Hezký den,
prosím o kontrolu logu. Náhled na mě vyskočila hláška, že program onedriverpatcher.exe prosím o povolení provádět změny na počítači. Což jsem bezhlavě povolil, v hlášce byla uvedena certifikace. Později mě napadlo googlit, o co může jít a narazil jsem na to, že by to mohl využívat malware jako součást "DLL sideloading attack" (bohužel netuším, o co jde, jen chci předat všechny informace).
Počítač jsem projel Malwarebytes a AdwCleanerem, což odstranilo nějaké věci související s programem FormatFactory.
Předem moc za kontroluju děkuji
P.S. FRST mi následně smazal Avast
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2026
Ran by stepa (administrator) on LAPTOP-3LMH3KRC (LENOVO 82LM) (05-05-2026 23:16:40)
Running from C:\Users\stepa\Desktop\FRST64.exe
Loaded Profiles: stepa
Platform: Microsoft Windows 11 Home Version 25H2 26200.8328 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe
(C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\AppProvisioningPlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\MessagingPlugin.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001_1\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_05fe713c4fadacd3\RtkAudUService64.exe [3477960 2022-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [1018024 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
HKLM\...\Run: [Avast Cleanup UI] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [7279840 2026-03-25] (Gen Digital Inc. -> Gen Digital Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3348640 2026-04-30] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [Microsoft.Lists] => C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001_1\OneDrive.Sync.Service.exe [956264 2026-05-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42086872 2026-04-01] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [MicrosoftEdgeAutoLaunch_D8110E640FD3F8C5BCB7D3575AB1C9F3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [5026632 2026-04-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.063.0405.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.063.0405.0002" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.070.0414.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [3971224 2026-04-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\148.0.7778.96\Installer\chrmstp.exe [7614616 2026-05-05] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-3605AD5C0A0C}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {185D797C-9ACF-4C2F-8C78-C490C8102D05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1612800 2026-01-23] (Adobe Inc. -> Adobe Inc.)
Task: {3DFF74E6-8C18-4CE0-830D-47F51C619AB7} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030928 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {997A2576-A70C-4A31-8AAE-F58BB0DB631C} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [184072 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {A3513172-2BDF-4DF6-9D89-89B1194AD42B} - System32\Tasks\AMDScoSupportTypeUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030928 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {E0FF6E89-698B-48FC-BC50-30013028FA32} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [9500384 2026-04-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {A1CE42DE-178E-4153-86B2-3AAED832D33A} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [6444768 2026-03-25] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup" --configpath "C:\ProgramData\Avast Software\Cleanup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\Cle (the data entry has 53 more characters).
Task: {8D96DE86-0989-42AC-A010-7A5ACC7A2098} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [9501920 2026-03-24] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {86BA124A-1271-48DF-8B02-4CFB00FC2CD7} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5739688 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {60446D0E-543F-41E8-B164-D660B99846E7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2977504 2025-10-14] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {AA68F175-98FC-4CFE-8CF5-FD78EDA0951D} - System32\Tasks\CCleaner 7 - Skip UAC - S-1-5-21-1915851472-2192339704-3292565872-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5598328 2026-04-28] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {C5D3BD32-CB31-41C0-B9B8-9E982BE16115} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [3327808 2026-05-01] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9CD888-49A0-42FF-AB44-0CC72D245313} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem148.0.7730.0{D3A9C7FB-62E1-4CEB-81DC-29B992982252} => C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe [8459416 2026-03-12] (Google LLC -> Google LLC)
Task: {A0B83ED7-CDE3-49CA-8E9E-A3B9D9E7D0E9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {0C8A1620-42A4-4EF5-AFF1-96622CC7BC47} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [102400 2025-06-26] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {99A873B2-3B96-4131-B8B3-ECDF53765135} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [110592 2025-09-03] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2DEA6558-BDF3-433D-8454-77B999806CF4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d3383f4f-581e-4095-bd53-1d0a01aea451 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {56A788CD-C107-449D-AA9F-E16E4F881C76} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e095aa2d-bf31-414b-80c3-c75572bf7685 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {44443D70-6F91-4E36-A5AB-EE67D5FEA55C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e52005e6-330d-410e-9392-7a57cceed75f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {053C00E3-48AE-4082-8FD5-10B84F40134F} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1915851472-2192339704-3292565872-1001 => C:\Users\stepa\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [93520 2026-03-06] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {441170F8-82C9-4CE5-B43E-1AF590781599} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [102400 2025-06-26] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {B6F9029E-707F-4518-8015-7E79A7E86131} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [91024 2026-04-01] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {7BBC7EDA-016C-4B79-BC2B-6834539C4A70} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\WINDOWS\system32\sc.exe [102400 2025-06-26] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221
Task: {27B15152-A6ED-431D-860C-521A6EF924FF} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\WINDOWS\system32\sc.exe [102400 2025-06-26] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {E6E206E4-924A-4B92-9084-CA4BE83A8942} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [257936 2026-04-01] (Lenovo -> Lenovo Group Ltd.)
Task: {66183271-86EE-4904-9469-5BFB692E90AD} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [102400 2025-06-26] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {94558482-EE32-4DC3-930E-0AF19F6058B1} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {97EF308F-2D04-4C3C-9680-4A69D4AEF7E1} - System32\Tasks\Lenovo\Vantage\Schedule\ConsumerAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {C94A3C78-F54D-42C0-B63E-24B09A6BC016} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {7104B411-F892-486A-9C1A-B2915A79B104} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {5C384B27-1B92-403F-82A7-A0031978F623} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin_Pulsation => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {EA27231B-80C5-4973-A26F-58E69CE58587} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {E215AAFD-9149-44FF-877D-BDF5D1F77D0F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {E6FB855D-DE58-46F9-8F4F-37334FD8B1C2} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {DD0534FE-439C-4B97-8ED3-802E2F4E4F9F} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {CEBDE9D1-9F92-4FFD-A25A-3CC351011047} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSupportHealthReportSchedule => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {BA114CC9-C451-4F5D-89D1-F4893A3051BD} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {A3946D0C-0CD5-4D67-9D89-702D1D87D07B} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {D35F7319-EC06-4478-B64B-97DF3F5E6ABC} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {4B3AB4CE-EA66-4363-AB3B-43838322E1D2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {9C70FF0F-9AD1-4779-8FDB-8D9D9EAFA79C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {C8062E2E-E8BD-4E8C-B3F9-8724A72BABA0} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.1.0.29\x86\IdleScheduleEventAction.exe [173536 2026-04-21] (Lenovo -> )
Task: {CD5D1F12-F740-41AB-9DC9-63FC44AE168B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-19] (Lenovo -> Lenovo)
Task: {FDD3F547-4554-43A2-B3C7-EA439AFE3443} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {4F3F0437-0002-448A-AD29-D3B508E6DC36} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => MessengerHelper.exe --lassie (No File)
Task: {6EA4AEE4-F751-4B30-A967-C17B309554C2} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16380720 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE153DA6-386B-4441-80B5-E25A7118084F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28547472 2026-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BFCD004-F1D1-460D-BEE0-30B0A6187F16} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [73560 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3653B47-8781-48FE-9DBD-AF9AF039E669} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28547472 2026-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {94D9F048-340F-40F5-B1F8-7875C4F2B10B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CD55943-B346-48BE-B45C-EBCBD0F724E1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5512C267-7703-4AAE-8F23-46FD7D94E5F8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1366888 2026-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7DC3C12-AF15-4EF5-8901-1EF39A03B512} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4423712 2026-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {704DFF17-DD5E-4683-AEC7-F9CF19109CFF} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16380720 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {876CFDB8-96A5-41EA-9F2A-9391F83F7587} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {47DF7232-0796-48F6-A5B1-682312353352} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {733AFBDB-F44F-481C-9ACC-F7E6E9CF2FF8} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030928 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {3D01C6D6-5CB9-48F5-9FE1-66C1BA879F0B} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-1915851472-2192339704-3292565872-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5598328 2026-04-28] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {EE2EDF3E-511D-4562-8ABC-A87AF26CE8AF} - System32\Tasks\Piriform\CCleaner 7 - Scheduled Cleaning - default - S-1-5-21-1915851472-2192339704-3292565872-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5598328 2026-04-28] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {13405212-3E8A-48C8-B652-51DC8F1224B8} - System32\Tasks\Piriform\CCleaner 7 BugReport => C:\Program Files\Piriform\CCleaner 7\CCleanerBugReport.exe [6635128 2026-04-28] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --product 234 --programpath "C:\Program Files\Piriform\CCleaner 7" --configpath "C:\Program Files\Piriform\CCleaner 7\data" --path "C:\Program Files\Piriform\CCleaner 7\log" --path "C:\Program Files\Piriform\CCleaner 7\data\dumps" --logpath "C:\Program Files\Piriform\CCleaner 7 (the data entry has 58 more characters).
