Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosba o prohlídku

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
shrek.r
Návštěvník
Návštěvník
Příspěvky: 71
Registrován: 19 čer 2013 14:51

prosba o prohlídku

#1 Příspěvek od shrek.r »

Zdravím, chci poprosit o kontrolu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2025
Ran by sobec (administrator) on LAPTOP-BL5J37S2 (LENOVO 82JU) (21-11-2025 11:19:58)
Running from C:\Users\sobec\Downloads\FRST64.exe
Loaded Profiles: sobec
Platform: Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(A-Volute SAS -> A-Volute) C:\Users\sobec\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe ->) (InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Sticky Password\stpass.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe ->) (Synology Inc. -> Synology Inc.) C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe
(C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe ->) (Synology Inc. -> Synology Inc.) C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\AppProvisioningPlugin.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0369673.inf_amd64_58833994acffc9ae\B369681\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0369673.inf_amd64_58833994acffc9ae\B369681\atieclxx.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Synology Inc. -> Synology Inc.) C:\Program Files\Synology\Synology Image Assistant\Synology Image Assistant.exe <3>
(InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.206.1021.0003\OneDrive.Sync.Service.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0369673.inf_amd64_58833994acffc9ae\B369681\atiesrxx.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_f08209179a3354de\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bbb0597391852f64\RtkAudUService64.exe <2>
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files\Synology\SynologyDrive\bin\vss-service-x64.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.7.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2511.1001.12.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.6465_none_7e0fb53c7c8be091\TiWorker.exe
(Synology Inc. -> Synology Inc.) C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bbb0597391852f64\RtkAudUService64.exe [3495904 2022-05-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [729088 2004-06-22] (Corel Corporation) [File not signed]
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [72712 2025-07-10] (Lamantine Software a.s. -> Lamantine Software a.s.)
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [Synology Image Assistant] => C:\Program Files\Synology\Synology Image Assistant\Synology Image Assistant.exe [176705752 2025-01-13] (Synology Inc. -> Synology Inc.)
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [50714064 2025-11-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [41613784 2025-11-17] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Run: [MicrosoftEdgeAutoLaunch_1B811BAD1AFF8D755ECA03B92FCCFC0F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4254288 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\sobec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2025-11-20]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\sobec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2025-11-18]
ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {B611FB8F-D8B3-472E-B4AA-BE93A2316359} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1581568 2025-08-24] (Adobe Inc. -> Adobe Inc.)
Task: {7F2FF403-74F7-43ED-BF47-5650D33ABA8F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {65F73512-3323-481E-A0DC-0013D104F5EF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {7D5EFEDB-6464-4335-8ECD-C95DD97E6F0F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B9D73F5B-9E68-4C94-B992-48605FDD0E97} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7a255875-c28a-438e-bddc-1188a21e2680 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {BFA0ED88-B295-4F04-97EF-BC5F3E013FF2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ca5d7d6b-4bf3-48b5-b57d-fd44cfa1f2d9 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {80F559BC-0449-4BEE-802B-A7E9F7C3422C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\df053ae2-3150-45bc-8406-2aeaf162f27c => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {C4CE09A6-D69B-4E2B-8E3C-27FFDD48D879} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {3C220919-AB4F-40A9-94D2-1066100B3D52} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [91024 2025-08-18] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {446C3B40-0235-4232-B647-2114D53ABC5E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221
Task: {5E52113B-4F22-47C8-A8F1-9430772D5A47} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {D6BD8FA0-DFDE-4055-B46E-6F274F99BAA6} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [243088 2025-08-18] (Lenovo -> Lenovo Group Ltd.)
