MobiPDF - Edit, View, Fill, Sign & Convert PDFs -> C:\Program Files\WindowsApps\MobiSystems.MobiPdf_11.30.14900.0_x64__bvgb55c3tfatp [2026-02-19] () [Startup Task]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy [2026-02-25] (ASUSTeK COMPUTER INC.) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-06] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2026-02-22] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.330.0_x64__dt26b99r8h8gj [2025-03-13] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0 [2026-02-13] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2025-03-13] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2025-03-13] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{545E2FA6-A703-4B18-BCBA-6722371B26DA} -> [Galaxy S25 Ultra] => C:\Users\hejda\CrossDevice\Galaxy S25 Ultra [2025-08-22 09:03]
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{6CC580B0-9BA7-4BE5-B9AB-D438D11CFCED} -> [MobiDrive] => D:\Documents\MobiDrive [2026-02-04 13:54]
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{92a10339-c580-dfd8-94c3-030311ba18f4}\localserver32 -> C:\ProgramData\ASUS\AsusSurvey\AsusSurvey.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
CustomCLSID: HKU\S-1-5-21-1589204013-1864288644-3288743639-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers5: [NvAppDesktopContext] -> {F2E8B4A1-9C7D-4F6E-B3A5-8D2C1F4E9B7A} => C:\Program Files\NVIDIA Corporation\NVIDIA App\NvCpl\nvui.dll [2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_171f1746818db7fd\nvshext.dll [2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2026-02-09] (Gen Digital Inc. -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [MidisrvTransferComplete] => 1
HKLM\...\Drivers32: [midi1] => C:\Windows\system32\wdmaud2.drv [126976 2026-02-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\wdmaud2.drv [78848 2026-02-11] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2025-03-13 00:21 - 2024-04-17 14:03 - 000443392 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\ac_node_addon\build\Release\ac_node_addon.node
2025-03-13 00:21 - 2024-04-08 11:31 - 000319488 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\resources\app.asar.unpacked\node_modules\sharp\build\Release\sharp-win32-ia32.node
2026-02-04 23:52 - 2026-02-04 23:52 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA App\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\plugins\NVIDIA Overlay\MessageBusRouter.dll
2025-09-08 03:35 - 2026-02-04 23:52 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2026-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-02-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-04-01 07:26 - 2025-10-13 20:31 - 000001056 _____ C:\Windows\system32\drivers\etc\hosts
192.168.1.157 host.docker.internal
192.168.1.157 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

2025-10-13 20:36 - 2025-12-08 19:44 - 000000433 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.22.96.1 Hejdys.mshome.net # 2030 12 6 7 19 44 47 87

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.254
Windows Firewall is enabled.

Network Binding:
=============
WiFi: Realtek 8852BE Wireless LAN WiFi 6 PCI-E NIC -> rtwlane601.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys

vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hejda\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\6125478849779484494\134167071954378240.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E478EAC7BFC67F03F478E5F2D7931491"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-1589204013-1864288644-3288743639-1001\...\StartupApproved\Run: => "electron.app.Pi Network"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7877DDAC-A98B-49AB-BA8E-67B50AB8EBD4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{6A321DC3-BB69-481F-9B81-0AF0916DA6A1}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{07AB0667-96CA-4021-AF04-C56897D6E601}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{BB3235B9-88B2-498A-8AA8-721D1320F775}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{96B33890-3165-466B-9D6F-D29FF38C5DAF}] => (Allow) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
FirewallRules: [{7CE20F88-112E-40EF-912F-426141421CDF}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{252745EB-817B-4FD8-A160-DA953FFCE44E}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{E6E3B5B4-CE96-4BCA-B567-822FE3EFBA45}] => (Allow) C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{D0CC5565-E3C4-4518-9DF9-83F3FE2319BD}] => (Allow) C:\program files\asus\aacambienthal\aacambientlighting.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [TCP Query User{89ED0206-1BE9-4575-8E82-35E89263E866}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{BA4E7E9D-A170-41FC-A8AF-2DE36540D076}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{20B400F7-1217-47BA-8716-1B8272C016C6}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{E7009F3E-3EAA-43D1-B988-FE15608BCAD8}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{030EA5D9-2AE5-420D-BA82-F063CBFA1BD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77574E1A-27EE-4799-BE6C-BD7ADB3013B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{10AA2C6F-CAD6-40E0-837E-C557F7C41810}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{1FA9AEFE-8C4A-498B-B7F8-DE34FAD0F0B7}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [TCP Query User{71DA0D74-CC72-4BE4-8A3D-8F8AE39D6822}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5FCD15FA-67C1-478D-AA50-8539D1986A58}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{19CEEDC3-7FA4-4784-8118-6B0E17A74FD3}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{AD4C37B9-CB6D-433D-AE43-D78D04D2ABA1}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{B4E14E29-DEF4-4B4F-886F-332A5E1A8DBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C3733682-C70E-47FE-B0F2-63DA12608960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{EDB2B0D6-3D09-42DB-9380-187C1868CCAD}] => (Allow) D:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution Ltd -> OpenTTD Development Team)
FirewallRules: [{0089A2F8-7A0C-4BCD-8BBF-DF00DB669B94}] => (Allow) D:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution Ltd -> OpenTTD Development Team)
FirewallRules: [TCP Query User{85874381-EA21-4BA8-91F3-0F009D3CBC92}D:\games\diablo iv\diablo iv.exe] => (Allow) D:\games\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB9945C9-B898-42ED-AE7C-972D9D905551}D:\games\diablo iv\diablo iv.exe] => (Allow) D:\games\diablo iv\diablo iv.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0AC18417-314C-43BE-890D-236490CF5EEE}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{18784171-23D7-421C-BA5E-A8749E4E5AF4}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{26F4886F-33D7-434D-9A23-5785B5ED604A}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{36A03FF3-CF0D-46DF-A643-F913ECF3F5EA}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{678C83E6-240E-4624-8F82-79DAF64A729F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{A8DC3632-5DF6-4666-9333-D8222584D5E0}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{B3CAC433-9A90-47A7-971C-24B646F4A1C7}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{72DEBAF0-689D-476C-9481-04FF9A4E19BB}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [{64B2869A-5786-45E9-A0C1-82C57AC83E31}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3BAE1ABE-0418-4229-BDC7-50A1BE57CDAF}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7610F4BD-C4AE-4A4F-91A9-7A3F86D62B88}D:\games\starcraft\x86_64\starcraft.exe] => (Allow) D:\games\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{85E9337E-8FEA-40FF-8BFD-799790677E0F}D:\games\starcraft\x86_64\starcraft.exe] => (Allow) D:\games\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{4607A939-F8BD-4702-832A-EF2931DD75A9}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E10DEFA4-5835-4CE1-9D52-DEF6C7123182}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{406B75ED-88BE-4788-99E6-88685412B6B0}] => (Allow) D:\SteamLibrary\steamapps\common\MTGA\MTGA.exe () [File not signed]
FirewallRules: [{66ADFD22-9719-4E12-824A-68BBB3D7F5D4}] => (Allow) D:\SteamLibrary\steamapps\common\MTGA\MTGA.exe () [File not signed]
FirewallRules: [TCP Query User{B2989826-12C9-49E2-9E57-F997A16B9210}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3A4CC814-F9BD-43AC-9443-D764D5BADD91}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0BDD9C84-6C46-4BEB-88A1-E5E48FE06C78}] => (Allow) D:\SteamLibrary\steamapps\common\Conflict of Nations\Conflict of Nations.exe (Bytro Labs GmbH) [File not signed]
FirewallRules: [{4FED95C1-EFE9-4E5E-9F0F-6DFAEE35397A}] => (Allow) D:\SteamLibrary\steamapps\common\Conflict of Nations\Conflict of Nations.exe (Bytro Labs GmbH) [File not signed]