Task: {B851B598-488C-43F7-A5D4-800A34967EB7} - System32\Tasks\Piriform\CCleaner 7 Update => C:\Program Files\Common Files\Piriform\Icarus\piriform-ccl\icarus.exe [9274080 2026-01-19] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {2A9DD550-455D-49AE-8133-A58F305539BF} - System32\Tasks\Samsung_PSSD_Registration_Plus => C:\Program Files (x86)\Samsung\Portable_SSD\SamsungPortableSSDMon_1.0.exe [869224 2021-08-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {E74CE94B-3BAA-4934-82B1-8604721ABB10} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [767240 2025-12-11] (Advanced Micro Devices -> AMD)
Task: {3741F1C5-FDE7-42A7-A36A-DDFC17B133BC} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60680 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {190EA8C3-89B5-4125-A27B-0E46E8460B5F} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60680 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {BA038573-D5D5-42AA-A31E-87A8B510535B} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [323856 2025-12-11] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {D2770682-27EF-4B48-A64D-7B03DD88C68C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904536 2024-07-15] (Lenovo -> )
Task: {9352CF23-3CB4-4F6E-BCAA-F43812F10BDB} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904536 2024-07-15] (Lenovo -> )
Task: {380476C0-3D73-4F6D-BD2A-7881E443D753} - System32\Tasks\Ubisoft\Ubisoft Connect Background Update => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe [17255600 2026-03-24] (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\05F44414F543432373: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\05F44414F5434323735374: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\C4F6A7E696365602D202E656A6A71646E656A637960207F6374756C6: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\C6674667: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\F426976716B602160267562716E6461602D202C6560737960207F63696471636: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7905d5e9-e234-4f86-82cb-b7ebc618b509}\F426976716B602160267562716E6461602D202C65607379602D6F62696C6: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2026-01-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2026-04-01] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2026-01-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2026-01-04] (Microsoft Corporation -> Microsoft Corporation)
Edge:
=======
Edge Profile: C:\Users\stepa\AppData\Local\Microsoft\Edge\User Data\Default [2026-05-05]
Edge Extension: (Dokumenty Google offline) - C:\Users\stepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-04-16]
Edge Extension: (Edge relevant text changes) - C:\Users\stepa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default [2026-05-05]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2026-05-03]
CHR Extension: (QR Code Generator) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2022-10-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-04-17]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2026-05-03]
CHR Extension: (Grammarly: AI Writing Assistant and Grammar Checker App) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2026-05-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-10]
CHR Extension: (Scopus Document Download Manager) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojplelelocihfchkdaebocpankipadmp [2024-07-12]
CHR Profile: C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-01-04]
CHR Profile: C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 2 [2025-01-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-10-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-10]
CHR Profile: C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 3 [2025-12-13]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-09-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-19]
CHR Extension: (Participate by Lookback) - C:\Users\stepa\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ppapgcbnefafdghpfglgilaghielefgn [2023-03-19]
CHR Profile: C:\Users\stepa\AppData\Local\Google\Chrome\User Data\System Profile [2026-05-05]
CHR HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [180216 2026-01-23] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7944360 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [529168 0] (Advanced Micro Devices -> AMD)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [1039016 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2733224 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1092264 2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
R2 AvastCleanupSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [21550304 2026-03-25] (Gen Digital Inc. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-10-10] (Avast Software s.r.o. -> AVAST Software)
R2 CCleaner7; C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe [30293112 2026-04-28] (Gen Digital Inc. -> Gen Digital Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13345080 2026-04-24] (Microsoft Corporation -> Microsoft Corporation)
S2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_3c3afc298e15df94\DAX3API.exe [2305576 2021-11-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [177021688 2026-03-19] (Electronic Arts, Inc. -> Electronic Arts)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [19984032 2026-04-30] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-21] (Epic Games Inc. -> Epic Games, Inc.)
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [422808 2021-11-14] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_5e21bf389d23855a\LenovoUtilityService.exe [199744 2026-03-09] (Lenovo -> Lenovo)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe [34368 2026-03-19] (Lenovo -> Lenovo)
S2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1704912 2024-06-23] (Lenovo -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11483256 2026-05-05] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-05-05] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [83432 2026-05-01] (Microsoft Windows -> Microsoft Corporation)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2026-02-13] (Even Balance, Inc. -> )
S2 SessionSvc; C:\WINDOWS\System32\DriverStore\FileRepository\wbdiusb.inf_amd64_c714a3e73767251c\SessionService.exe [73280 2024-09-12] (Shenzhen Goodix Technology Co., Ltd. -> Goodix)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14770472 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72592 2026-04-01] (Lenovo -> Lenovo Group Ltd.)