Task: {AFE3E591-E96E-4578-9482-55387162BD55} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {5978E814-0D39-439B-8A80-6789DE51A079} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {339F3F29-ADB1-4613-B7B9-93F93CFF208A} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {970E30BC-38C5-4E0E-8CD2-6E194F94A23B} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {141B4108-026E-445E-8F0C-069AD8C48C8E} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin_Pulsation => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {162BB29D-895B-4D37-A1BA-EFBABE53B5EC} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {F6CDCF99-010D-4CC2-A4D2-4EE4256F7D2D} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {15FD341A-85AB-4A73-AE07-A8E153DA61DB} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {221F47CD-710E-439B-AE33-5C3C53389232} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {430DFA4F-2409-4885-81B3-726D1CC23D4A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSupportHealthReportSchedule => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {31972F00-0B51-443C-A142-07F62F896E35} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {3D7CC7D7-2D6F-4180-B6DE-D076BB67F981} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {E369B79E-6809-4E2D-BDDF-A2DF90A77C72} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {19C79F65-12F3-4BEB-8E32-505997DCA421} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {197ACB30-49C0-496D-A981-EA3DE38EB98E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {2D2C59E4-3B45-4761-9DD9-AB0CF82C5F6B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.215\x64\IdleScheduleEventAction.exe (No File)
Task: {14C2CFAE-2807-4408-A333-020D4C6DAE0A} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\ScheduleEventAction.exe [276016 2025-09-17] (Lenovo -> Lenovo)
Task: {C4D7AE82-9378-4DC9-A76C-275BD162F66A} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {0C96F752-0E44-419B-AA28-C047858DD5D0} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {EF0222BB-3F95-4BDB-BB7E-8DCE2DE89E88} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16961872 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {62CADD30-6413-442D-B9B4-A02E67DFEFCF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29178800 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {01FEB935-C01B-44E7-BA10-0476FF10BA04} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [70464 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {17609184-F833-4B95-8816-B2E14B9C9CE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29178800 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {64D5212E-EA83-4A68-BFA9-96F7B8F3E95C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [316680 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BEFBFD2-34BE-40AE-8B4A-F9D4506780CF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [316680 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {2992F330-F04B-430E-A6FB-632B748D962D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1365280 2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD5371EC-A2F7-4480-9F7B-F0751C627630} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2FB4D205-80DD-427F-A24B-CC1ABF89BD16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14A7BD99-80AC-4111-A227-B0AB25E5D64E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1746BB7F-721A-4571-869B-5A43C8079C1B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1EB211B1-2B66-46D1-BA7A-3F5D9BC5C676} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-11-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {0852371A-37D1-4F2C-A995-2CF1AFFDA2BB} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [823304 2020-12-10] (A-Volute SAS -> Nahimic)
Task: {7A69E5AA-4ABB-4A6B-8C34-5B2BF57D65F6} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1067016 2020-12-10] (A-Volute SAS -> Nahimic)
Task: {885439D1-8DE0-42D7-8C77-FD9CA2F3A110} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [823304 0] (A-Volute SAS -> Nahimic)
Task: {3720B6AD-92EF-46FC-A97A-99FB280351E9} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1067016 0] (A-Volute SAS -> Nahimic)
Task: {3E42BB78-74F5-4C66-9D10-B38E19E22BBB} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {0120B837-8BAC-40ED-997D-1ABFB3B3D38C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {67101EF1-2197-4C71-9E3A-1F946D001F62} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {87B655DD-9342-407C-BAD3-42996E6711B1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A18753B-2506-4C63-9D5A-FE07E097E1FA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {ABC36AC7-DBC0-4860-A13E-5328D2E90A0B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0271CBF-C112-4AEF-8526-F81C690B9D3F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C595CF0-0C8E-48F7-83F1-831797458343} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35D4240A-1BBF-46B4-A9A8-4205D15160ED} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {451B697A-BCBE-4544-B807-EF4FF8527E8B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B7A535A3-3F0C-4CA4-B24B-AA82C070FF89} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {645CECDE-60B9-45AD-A3C5-10C6268A6915} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4395920 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F480C952-24B5-416D-9448-4C9EC9030109} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1637531825-2475991144-1358310430-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4395920 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {309B1396-D7A4-4238-857E-F8A2F70125F9} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1637531825-2475991144-1358310430-1001 => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\OneDriveLauncher.exe [727440 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{65d58c1b-6942-4c07-9b8f-a483172825ee}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ce39789b-0c00-48ef-a793-70cb06ddd292}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ce39789b-0c00-48ef-a793-70cb06ddd292}\3405340294E4455425E45445: [DhcpNameServer] 172.17.200.25 172.17.200.26
Tcpip\..\Interfaces\{ce39789b-0c00-48ef-a793-70cb06ddd292}\3405340294E4455425E45445: [DhcpDomain] domain.ringier.cz
Tcpip\..\Interfaces\{ce39789b-0c00-48ef-a793-70cb06ddd292}\340534641424259434: [DhcpNameServer] 172.17.200.25 172.17.200.26