FirewallRules: [{64AF8CB8-6A58-4865-AA17-4B1D8651CC21}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EF3A10CD-78E8-4723-AB43-AB9B561CDD3A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5833E5FB-BD7E-41CC-873C-E0590FCE9B23}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{21F619D9-6989-4B7E-8A73-8F1C8D06AE10}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A14EEE7C-D48F-4B0B-8C8F-FE1C2922DC63}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A519E2A1-174A-4121-8571-A2FC30F16409}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{199D7C13-2E7B-41A2-AEF8-F2C1B59009A5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D56CD330-F46B-46AE-A158-324995891BFC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F26E121C-B051-48EE-9F17-9B3B2118CB78}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D1B6B7CE-BA18-46D4-A6F1-5F4C33B6EED1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{BEEB9905-0323-4B51-91AD-C14C549752D3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{061B8C01-64FE-4C27-B495-DC9F713C33BF}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{DB5B45C7-ECBA-404A-9E01-48F3DA777ABC}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [TCP Query User{4AE84827-8928-4346-AC19-165978CCA71B}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C01073CE-7310-47F6-9D9F-612ACBD38CA4}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [{3F55BA54-4CCF-4613-90B5-AEA5AE261A06}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic Olden Era Demo\HeroesOE.exe () [File not signed]
FirewallRules: [{7A1CE8AF-CA39-4097-A7A0-23204642DD01}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic Olden Era Demo\HeroesOE.exe () [File not signed]
FirewallRules: [TCP Query User{7E3E1343-4664-49FD-8260-965E6A26A4D4}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [UDP Query User{1B9B624E-10D8-4490-AD1A-864F3AC1D74C}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [TCP Query User{244A2A3A-7396-4877-9D1A-38EE5A91EB5E}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [UDP Query User{6980A89D-029B-4936-AA9E-4E07D1DA3FE8}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [TCP Query User{742A78B5-6C96-4EBE-8073-7B6B129502FE}D:\quake3.exe] => (Allow) D:\quake3.exe () [File not signed]
FirewallRules: [UDP Query User{1614ED3B-BD04-4527-8486-9F924425818B}D:\quake3.exe] => (Allow) D:\quake3.exe () [File not signed]
FirewallRules: [TCP Query User{A4E7D63F-BC9A-4A91-8340-F4B18D11DA02}D:\games\starcraft ii\versions\base95841\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95841\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{0AEFC662-B3B2-40D0-A10C-95001FF13DFF}D:\games\starcraft ii\versions\base95841\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95841\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{3659A531-DAA4-46EC-AECD-36C5181AA432}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{69D8A08C-9C59-4237-AE55-547D83AFE464}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8D0BE164-A438-4F55-92A9-0F9948BAAAB9}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{B3D5CC6D-2F6B-4DBA-89B7-D204640C06D0}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [TCP Query User{9139277C-BA80-4364-B5D3-C2D94351AF56}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{2C9625E7-643A-4E1F-8D7F-E11904F3AB9F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [{80C48AA0-A753-4CA4-9E4F-AAD8CBA7A10D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{6C02BB8C-0E11-4AE1-8901-02D536189C15}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{97688777-F434-4ABF-8B58-E648F33C79FC}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8699C4B8-2D8C-43BE-B80B-3C7586D92DB8}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{8A782C35-6DAA-486E-AB3E-56ABF296BD6A}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{F57CDAC7-CF04-45FE-B598-2B9950A544FA}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{3F488EAF-FB2E-411E-90B6-7C18A4BD182E}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{0B66B9B4-2A90-413D-87C1-601DE5ACAB05}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{1EFBC696-2DBE-4010-8D45-66308296BB62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3D09E45C-ABF1-4F05-B47F-0FFA6A1EF614}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0C889360-3066-4BC4-8433-381F80968263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0DCFFDDF-663E-4C06-9356-F8B7B607C844}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{90975A00-3AAA-4317-B5FE-F618F0CBC5FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5EDCAC89-8CAD-4C69-8292-B4861FCFB6EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8A3D8C6-305C-4937-8F06-9ED9F8084867}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{23668B66-02C0-435A-980F-63FA54CE5504}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6C8B3715-CA1F-40CA-BC97-4CCB67249AEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0F152092-BBAA-4F6F-99A6-8541E911A858}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7930EFE0-3DD7-4215-926B-7F53D6C988A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7425783E-C139-48F0-BDB3-33F7729C04D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FA7B837A-5612-4457-8BE3-2DEE4EB978B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.283.461.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AF3BD263-486A-419E-BB13-1D37353F4012}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life Restored\restored.exe () [File not signed]
FirewallRules: [{A0A9B1D4-1646-4E97-992F-35DED80663D8}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life Restored\restored.exe () [File not signed]
FirewallRules: [{0880E82E-FE63-436F-B513-DD50099DAF80}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{CBCDD41B-5199-4F14-82DE-3CC14D6A6AC4}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{F357D94B-1BE9-437F-A523-38369343CEA0}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{811E8FF4-16A9-4901-BF66-ADF58D876455}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.60.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{7B0175A4-2B12-430B-8E3E-856CABB1CE61}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{075B3257-0998-48C2-B3CB-9CEEE791705E}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{7C6D50BD-069F-42DA-A7F8-45EA89BB68AA}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXService.exe (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
FirewallRules: [{7F6668AD-669D-49FB-936A-ADF7087FAE3A}] => (Allow) C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:447.58 GB) (Free:231.7 GB) (52%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Hejdys.local already in use; will try Hejdys-2.local instead

Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hejdys.local. Addr 192.168.1.157

Error: (02/26/2026 11:06:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.157:5353 16 Hejdys.local. AAAA 2A00:23C4:D11C:5201:CEC3:4EFE:624D:B0D8

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Hejdys.local already in use; will try Hejdys-2.local instead

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Hejdys.local. Addr 192.168.1.157

Error: (02/23/2026 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.157:5353 16 Hejdys.local. AAAA 2A00:23C4:D11C:5201:CEC3:4EFE:624D:B0D8

Error: (02/19/2026 10:10:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (02/19/2026 10:10:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..


System errors:
=============
Error: (02/27/2026 11:04:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {c7f32355-3baa-4879-a0a8-be7d19079dec}, had event 74

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {740FE937-01F7-4482-AA62-C83F0AD3D6D0} did not register with DCOM within the required timeout.

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.

Error: (02/27/2026 01:46:42 AM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.

Error: (02/26/2026 11:40:44 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY)
Description: Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends International, LLC.;FirmwareVersion:FA506NC.308;OEMModelBaseBoard:FA506NC;OEMManufacturerName:ASUSTeK COMPUTER INC.;OSArchitecture:amd64;
BucketId: 023969b791ef4626fa6a492cdad583ffebb403b91978a8abfaaf032a7f73a02b
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

Error: (02/26/2026 11:35:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.

Error: (02/26/2026 11:34:50 PM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/26/2026 11:34:50 PM) (Source: DCOM) (EventID: 10010) (User: HEJDYS)
Description: The server {6FA05A24-B1DF-4155-909E-7B424F2D2BB5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2026-02-08 15:57:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-02-07 15:31:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2026-02-06 15:44:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown

Date: 2026-02-04 23:49:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/SparkOnSoft!AMTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hejda\Downloads\cleareditpdf_593524.exe; file:_C:\Users\hejda\Downloads\cleareditpdf_984946.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.443.1000.0, AS: 1.443.1000.0, NIS: 1.443.1000.0
Engine Version: AM: 1.1.25110.1, NIS: 1.1.25110.1

Date: 2026-02-04 23:49:27
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/SparkOnSoft!AMTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hejda\Downloads\cleareditpdf_593524.exe; file:_C:\Users\hejda\Downloads\cleareditpdf_984946.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.443.1000.0, AS: 1.443.1000.0, NIS: 1.443.1000.0
Engine Version: AM: 1.1.25110.1, NIS: 1.1.25110.1