S3 UpcElevationService; C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher Core\UpcElevationService.exe [351928 2026-03-24] (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_ce2b2bc149703709\amdacpafd.sys [436080 2025-09-15] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_56c8536a80b5c1bd\amdfendrmgr.sys [36720 2025-10-02] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV20; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2025-12-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_960126269e89c62e\amdsafd.sys [114048 2025-09-15] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0197843.inf_amd64_82ec9e2b79afe28f\B025592\amdkmdag.sys [106659856 2026-01-19] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62856 2025-10-15] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [21088 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [258656 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [450144 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [315488 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [87136 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [29144 2025-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [31840 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [289888 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [634464 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [94816 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71776 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [910944 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1284192 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [241248 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [466016 2026-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [159296 2026-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [235584 2026-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt11.sys [215104 2026-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [81000 2026-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [190096 2026-05-05] (Malwarebytes Inc -> Malwarebytes)
S3 netrtp; C:\WINDOWS\System32\DRIVERS\netrtp.sys [46576 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 RODEConnect_VirtualAudio; C:\WINDOWS\System32\DriverStore\FileRepository\rodeconnectvad.inf_amd64_98367d8547a17141\rodeconnectvad.sys [82712 2021-03-01] (Freedman Electronics Pty Ltd -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-05-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-05-10] (Microsoft Windows -> Microsoft Corporation)
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2026-05-05 23:16 - 2026-05-05 23:17 - 000042714 _____ C:\Users\stepa\Desktop\FRST.txt
2026-05-05 23:14 - 2026-05-05 23:15 - 002447360 _____ (Farbar) C:\Users\stepa\Desktop\FRST64.exe
2026-05-05 23:14 - 2026-05-05 23:14 - 002447360 _____ (Farbar) C:\Users\stepa\Downloads\FRST64.exe
2026-05-05 22:56 - 2026-05-05 22:58 - 000000000 ____D C:\Users\stepa\AppData\LocalLow\IGDump
2026-05-05 22:56 - 2026-05-05 22:56 - 000190096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2026-05-05 22:52 - 2026-05-05 23:18 - 000000000 ____D C:\Users\stepa\AppData\Local\Malwarebytes
2026-05-05 22:52 - 2026-05-05 22:52 - 000002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2026-05-05 22:52 - 2026-05-05 22:52 - 000002092 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2026-05-05 22:52 - 2026-05-05 22:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2026-05-05 22:52 - 2026-05-05 22:52 - 000000000 ____D C:\Program Files\Malwarebytes
2026-05-05 22:51 - 2026-05-05 23:04 - 009633072 _____ (Malwarebytes) C:\Users\stepa\Downloads\adwcleaner.exe
2026-05-05 22:50 - 2026-05-05 22:50 - 002851456 _____ (Malwarebytes) C:\Users\stepa\Downloads\MBSetup.exe
2026-05-05 21:56 - 2026-05-05 21:56 - 000713002 _____ C:\WINDOWS\system32\perfh005.dat
2026-05-05 21:56 - 2026-05-05 21:56 - 000153200 _____ C:\WINDOWS\system32\perfc005.dat
2026-05-04 23:39 - 2026-05-04 23:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2026-05-01 11:51 - 2026-05-05 22:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2026-05-01 11:48 - 2026-05-01 11:48 - 000085913 _____ C:\WINDOWS\SysWOW64\ctac.json
2026-05-01 11:48 - 2026-05-01 11:48 - 000085913 _____ C:\WINDOWS\system32\ctac.json
2026-05-01 11:48 - 2026-05-01 11:48 - 000003872 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2026-04-24 01:59 - 2026-05-01 11:15 - 000000000 ____D C:\WINDOWS\Minidump
2026-04-22 22:19 - 2026-04-22 22:19 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2026-04-18 01:51 - 2026-04-18 01:51 - 000000000 ____D C:\Users\stepa\AppData\Roaming\xpdf
2026-04-15 13:11 - 2026-04-15 13:11 - 005304104 _____ C:\Users\stepa\Downloads\Výzvánění táta.wav
2026-04-15 12:35 - 2026-04-15 12:35 - 000001247 _____ C:\Users\stepa\Downloads\066416.mid
2026-04-15 12:34 - 2026-04-15 12:34 - 000368442 _____ C:\Users\stepa\Downloads\Vseobecnevitani.wma
2026-04-15 02:00 - 2026-04-15 02:00 - 000323752 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2026-04-14 23:14 - 2026-04-14 23:14 - 000004575 _____ C:\WINDOWS\system32\ResPriUHMImageList
2026-04-14 23:14 - 2026-04-14 23:14 - 000004575 _____ C:\WINDOWS\system32\ResPriLMImageList
2026-04-14 23:14 - 2026-04-14 23:14 - 000004575 _____ C:\WINDOWS\system32\ResPriImageList
2026-04-14 23:14 - 2026-04-14 23:14 - 000004575 _____ C:\WINDOWS\system32\ResPriHMImageList
2026-04-14 23:13 - 2026-04-14 23:13 - 000036843 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2026-04-14 23:13 - 2026-04-14 23:13 - 000036843 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2026-04-09 23:34 - 2026-04-15 16:15 - 000000000 ____D C:\Users\stepa\Desktop\R3
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2026-05-05 23:16 - 2022-01-25 22:04 - 000000000 ____D C:\FRST
2026-05-05 23:14 - 2021-10-11 01:11 - 000000000 ____D C:\Users\stepa\AppData\Local\D3DSCache
2026-05-05 23:11 - 2021-08-29 13:22 - 000000000 ___RD C:\Users\stepa\OneDrive
2026-05-05 23:10 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-05-05 23:06 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-05-05 23:06 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-05-05 23:06 - 2023-02-14 01:38 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-05-05 23:06 - 2023-02-14 01:38 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2026-05-05 22:54 - 2021-10-11 01:36 - 000000000 ____D C:\Program Files (x86)\Steam
2026-05-05 22:52 - 2024-04-01 09:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2026-05-05 22:52 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-05-05 22:52 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2026-05-05 22:52 - 2022-02-22 15:34 - 000000000 ____D C:\Users\stepa\AppData\Local\Sentry
2026-05-05 22:52 - 2021-10-11 01:11 - 000000000 ____D C:\Users\stepa\AppData\Local\Packages
2026-05-05 22:52 - 2020-11-19 09:33 - 000000000 ____D C:\ProgramData\Packages
2026-05-05 22:44 - 2026-02-13 19:53 - 000002506 _____ C:\WINDOWS\system32\Tasks\StartAUEP
2026-05-05 22:44 - 2026-02-13 19:53 - 000002372 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2026-05-05 22:44 - 2026-02-13 19:50 - 000002672 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2026-05-05 22:44 - 2026-02-13 19:50 - 000002518 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2026-05-05 22:44 - 2026-02-13 19:49 - 000002194 _____ C:\WINDOWS\system32\Tasks\StartCN
2026-05-05 22:44 - 2026-02-13 19:49 - 000002114 _____ C:\WINDOWS\system32\Tasks\StartDVR
2026-05-05 22:44 - 2025-02-01 21:09 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-05-05 22:44 - 2025-02-01 21:09 - 000003354 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F95A899A-FAB6-4AA6-8240-140235E151DC}
2026-05-05 22:44 - 2025-02-01 21:09 - 000003340 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2026-05-05 22:44 - 2025-02-01 21:09 - 000003112 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1915851472-2192339704-3292565872-1001
2026-05-05 22:44 - 2025-02-01 21:09 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1915851472-2192339704-3292565872-1001
2026-05-05 22:44 - 2025-02-01 21:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1915851472-2192339704-3292565872-1001
2026-05-05 22:44 - 2025-02-01 21:09 - 000002426 _____ C:\WINDOWS\system32\Tasks\Samsung_PSSD_Registration_Plus
2026-05-05 22:44 - 2025-02-01 21:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2026-05-05 22:36 - 2021-10-11 00:08 - 000002394 _____ C:\Users\stepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-05-05 21:56 - 2025-02-01 21:10 - 001692324 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-05-05 21:49 - 2025-02-01 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-05-05 21:49 - 2025-02-01 21:07 - 000011680 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-05-05 21:49 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ServiceState
2026-05-05 21:49 - 2021-10-13 09:34 - 000000000 ____D C:\Program Files\TeamViewer
2026-05-05 21:49 - 2021-10-11 01:30 - 000000000 ____D C:\ProgramData\Avast Software
2026-05-05 21:48 - 2025-02-01 21:03 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2026-05-05 21:48 - 2021-10-10 23:55 - 000000000 ____D C:\ProgramData\Goodix
2026-05-05 21:48 - 2020-11-27 02:59 - 000012288 ___SH C:\DumpStack.log.tmp
2026-05-05 21:47 - 2024-04-01 09:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2026-05-05 21:45 - 2025-03-07 00:09 - 000867176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2026-05-05 21:44 - 2025-06-29 12:37 - 000000000 ____D C:\WINDOWS\system32\ruxim
2026-05-05 21:44 - 2024-04-01 18:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2026-05-05 21:44 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2026-05-05 21:44 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2026-05-05 21:43 - 2025-02-01 19:52 - 000000000 ____D C:\Users\stepa
2026-05-05 21:17 - 2021-10-11 01:34 - 000000000 ____D C:\Users\stepa\AppData\Local\Ubisoft Game Launcher
2026-05-05 21:11 - 2022-01-10 15:00 - 000000000 ____D C:\Users\stepa\Desktop\HRY
2026-05-04 23:35 - 2021-04-15 00:50 - 000000000 ____D C:\Program Files\Microsoft Office
2026-05-03 20:40 - 2025-02-01 21:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-05-02 13:56 - 2021-10-10 23:55 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-05-02 13:56 - 2020-11-19 09:32 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-05-01 11:47 - 2025-02-01 21:08 - 003268096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2026-04-30 23:43 - 2025-03-13 22:53 - 000000000 ____D C:\ProgramData\EA Desktop
2026-04-28 20:03 - 2021-10-10 23:55 - 000000000 ____D C:\Program Files\AMD
2026-04-28 19:43 - 2021-10-11 02:05 - 000000000 ____D C:\Users\stepa\AppData\Local\CrashDumps
2026-04-25 02:06 - 2021-10-12 18:27 - 000000000 ____D C:\Users\stepa\AppData\Roaming\vlc
2026-04-25 01:00 - 2023-07-05 23:05 - 000000000 ____D C:\Users\stepa\AppData\Local\AMD_Common
2026-04-24 02:01 - 2025-02-01 19:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2026-04-24 02:01 - 2024-04-01 18:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2026-04-24 02:01 - 2024-04-01 18:28 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2026-04-24 02:01 - 2024-04-01 18:28 - 000000000 ____D C:\WINDOWS\system32\cs
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\te-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\qps-plocm
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\qps-ploc
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\or-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\km-KH
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\is-IS
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\id-ID
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\et-EE
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\es-MX
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\be-BY
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\as-IN
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\am-ET
2026-04-24 02:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2026-04-24 02:00 - 2025-02-01 19:36 - 000000000 ____D C:\WINDOWS\en-GB
2026-04-24 02:00 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\Provisioning
2026-04-24 02:00 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\DiagTrack
2026-04-24 01:59 - 2026-01-12 23:43 - 000002650 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2026-04-24 01:59 - 2025-11-28 13:33 - 000002466 _____ C:\WINDOWS\system32\Tasks\CCleaner 7 - Skip UAC - S-1-5-21-1915851472-2192339704-3292565872-1001
2026-04-24 01:59 - 2025-02-01 21:09 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2026-04-24 01:30 - 2026-02-13 19:50 - 000002766 _____ C:\WINDOWS\system32\Tasks\AMDScoSupportTypeUpdate
2026-04-24 01:30 - 2026-02-13 19:50 - 000002464 _____ C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2026-04-20 02:19 - 2024-04-01 09:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2026-04-20 02:19 - 2024-04-01 09:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2026-04-18 01:30 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2026-04-15 02:00 - 2021-10-11 01:33 - 001284192 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000910944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000634464 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000466016 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000450144 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000315488 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000289888 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000258656 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000094816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000087136 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000071776 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000031840 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2026-04-15 02:00 - 2021-10-11 01:33 - 000021088 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2026-04-15 01:33 - 2021-10-13 00:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2026-04-15 01:30 - 2021-10-13 00:30 - 218249592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2026-04-14 21:58 - 2021-10-11 01:53 - 000000000 ____D C:\Users\stepa\AppData\Local\Steam
2026-04-09 23:30 - 2026-02-09 01:45 - 000000000 ____D C:\Users\stepa\Desktop\Bára
2026-04-08 18:28 - 2023-07-02 02:04 - 000000000 ____D C:\Users\stepa\Desktop\FILMY
2026-04-08 17:04 - 2022-10-19 00:39 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2026-04-08 17:04 - 2022-10-19 00:39 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
==================== Files in the root of some directories ========
2023-12-26 22:42 - 2023-12-26 22:42 - 000001522 _____ () C:\Users\stepa\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2026
Ran by stepa (05-05-2026 23:18:36)
Running from C:\Users\stepa\Desktop
Microsoft Windows 11 Home Version 25H2 26200.8328 (X64) (2025-02-01 19:09:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1915851472-2192339704-3292565872-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-1915851472-2192339704-3292565872-503 - Limited - Disabled)
gabri (S-1-5-21-1915851472-2192339704-3292565872-1002 - Limited - Disabled)
Guest (S-1-5-21-1915851472-2192339704-3292565872-501 - Limited - Disabled)
Mezen (S-1-5-21-1915851472-2192339704-3292565872-1003 - Limited - Disabled)
stepa (S-1-5-21-1915851472-2192339704-3292565872-1001 - Administrators - Enabled) => C:\Users\stepa
WDAGUtilityAccount (S-1-5-21-1915851472-2192339704-3292565872-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {A537353A-1D6A-F6B5-9153-CE1CF80FBE66}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 26.001.21367 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601149}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.)
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.121 - Advanced Micro Devices, Inc.) Hidden
AMD MicroPEP Driver (HKLM-x32\...\{C36029EB-19FF-4462-A283-03B41BE9EFA4}) (Version: 1.0.40.1 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.24.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 26.1.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{fa489a41-09bb-480e-95ff-0856f05112eb}) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) Hidden
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 26.3.18548.23092 - Gen Digital Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 26.3.10886.3573 - Gen Digital Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1631.4 - AVAST Software) Hidden
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blackmagic RAW Common Components (HKLM\...\{BF73F11D-8A70-438B-A357-38E1F1A62164}) (Version: 2.8 - Blackmagic Design)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1094 - AB Team, d.o.o.)
CCleaner 7 (HKLM\...\CCleaner 7) (Version: 7.7.1313.1667 - Piriform)
DaVinci Resolve (HKLM\...\{F3B6228C-4E5C-4ADB-BE3D-0B8684928424}) (Version: 18.1.10007 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{85AC7A9F-9630-42FD-AA1C-58329AB4B7D3}) (Version: 2.0.5.0 - Blackmagic Design)
DeepL (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\https%3a##appdownload.deepl.com#windows#0install#deepl.xml) (Version: 25.7.2 - DeepL SE)
Discord (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.696.0.6209 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{d1306d31-50fd-4dae-83af-d68f640fd261}) (Version: 13.696.0.6209 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 148.0.7778.96 - Google LLC)
IBM SPSS Statistics 26 (HKLM-x32\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.1.2- - Inkscape)
jamovi 2.2.5.0 (HKLM-x32\...\jamovi 2.2.5.0) (Version: 2.2.5.0 - The jamovi Project)
Kontrola stavu osobního počítače s Windows (HKLM\...\{4F81B8ED-D6B5-497F-AAEC-9DECD42CB03D}) (Version: 3.9.2402.14001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.20 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.03.59 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2601.21.0 - Lenovo Group Ltd.)