CodeIntegrity:
===============
Date: 2026-02-23 23:09:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-11-17 20:00:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\wps\1.34.154.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

Date: 2025-11-17 19:59:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\wps\1.34.154.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. FA506NC.308 01/08/2025
Motherboard: ASUSTeK COMPUTER INC. FA506NC
Processor: AMD Ryzen 5 7535HS with Radeon Graphics
Percentage of memory in use: 23%
Total physical RAM: 64840.25 MB
Available physical RAM: 49419.41 MB
Total Virtual: 68936.25 MB
Available Virtual: 49891.65 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:447.58 GB) (Free:231.7 GB) (Model: WD PC SN5000S SDEQNSJ-512G-1002) (Protected) NTFS
Drive d: (Samsung) (Fixed) (Total:3725.73 GB) (Free:3101.2 GB) (Model: Microsoft Storage Space Device) (Protected) NTFS

\\?\Volume{b4cad33f-6956-4e07-a765-6433638d4805}\ (RECOVERY) (Fixed) (Total:0.83 GB) (Free:0.06 GB) NTFS
\\?\Volume{1e75c4b2-5ccb-42b2-a04b-d7f061dbf8f4}\ (RESTORE) (Fixed) (Total:28 GB) (Free:9.31 GB) NTFS
\\?\Volume{b5b6a590-29f2-475b-ae4b-49915211f235}\ (MYASUS) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
\\?\Volume{79ac1d17-d260-4c78-af89-fe3d612c135a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 53E7ED41)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 3725.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119810
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware detected. Moc prosím o kontrolu logu.

#5 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

ClosePrtocesses:
FirewallRules: [TCP Query User{89ED0206-1BE9-4575-8E82-35E89263E866}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{BA4E7E9D-A170-41FC-A8AF-2DE36540D076}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{10AA2C6F-CAD6-40E0-837E-C557F7C41810}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{1FA9AEFE-8C4A-498B-B7F8-DE34FAD0F0B7}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [{B4E14E29-DEF4-4B4F-886F-332A5E1A8DBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C3733682-C70E-47FE-B0F2-63DA12608960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{0AC18417-314C-43BE-890D-236490CF5EEE}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{18784171-23D7-421C-BA5E-A8749E4E5AF4}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{26F4886F-33D7-434D-9A23-5785B5ED604A}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{36A03FF3-CF0D-46DF-A643-F913ECF3F5EA}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{678C83E6-240E-4624-8F82-79DAF64A729F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{A8DC3632-5DF6-4666-9333-D8222584D5E0}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{B3CAC433-9A90-47A7-971C-24B646F4A1C7}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{72DEBAF0-689D-476C-9481-04FF9A4E19BB}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{4AE84827-8928-4346-AC19-165978CCA71B}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C01073CE-7310-47F6-9D9F-612ACBD38CA4}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [TCP Query User{7E3E1343-4664-49FD-8260-965E6A26A4D4}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [UDP Query User{1B9B624E-10D8-4490-AD1A-864F3AC1D74C}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [{8D0BE164-A438-4F55-92A9-0F9948BAAAB9}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{B3D5CC6D-2F6B-4DBA-89B7-D204640C06D0}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [TCP Query User{9139277C-BA80-4364-B5D3-C2D94351AF56}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{2C9625E7-643A-4E1F-8D7F-E11904F3AB9F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
C:\Users\hejda\Downloads\cleareditpdf_593524.exe
C:\Users\hejda\Downloads\cleareditpdf_984946.exe
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C616FA06-B577-4015-A6D2-7BD478E4EFFA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {7CF7E640-EF7E-4565-954C-215037FBD7D4} - System32\Tasks\OBUpdate => C:\Users\hejda\AppData\Local\OneBrowser\Update\OBUpdateService.exe [3312144 2025-12-07] (WORK PRODUCT, INC. -> WORK PRODUCT, INC.) <==== ATTENTION
CHR Extension: (SearchProtect) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnannpdmmiphnkpaooplhegabbghlplj [2026-02-08] [UpdateUrl:0] <==== ATTENTION
U3 aswArDisk; no ImagePath
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

PS: Pro příště doporučuji přečíst si pravidla fóra: https://forum.viry.cz/viewtopic.php?t=5601 . Věděl byste, že registrovat je možné pouze jednou. Vaše 2. registrace byla odstraněna. Nejde o šikanu, máme pro to své důvody.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Hejdys84
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2026 00:23

Re: Malware detected. Moc prosím o kontrolu logu.