Malwarebytes version 5.5.5.253 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.5.5.253 - Malwarebytes)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.19929.20106 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 147.0.3912.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 147.0.3912.98 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\OneDriveSetup.exe) (Version: 26.070.0414.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Teams) (Version: 1.6.00.24915 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.26.08901 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19929.20106 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RODE Application Fonts (HKLM\...\{13191F69-0CDE-4C8A-9009-A62643686134}) (Version: 0.9.0.0 - RØDE Microphones)
RODE Connect (HKLM\...\{3664B3D5-E4BF-4340-804F-72150FA8131C}) (Version: 1.3.6 - RØDE Microphones)
RODEConnect Virtual Audio Driver (HKLM\...\{0F1C062D-0326-4300-9D91-382CF431FCD5}) (Version: 1.0.0 - RØDE Microphones)
RStudio (HKLM-x32\...\RStudio) (Version: 2021.09.0+351 - RStudio)
RyzenMasterSDK (HKLM\...\{27A4D549-98FC-4C60-904E-E6C47B47AA8C}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Samsung Portable SSD Software 1.0 (HKLM-x32\...\SamsungPortableSSD_1.0_is1) (Version: 1.7.4.3 - Samsung Electronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.51 - Ghisler Software GmbH)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.0.10593 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\ZoomUMX) (Version: 5.14.10 (17221) - Zoom Video Communications, Inc.)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-06-06] ()
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2026-04-08] ()
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2026-02-13] (Advanced Micro Devices Inc.)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2024-07-12] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-19] (Microsoft Corporation)
Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_11.43.256.0_x64__17mer8kcn3j54 [2026-03-21] (Mirametrix Inc.) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.7.18.0_x64__5grkq8ppsgwt4 [2025-05-17] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2511.10.0_x64__k1h2ywk1493x8 [2025-12-28] (LENOVO INC.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.43.0_x64__w1wdnht996qgy [2025-12-25] (LinkedIn) [Startup Task]
Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2026-05-04] ()
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2026-05-05] ()
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2250.1.0.0_x64__8xx8rvfyw5nnt [2025-03-11] (Meta)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-12-17] (Microsoft Corp.)
Microsoft.AIFabric.CBS.1.6 -> C:\WINDOWS\SystemApps\Microsoft.AIFabric.CBS.1.6_8wekyb3d8bbwe [2026-05-05] (Microsoft Corporation)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2026-05-04] ()
Movie Maker - FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.9.6.0_x64__bzg06mxvgh4fa [2026-03-13] (AI Photo Editor Lab)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2026-05-04] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.17.231.0_x64__dt26b99r8h8gj [2021-10-10] (Realtek Semiconductor Corp)
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2025-01-19] (Fortemedia)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0 [2026-04-24] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2615.101.0_x64__cv1g1gvanyjgm [2026-04-24] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.8 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.8_8000.806.2252.0_x64__8wekyb3d8bbwe [2026-03-19] (Microsoft Corp.)
Windows Package Manager Source (platform) -> C:\Program Files\WindowsApps\Microsoft.Winget.Platform.Source_2024.105.1947.899_neutral__8wekyb3d8bbwe [2024-03-27] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\stepa\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\stepa\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.26.08901\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2026-02-17] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2025-12-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-05-05] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers4: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2025-12-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2026-04-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [Avast Cleanup Premium] -> {13004120-FCAF-4232-A255-807EAD6E7D01} => C:\Program Files\Avast Software\Cleanup\tucontextmenu.dll [2025-12-15] (Gen Digital Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-05-05] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [MidisrvTransferComplete] => 1
HKLM\...\Drivers32: [midi1] => C:\WINDOWS\system32\wdmaud2.drv [143360 2026-05-01] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\wdmaud2.drv [95744 2026-05-01] (Microsoft Windows -> Microsoft Corporation)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\stepa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Štěvanra - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) =============
2025-05-14 14:45 - 2025-05-14 14:45 - 000035840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000044032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000033792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000564736 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000029696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qpdf.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000026624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000024064 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000540672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000890368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 001964544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qmodernwindowsstyle.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000299520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\Qt5Compat\GraphicalEffects\private\qtgraphicaleffectsprivateplugin.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000556032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\Qt5Compat\GraphicalEffects\qtgraphicaleffectsplugin.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000020480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtMultimedia\quickmultimediaplugin.dll
2025-05-14 14:45 - 2025-05-14 14:45 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\Basic\qtquickcontrols2basicstyleplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000018944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\Fusion\impl\qtquickcontrols2fusionstyleimplplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\Fusion\qtquickcontrols2fusionstyleplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000028160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\qtquickcontrols2plugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000018944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\Windows\impl\qtquickcontrols2windowsstyleimplplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000468992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Controls\Windows\qtquickcontrols2windowsstyleplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000018944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Dialogs\qtquickdialogsplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000018944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Effects\effectsplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000018944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000767488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\NativeStyle\qtquickcontrols2nativestyleplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Templates\qtquicktemplates2plugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtQuick\Window\quickwindowplugin.dll
2025-05-14 14:46 - 2025-05-14 14:46 - 000022016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\qml\QtWebEngine\qtwebenginequickplugin.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 006071296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Core.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 008933376 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Gui.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000972288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Multimedia.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000250368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6MultimediaQuick.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001725952 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Network.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001964544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6OpenGL.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 005337600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Pdf.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000500224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Positioning.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 005204992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Qml.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000137728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QmlMeta.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000721920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QmlModels.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000062976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QmlWorkerScript.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 006282752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Quick.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000084992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001313280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2Basic.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001131008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2Fusion.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000195584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2FusionStyleImpl.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000276480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2Impl.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000058368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickControls2WindowsStyleImpl.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickDialogs2.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001992704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickDialogs2QuickImpl.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickDialogs2Utils.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000389120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickEffects.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000192512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickLayouts.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 001864192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6QuickTemplates2.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 004028416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6ShaderTools.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000303616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Sql.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000513024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Svg.dll
2025-06-17 04:46 - 2025-06-17 04:46 - 154372608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6WebEngineCore.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000580096 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6WebEngineQuick.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000228352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6WebChannel.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000050176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6WebChannelQuick.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 006447616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Widgets.dll
2025-05-14 14:44 - 2025-05-14 14:44 - 000141824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt6Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\stepa\Desktop\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\stepa\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [282]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{75416E63-5912-4DFA-AE8F-3EFACCAFFB14} => ""="NvmeDisk"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{75416E63-5912-4DFA-AE8F-3EFACCAFFB14} => ""="NvmeDisk"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> DefaultScope {284E3018-91B6-4213-989F-8AF180E07044} URL =
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> {284E3018-91B6-4213-989F-8AF180E07044} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2026-01-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2026-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\sharepoint.com -> hxxps://fsvuk-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2025-02-12 01:18 - 2025-02-12 01:18 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 62.129.50.20 - 85.135.32.100
Windows Firewall is enabled.