#6 Příspěvek od Hejdys84 »

Omlovám se za podvojnou registraci. Trvalo velmi dlouho než přišel potvzovací email, registroval jsem se tedy znovu. Přikládám požadovaný log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by hejda (01-03-2026 18:44:37) Run:1
Running from C:\Users\hejda\Desktop
Loaded Profiles: hejda
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

ClosePrtocesses:
FirewallRules: [TCP Query User{89ED0206-1BE9-4575-8E82-35E89263E866}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{BA4E7E9D-A170-41FC-A8AF-2DE36540D076}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{10AA2C6F-CAD6-40E0-837E-C557F7C41810}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{1FA9AEFE-8C4A-498B-B7F8-DE34FAD0F0B7}C:\program files (x86)\diablo iv\diablo iv.exe] => (Allow) C:\program files (x86)\diablo iv\diablo iv.exe => No File
FirewallRules: [{B4E14E29-DEF4-4B4F-886F-332A5E1A8DBC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C3733682-C70E-47FE-B0F2-63DA12608960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{0AC18417-314C-43BE-890D-236490CF5EEE}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{18784171-23D7-421C-BA5E-A8749E4E5AF4}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{26F4886F-33D7-434D-9A23-5785B5ED604A}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{36A03FF3-CF0D-46DF-A643-F913ECF3F5EA}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{678C83E6-240E-4624-8F82-79DAF64A729F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{A8DC3632-5DF6-4666-9333-D8222584D5E0}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{B3CAC433-9A90-47A7-971C-24B646F4A1C7}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [UDP Query User{72DEBAF0-689D-476C-9481-04FF9A4E19BB}D:\games\starcraft ii\versions\base94137\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base94137\sc2_x64.exe => No File
FirewallRules: [TCP Query User{4AE84827-8928-4346-AC19-165978CCA71B}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C01073CE-7310-47F6-9D9F-612ACBD38CA4}D:\games\starcraft ii\versions\base95248\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base95248\sc2_x64.exe => No File
FirewallRules: [TCP Query User{7E3E1343-4664-49FD-8260-965E6A26A4D4}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [UDP Query User{1B9B624E-10D8-4490-AD1A-864F3AC1D74C}D:\games\starcraft ii\versions\base95299\sc2_x64.exe] => (Block) D:\games\starcraft ii\versions\base95299\sc2_x64.exe => No File
FirewallRules: [{8D0BE164-A438-4F55-92A9-0F9948BAAAB9}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{B3D5CC6D-2F6B-4DBA-89B7-D204640C06D0}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [TCP Query User{9139277C-BA80-4364-B5D3-C2D94351AF56}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{2C9625E7-643A-4E1F-8D7F-E11904F3AB9F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
C:\Users\hejda\Downloads\cleareditpdf_593524.exe
C:\Users\hejda\Downloads\cleareditpdf_984946.exe
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C616FA06-B577-4015-A6D2-7BD478E4EFFA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {7CF7E640-EF7E-4565-954C-215037FBD7D4} - System32\Tasks\OBUpdate => C:\Users\hejda\AppData\Local\OneBrowser\Update\OBUpdateService.exe [3312144 2025-12-07] (WORK PRODUCT, INC. -> WORK PRODUCT, INC.) <==== ATTENTION
CHR Extension: (SearchProtect) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnannpdmmiphnkpaooplhegabbghlplj [2026-02-08] [UpdateUrl:0] <==== ATTENTION
U3 aswArDisk; no ImagePath
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2