Network Binding:
=============
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel(R) Wi-Fi 6 AX200 160MHz -> Netwtw10.sys
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\stepa\OneDrive\Pictures\background\rainbow_texture679.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\StartupApproved\StartupFolder: => "DeepL.lnk"
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\StartupApproved\StartupFolder: => "DeepL auto-start.lnk"
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{521AB269-55BB-4A39-A956-8F6359D22D28}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{378C7874-89AE-4C5F-8180-8D0398A7A065}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{414845BE-C30B-4E80-AECD-9FE5BF445163}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{F50FDD23-FD1D-4AC2-8D18-20687B26D8A2}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{843023C5-7CE7-42F1-A1DD-DA031E83A77E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16914F6F-9C0C-45F4-AA4E-8CA6E6E3413A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99717A7B-5B50-4519-BC22-A7802A869230}] => (Allow) C:\Users\stepa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4DAC5FF3-5D23-4BDD-8ABD-DE43F17EE517}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8522670A-572B-45B2-AD6E-E5880CD6490E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6AC4204-A446-4AF9-BC9A-8720DEA41F35}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{9D429E0D-5D8F-4527-92D3-A5AE1EE482BF}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Gen Digital Inc. -> Gen Digital Inc.)
FirewallRules: [{C8C4363F-E59C-4DCC-BB68-58558EFF786B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2A5191A0-2AF2-4AF1-982A-2A0DAB3DC749}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4F672B85-0E36-48D8-B05D-910954EBC9C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{65643EFB-AB0A-4460-807A-AA4C96AA3545}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{37EAB394-6071-4794-87A6-4EEB10700F5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{F707F5AE-5FCA-4DF4-A5EB-B2C435966C4B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2D96B337-9D2B-4D87-A20F-296E6718A554}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2473B47C-8CE8-4060-8467-C4F26D7E7340}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{34A1B26B-916D-40F6-B0E2-3B34119F00A6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9BD50D10-8F03-48F2-A3FE-DAD613BAD1C2}] => (Allow) C:\Users\stepa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AE9D95CE-574E-4916-AF88-A4E837EC9B7C}] => (Allow) C:\Users\stepa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{736FF52B-9B7D-41D1-880C-B3A6BCEB870B}] => (Allow) C:\Users\stepa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7ABC7093-FB2C-4F24-8CA0-232C2D11B41C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{4345FE25-71DA-49F3-A8F5-C58426CDBF75}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{403CB423-6789-4828-BB7B-DD65B9CA3CCA}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{6DFD9827-E1EC-4041-9E07-4B575C888527}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{F75880F5-76CD-4C1C-92FD-D210A6AD9635}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{A8F3D334-BD5F-4E5A-BECC-6A382A9BBE0D}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{AB3EAEC8-48C8-47CF-8E5D-0C93B51782B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed]
FirewallRules: [{697E4AEC-3CF2-4A81-B15D-71F115F35A58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed]
FirewallRules: [{61D7766B-3011-4D69-88EE-85C2FC300C1F}] => (Allow) C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe (Lenovo -> 联想软件)
FirewallRules: [{6FBA622D-98D4-4864-97B1-68BB7F453502}] => (Allow) C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe (Lenovo -> 联想软件)
FirewallRules: [TCP Query User{93E8F37E-8EE0-4279-883B-E1667BCEECC8}C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{66A2F6E6-3E6A-479F-92DE-50DBBDB86C46}C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{057B133F-9501-4BCE-89F9-AAA9FBE71EE8}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{E3219C35-F6AB-46BF-A70F-2F4E728DAEE7}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{0BCCF83A-8134-4F9C-8546-4BEEB57FD963}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{106B351E-48C7-4DC1-9398-C36349BE1840}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{829A84A3-8DC8-48AC-B9BD-9F8FD3F2912D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{CABD3C58-C3CF-4E80-B953-1BC9D983DB30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{B4F24B91-B7C7-458F-9842-A25E26C63F92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{C89EAD2A-91A2-46DC-A9D6-7DE73B6801E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [TCP Query User{375E4D18-0D80-4CDD-935B-3B2DF4A3D032}C:\program files (x86)\ibm\spss\statistics\26\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [UDP Query User{03EA7205-FCB7-49D3-AEF0-416D6DC26D9F}C:\program files (x86)\ibm\spss\statistics\26\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [TCP Query User{97AC19CF-CC57-441D-9C67-603A40689162}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{9E44F153-3525-4906-A25D-9BFA252DC22C}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{C48622DC-1C33-4E44-AED0-1FE6412D361E}C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5C7A0D39-1F83-43C8-B8DC-2BE972CA44C3}C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\stepa\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5BE4D6A-0FDC-416E-8D7F-7A243EBD5615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GovernorofPoker2_SE_Full\GovernorofPoker2_SE.exe (I Sioux B.V.) [File not signed]
FirewallRules: [{ADA9160A-C41C-4CDE-96D8-7DAB0F1A00C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GovernorofPoker2_SE_Full\GovernorofPoker2_SE.exe (I Sioux B.V.) [File not signed]
FirewallRules: [{98A415D8-8E55-4646-B619-83CA33238721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe (Illusion Softworks) [File not signed]
FirewallRules: [{75FE09B7-1053-4819-9673-BB4668F8520C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe (Illusion Softworks) [File not signed]
FirewallRules: [{D2AA82A0-6F85-4936-B60C-34EC425C58B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe () [File not signed]
FirewallRules: [{115EFB36-E481-4426-87BF-D13713863403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe () [File not signed]
FirewallRules: [TCP Query User{1267330A-E0CC-4737-97F7-A6B083D0E597}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{51675BC8-BE1B-4FBB-81B5-6CF5CC509396}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{52693EDF-FE61-405E-BBE0-17E6E3AF8F44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe => No File
FirewallRules: [{19D6CE0C-353E-431E-9E66-7E2A2F12643F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe => No File
FirewallRules: [{C6D52BD7-5F51-4DCF-8276-A5D7ED42D1B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe (11 BIT STUDIOS S A -> )
FirewallRules: [{3ADA70FA-7E8F-4EAD-BB83-AA3FB105A764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe (11 BIT STUDIOS S A -> )
FirewallRules: [{68830628-26D6-4E47-B772-1F2D70F596AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{CBC985B6-B808-491A-BB9E-DA151816B5D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{4167E051-AE32-4428-B002-3702345FB71F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{BF6FE5C1-ED62-43A5-B8E3-FAC981B7033F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{861C06DF-7B24-4CFE-8176-90C46D7D47F3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{6E9901DC-808E-466B-A821-934CCB1E6D73}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C3B31DC5-00BE-488D-9D50-561579464421}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{2C2C141C-6B83-4C73-9A91-C3635D9541E1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{AD90414A-2342-42E8-8CDE-7868CFA288B3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{676C7942-94B0-4FDD-9568-041EFF8A2A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{59E70BC9-E3F7-4D5B-9954-E82021F266FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{09378974-FC28-4BD8-A369-005F14B13746}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{92AC693D-5120-4F75-8579-8CA23931E241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{432A3B19-1293-49AB-B504-22B9C1165F98}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F3FDE6B2-5059-4C99-9C30-2DA73D19876F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{6857AD92-5A99-4456-95DF-80EA2DEF95C2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{E4D478BE-D6E0-4DCF-8D1D-00C824C7C47D}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{B52E99B5-603B-454B-BC40-2B4156830AE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{A34868E0-09D4-4FD7-AE5D-01517F7B154C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{7B515266-56B8-4872-8D2B-47D840B7FBB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{448D15A6-38BB-4CB9-B996-4601ABB070D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{38A7B797-3AD0-44B2-A176-6605C8AD54B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{D631962B-B281-4B92-9D35-BBF2CE58D78B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [{630D5B47-ACBC-497C-A8A5-0B5AE9592C4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{097CCDC1-174B-4E08-959C-28DBEDA87CC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [TCP Query User{3B7BCA7D-18B3-4C1B-A29F-281F8BCCAD34}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [UDP Query User{E65D65E6-42DB-4926-9B98-93F972E9BFAE}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{E24F2973-7E82-421C-A55E-5295369FA35F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe () [File not signed]
FirewallRules: [{20DB5DCF-E07E-4ABE-AA69-3926DD65AF5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe () [File not signed]
FirewallRules: [{56CCB8A0-8DCF-4A54-840E-4F99369FD90D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe (Jordan Freeman Group, LLC. -> )
FirewallRules: [{659E847A-A061-425E-81DE-661B3739CC82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe (Jordan Freeman Group, LLC. -> )
FirewallRules: [TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [{A4988B91-C8CD-4111-ADAE-A71CF741C199}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A0888F16-E140-4A79-8BE5-ECE4B8ABCEB0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8D360A20-E32F-40F3-87D5-2C1C2110FE50}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E0979511-9358-466C-8181-467A6944AB46}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{860433C8-4268-4CE0-9DE1-24488D4147C7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{103D63BB-5C8E-4DA7-8623-8A9B315E074B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3577CE5F-8A40-4BF9-AD78-3F490CD58E8A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{53BED389-1E87-4126-B1A2-2BB4C70E8CF9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{15C20445-6D2B-4ECE-987B-D8EFAF2CDFA5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B5AAB62C-643F-4245-902B-4DC88BD5127E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{448BCCDF-D792-4953-9C41-27DD20A4E2E5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{470DC871-8AD1-48DD-8571-D671E7F3EBB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VLAK\VLAK.exe () [File not signed]
FirewallRules: [{984AB9BA-9329-40F3-B13F-7C6C54F29B11}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VLAK\VLAK.exe () [File not signed]
FirewallRules: [{2B173EF5-1B07-4099-A697-219EEF1E3A28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8BABC82-BCE4-44FF-B4C8-D9C1AB938893}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AF4736EE-B7D7-4EF6-9F51-9019A0C5E5E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3382447-5251-4E4D-86F1-86461238DE59}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{753ECC0F-EE73-4CD5-9D66-F5B9C2BCE2CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{614B611B-2024-46B9-9E8C-B7146FCA3C58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerfight\Hammerfight.exe () [File not signed]
FirewallRules: [{9DFC6AD8-C90F-4B1E-8090-C6D71B800FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerfight\Hammerfight.exe () [File not signed]
FirewallRules: [{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
FirewallRules: [{F326AB2A-1B4C-4518-A530-38249CEEB0F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{4326EFC8-ADBB-4089-BF50-5F6875B4559F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{3B2C7D36-7E1C-4268-9246-B8CE40A62996}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{C8196895-C2A4-4A13-934B-E3CF32578362}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{FC7C7F89-DAAF-43F5-96F7-405B4D36A985}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{B136AE6E-1F85-4CF5-990D-FC7DC7E26DAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{3892E719-E7E8-4E6C-BAC1-12D19377FAEC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{E1832A6D-BDA8-44E3-810C-35D2F0248ECB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4EF6988C-D808-49F1-96EE-A22DA214CBF4}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{4B71751B-6336-4C96-A8AC-F1649252D18D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{4FA6FABA-E0E9-49BE-A98C-000CEF3B296C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F06B182C-69A4-4337-91FF-B1F76D76486D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{320BB5E9-29F5-4EF5-92B4-CF9A589CEB5A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C698F5E3-B690-49A8-8A1C-2D13BB586090}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{90C59200-1468-43EF-AE8B-39D10AD3CA4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4D5C85E7-6BF5-4437-868A-46C5380C5CB9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{43C61E68-1119-45C2-A3CA-AACD13EB6ABD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C63D3DC9-F4D1-4F16-96B4-CDD75877848A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{65005884-5A42-4A75-88E4-A330A8E29879}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9C47BD88-5776-4B7A-8BC0-5379E412CD5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F5423AAA-4398-42A4-902A-985C6A8FBBC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F7284F60-16C7-47ED-AFC5-9C178296C273}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{888AD41D-A7DD-4773-A6DA-BC2FC67725D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.288.483.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{111B1453-224D-42C5-A134-981EF8816AE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{67AE563F-2B00-4146-BC13-A4856A420AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [EdgeWebView2-MDNS-In-UDP] => (Allow) C:\WINDOWS\system32\Microsoft-Edge-WebView\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D0451500-FF34-45F9-A410-AA244D6BFC42}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
01-05-2026 22:28:37 Windows Update
04-05-2026 23:35:57 Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/05/2026 11:16:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 19804. ID zprávy: [0x2509].
Error: (05/05/2026 11:16:28 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 2420. ID zprávy: [0x2509].
Error: (05/05/2026 11:11:54 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 21128. ID zprávy: [0x2509].
Error: (05/05/2026 11:11:52 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 18724. ID zprávy: [0x2509].
Error: (05/05/2026 11:06:02 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 15320. ID zprávy: [0x2509].
Error: (05/05/2026 11:06:00 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 4196. ID zprávy: [0x2509].
Error: (05/05/2026 11:01:02 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 16828. ID zprávy: [0x2509].
Error: (05/05/2026 10:41:14 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 3380. ID zprávy: [0x2509].
System errors:
=============
Error: (05/05/2026 11:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/05/2026 11:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Interface Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast Cleanup service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Universal Device Client Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EABackgroundService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/05/2026 11:05:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Realtek Audio Universal Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
CodeIntegrity:
===============
Date: 2026-05-05 23:19:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO G5CN70WW(V2.16) 03/26/2024
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 7 5700U with Radeon Graphics
Percentage of memory in use: 54%
Total physical RAM: 15706.06 MB
Available physical RAM: 7218.42 MB
Total Virtual: 25434.06 MB
Available Virtual: 14913.08 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:27.71 GB) (Model: WDC PC SN530 SDBPMPZ-512G-1101) (Protected) NTFS
\\?\Volume{9e6b0568-7b8a-49ac-9a30-4b40ae471739}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.19 GB) NTFS
\\?\Volume{ca95f999-bea6-46fc-8c11-b2f477cb7ad0}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: D29A838C)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - onedriverpatcher.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119894
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu - onedriverpatcher.exe
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.063.0405.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.063.0405.0002" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.070.0414.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {FDD3F547-4554-43A2-B3C7-EA439AFE3443} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {4F3F0437-0002-448A-AD29-D3B508E6DC36} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {876CFDB8-96A5-41EA-9F2A-9391F83F7587} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {47DF7232-0796-48F6-A5B1-682312353352} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\DumpStack.log.tmp
AlternateDataStreams: C:\Users\stepa\Desktop\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\stepa\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [282]
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> DefaultScope {284E3018-91B6-4213-989F-8AF180E07044} URL =
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> {284E3018-91B6-4213-989F-8AF180E07044} URL =
FirewallRules: [{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4F672B85-0E36-48D8-B05D-910954EBC9C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7B515266-56B8-4872-8D2B-47D840B7FBB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{448D15A6-38BB-4CB9-B996-4601ABB070D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{38A7B797-3AD0-44B2-A176-6605C8AD54B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{D631962B-B281-4B92-9D35-BBF2CE58D78B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu - onedriverpatcher.exe
Díky, zde fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2026
Ran by stepa (06-05-2026 13:32:14) Run:3
Running from C:\Users\stepa\Desktop
Loaded Profiles: stepa
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.063.0405.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.063.0405.0002" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.070.0414.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {FDD3F547-4554-43A2-B3C7-EA439AFE3443} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {4F3F0437-0002-448A-AD29-D3B508E6DC36} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {876CFDB8-96A5-41EA-9F2A-9391F83F7587} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {47DF7232-0796-48F6-A5B1-682312353352} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\DumpStack.log.tmp
AlternateDataStreams: C:\Users\stepa\Desktop\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\stepa\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [282]
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> DefaultScope {284E3018-91B6-4213-989F-8AF180E07044} URL =
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> {284E3018-91B6-4213-989F-8AF180E07044} URL =
FirewallRules: [{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4F672B85-0E36-48D8-B05D-910954EBC9C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7B515266-56B8-4872-8D2B-47D840B7FBB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{448D15A6-38BB-4CB9-B996-4601ABB070D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{38A7B797-3AD0-44B2-A176-6605C8AD54B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{D631962B-B281-4B92-9D35-BBF2CE58D78B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AMDNoiseSuppression" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 26.063.0405.0002" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 26.070.0414.0001" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDD3F547-4554-43A2-B3C7-EA439AFE3443}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD3F547-4554-43A2-B3C7-EA439AFE3443}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F3F0437-0002-448A-AD29-D3B508E6DC36}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F3F0437-0002-448A-AD29-D3B508E6DC36}" => removed successfully
C:\WINDOWS\System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{876CFDB8-96A5-41EA-9F2A-9391F83F7587}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{876CFDB8-96A5-41EA-9F2A-9391F83F7587}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47DF7232-0796-48F6-A5B1-682312353352}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47DF7232-0796-48F6-A5B1-682312353352}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\EAAntiCheat => removed successfully
EAAntiCheat => service removed successfully
Could not move "C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\Users\stepa\Desktop\FRST64.exe" => ":MBAM.Zone.Identifier" ADS not found.