EmptyTemp:
End
*****************

ClosePrtocesses: => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{89ED0206-1BE9-4575-8E82-35E89263E866}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA4E7E9D-A170-41FC-A8AF-2DE36540D076}C:\program files (x86)\starcraft ii\versions\base94137\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{10AA2C6F-CAD6-40E0-837E-C557F7C41810}C:\program files (x86)\diablo iv\diablo iv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1FA9AEFE-8C4A-498B-B7F8-DE34FAD0F0B7}C:\program files (x86)\diablo iv\diablo iv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4E14E29-DEF4-4B4F-886F-332A5E1A8DBC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3733682-C70E-47FE-B0F2-63DA12608960}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AC18417-314C-43BE-890D-236490CF5EEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18784171-23D7-421C-BA5E-A8749E4E5AF4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26F4886F-33D7-434D-9A23-5785B5ED604A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36A03FF3-CF0D-46DF-A643-F913ECF3F5EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{678C83E6-240E-4624-8F82-79DAF64A729F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8DC3632-5DF6-4666-9333-D8222584D5E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B3CAC433-9A90-47A7-971C-24B646F4A1C7}D:\games\starcraft ii\versions\base94137\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{72DEBAF0-689D-476C-9481-04FF9A4E19BB}D:\games\starcraft ii\versions\base94137\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4AE84827-8928-4346-AC19-165978CCA71B}D:\games\starcraft ii\versions\base95248\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C01073CE-7310-47F6-9D9F-612ACBD38CA4}D:\games\starcraft ii\versions\base95248\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E3E1343-4664-49FD-8260-965E6A26A4D4}D:\games\starcraft ii\versions\base95299\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B9B624E-10D8-4490-AD1A-864F3AC1D74C}D:\games\starcraft ii\versions\base95299\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D0BE164-A438-4F55-92A9-0F9948BAAAB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3D5CC6D-2F6B-4DBA-89B7-D204640C06D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9139277C-BA80-4364-B5D3-C2D94351AF56}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2C9625E7-643A-4E1F-8D7F-E11904F3AB9F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe" => removed successfully
"C:\Users\hejda\Downloads\cleareditpdf_593524.exe" => not found
"C:\Users\hejda\Downloads\cleareditpdf_984946.exe" => not found
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C616FA06-B577-4015-A6D2-7BD478E4EFFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C616FA06-B577-4015-A6D2-7BD478E4EFFA}" => removed successfully
C:\Windows\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CF7E640-EF7E-4565-954C-215037FBD7D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CF7E640-EF7E-4565-954C-215037FBD7D4}" => removed successfully
C:\Windows\System32\Tasks\OBUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OBUpdate" => removed successfully
CHR Extension: (SearchProtect) - C:\Users\hejda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnannpdmmiphnkpaooplhegabbghlplj [2026-02-08] [UpdateUrl:0] <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\aswArDisk => removed successfully
aswArDisk => service removed successfully
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\cpuz158 => removed successfully
cpuz158 => service removed successfully
Could not move "C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12863382 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 566570568 B
Windows/system/drivers => 454447401 B
Edge => 38481621 B
Chrome => 892402164 B
Firefox => 0 B
Opera => 0 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1622 B
systemprofile32 => 0 B
LocalService => 77120 B
NetworkService => 0 B
hejda => 98403144 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-03-2026 18:45:56)

C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected

==== End of Fixlog 18:45:56 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119810
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware detected. Moc prosím o kontrolu logu.

#7 Příspěvek od Rudy »

OK, maily někdy trvají dlouho, zvláště když je zatížená síť. Nic se neděje, jen jsem upozornil. Bylo smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Hejdys84
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 28 úno 2026 00:23

Re: Malware detected. Moc prosím o kontrolu logu.

#8 Příspěvek od Hejdys84 »

Vše vypadá v pořádku. Děkuji a posílám příspěvek.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119810
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware detected. Moc prosím o kontrolu logu.

#9 Příspěvek od Rudy »

My děkujeme za příspěvek a vy nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“