"C:\Users\stepa\Downloads\adwcleaner.exe" => ":MBAM.Zone.Identifier" ADS not found.
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{284E3018-91B6-4213-989F-8AF180E07044} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F672B85-0E36-48D8-B05D-910954EBC9C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B515266-56B8-4872-8D2B-47D840B7FBB4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448D15A6-38BB-4CB9-B996-4601ABB070D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38A7B797-3AD0-44B2-A176-6605C8AD54B4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D631962B-B281-4B92-9D35-BBF2CE58D78B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76947034 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 516743972 B
Windows/system/drivers => 519899422 B
Edge => 59946197 B
Chrome => 1282876552 B
Firefox => 0 B
Opera => 0 B
Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1258 B
systemprofile32 => 0 B
LocalService => 335716 B
NetworkService => 0 B
stepa => 458263879 B
RecycleBin => 369536447 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-05-2026 13:40:06)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move
C:\DumpStack.log.tmp => Could not move
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
==== End of Fixlog 13:40:06 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2026
Ran by stepa (06-05-2026 13:32:14) Run:3
Running from C:\Users\stepa\Desktop
Loaded Profiles: stepa
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.063.0405.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.063.0405.0002" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\...\RunOnce: [Uninstall 26.070.0414.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stepa\AppData\Local\Microsoft\OneDrive\26.070.0414.0001" [0 2026-05-05] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {FDD3F547-4554-43A2-B3C7-EA439AFE3443} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {4F3F0437-0002-448A-AD29-D3B508E6DC36} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {876CFDB8-96A5-41EA-9F2A-9391F83F7587} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {47DF7232-0796-48F6-A5B1-682312353352} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\DumpStack.log.tmp
AlternateDataStreams: C:\Users\stepa\Desktop\FRST64.exe:MBAM.Zone.Identifier [450]
AlternateDataStreams: C:\Users\stepa\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [282]
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> DefaultScope {284E3018-91B6-4213-989F-8AF180E07044} URL =
SearchScopes: HKU\S-1-5-21-1915851472-2192339704-3292565872-1001 -> {284E3018-91B6-4213-989F-8AF180E07044} URL =
FirewallRules: [{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4F672B85-0E36-48D8-B05D-910954EBC9C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7B515266-56B8-4872-8D2B-47D840B7FBB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{448D15A6-38BB-4CB9-B996-4601ABB070D0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Game.exe => No File
FirewallRules: [{38A7B797-3AD0-44B2-A176-6605C8AD54B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{D631962B-B281-4B92-9D35-BBF2CE58D78B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed 1\AssassinsCreed_Dx10.exe => No File
FirewallRules: [TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe => No File
FirewallRules: [TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AMDNoiseSuppression" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 26.063.0405.0002" => removed successfully
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 26.070.0414.0001" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDD3F547-4554-43A2-B3C7-EA439AFE3443}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD3F547-4554-43A2-B3C7-EA439AFE3443}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F3F0437-0002-448A-AD29-D3B508E6DC36}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F3F0437-0002-448A-AD29-D3B508E6DC36}" => removed successfully
C:\WINDOWS\System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta\Messenger-WSP-Helper-S-1-5-21-1915851472-2192339704-3292565872-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{876CFDB8-96A5-41EA-9F2A-9391F83F7587}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{876CFDB8-96A5-41EA-9F2A-9391F83F7587}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA7E9E9-A0C0-4F36-A8CA-24673A05DE4B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47DF7232-0796-48F6-A5B1-682312353352}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47DF7232-0796-48F6-A5B1-682312353352}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\EAAntiCheat => removed successfully
EAAntiCheat => service removed successfully
Could not move "C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\Users\stepa\Desktop\FRST64.exe" => ":MBAM.Zone.Identifier" ADS not found.
"C:\Users\stepa\Downloads\adwcleaner.exe" => ":MBAM.Zone.Identifier" ADS not found.
"HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1915851472-2192339704-3292565872-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{284E3018-91B6-4213-989F-8AF180E07044} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB7AB787-A398-4CFE-BF5F-E1B6745CD56F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F672B85-0E36-48D8-B05D-910954EBC9C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B515266-56B8-4872-8D2B-47D840B7FBB4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{448D15A6-38BB-4CB9-B996-4601ABB070D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38A7B797-3AD0-44B2-A176-6605C8AD54B4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBFE72E9-B8EC-4661-A648-58CFB68C8E7B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D631962B-B281-4B92-9D35-BBF2CE58D78B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C0E5F35-66DF-43B2-BE36-C24802C9D4AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD08FA69-0B4F-4385-864E-BFC3A37ECFC0}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{252DB1F6-78E7-4282-A2B7-6CF69BC0F499}C:\program files (x86)\steam\steamapps\common\it takes two\nuts\binaries\win64\ittakestwo_trial.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EBFDD751-2DF9-49EE-9483-E474C4308F26}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AB8A8B94-DB3C-4DA0-BA9F-5E9809902E48}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12B7F7B9-A21C-4E98-A7E5-09C9661560B4}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76947034 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 516743972 B
Windows/system/drivers => 519899422 B
Edge => 59946197 B
Chrome => 1282876552 B
Firefox => 0 B
Opera => 0 B
Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1258 B
systemprofile32 => 0 B
LocalService => 335716 B
NetworkService => 0 B
stepa => 458263879 B
RecycleBin => 369536447 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-05-2026 13:40:06)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move
C:\DumpStack.log.tmp => Could not move
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
==== End of Fixlog 13:40:06 ====
Přispějete na provoz fóra?