Edge:
=======
Edge Profile: C:\Users\sobec\AppData\Local\Microsoft\Edge\User Data\Default [2025-11-21]
Edge Extension: (Dokumenty Google offline) - C:\Users\sobec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-11-05]
Edge Extension: (Edge relevant text changes) - C:\Users\sobec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: 64so47io.default
FF ProfilePath: C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\64so47io.default [2021-09-30]
FF ProfilePath: C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release [2025-11-21]
FF Homepage: Mozilla\Firefox\Profiles\sewhdefm.default-release -> hxxps://www.seznam.cz/|hxxps://mail.google.com/mail/u/0/#inbox|
FF Extension: (Tipli do prohlížeče) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\@tipli-do-prohlizece-.xpi [2025-05-23]
FF Extension: (Privacy Badger) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-10-16]
FF Extension: (URL to QR code) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\jid1-ZSMfwe4lCAw9oQ@jetpack.xpi [2025-06-03]
FF Extension: (Simple Translate) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\simple-translate@sienori.xpi [2025-04-01]
FF Extension: (uBlock Origin) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-11-12]
FF Extension: (Sticky Password - správce hesel) - C:\Users\sobec\AppData\Roaming\Mozilla\Firefox\Profiles\sewhdefm.default-release\Extensions\{ecb80162-dfbd-4d91-a8da-17b35ba4707a}.xpi [2025-11-07]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-11-17] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174584 2025-08-24] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2022-01-27] (BattlEye Innovations e.K. -> )
S2 BITS_bkp; C:\Windows\System32\qmgr.dll [1481728 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13366624 2025-11-11] (Microsoft Corporation -> Microsoft Corporation)
S2 dosvc_bkp; C:\Windows\system32\dosvc.dll [1534976 2025-07-09] (Microsoft Windows -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [19106912 2025-06-26] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-11-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3344336 2025-11-13] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [1604112 2025-04-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncHelper.exe [3606376 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2350048 2023-12-19] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-09-09] (GOG sp. z o.o -> GOG.com)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141680 2025-10-20] (Microsoft Corporation -> Microsoft Corporation)
S2 GoogleUpdateTaskMachineQC; C:\ProgramData\Google\Chrome\updater.exe [14991282 2025-11-21] (TechViral) [File not signed] <==== ATTENTION
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe [182272 2025-02-20] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.96.0\LenovoVantageService.exe [34864 2025-09-17] (Lenovo -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11146712 2025-11-14] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpDefenderCoreService.exe [2026184 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1633288 2020-12-10] (A-Volute SAS -> Nahimic)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.206.1021.0003\OneDriveUpdaterService.exe [3890536 2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2021-09-30] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2021-09-30] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [8264680 2025-05-17] (Rockstar Games, Inc. -> Rockstar Games)
R2 Synology Active Backup for Business Service; C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\Synology Active Backup for Business Service.exe [3091640 2025-05-23] (Synology Inc. -> )
R2 Synology Drive VSS Service x64; C:\Program Files\Synology\SynologyDrive\bin\vss-service-x64.exe [356560 2025-02-14] (Synology Inc. -> )
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72592 2025-08-18] (Lenovo -> Lenovo Group Ltd.)
S2 UsoSvc_bkp; C:\Windows\system32\usosvc.dll [583168 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807352 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WaaSMedicSvc_bkp; C:\Windows\System32\WaaSMedicSvc.dll [434176 2025-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\NisSrv.exe [4414480 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MsMpEng.exe [282440 2025-11-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv_bkp; C:\Windows\system32\wuaueng.dll [3441152 2025-07-09] (Microsoft Windows -> Microsoft Corporation)
S3 HnGEpicService; "C:\Program Files\Epic Games\HeroesGeneralsWWII\hngservice.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_f08209179a3354de\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_f08209179a3354de\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [84864 2024-11-04] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
R3 FBNetFilter; C:\Windows\System32\drivers\FBNetFlt.sys [60784 2023-12-06] (Lenovo -> Lenovo)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [333192 2025-11-17] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234088 2025-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [245336 2025-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [85144 2021-09-13] (A-Volute SAS -> Windows (R) Win 7 DDK provider)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71720 2021-06-22] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [233984 2022-12-05] (Nvidia Corporation -> NVIDIA Corporation)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254664 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [265536 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1064064 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [831616 2021-11-23] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20904 2025-11-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [629168 2025-11-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [102792 2025-11-17] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\AMD64\DISM\wimmount.sys [75184 2024-11-16] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-11-21 11:19 - 2025-11-21 11:20 - 000040405 _____ C:\Users\sobec\Downloads\FRST.txt
2025-11-21 11:19 - 2025-11-21 11:20 - 000000000 ____D C:\FRST
2025-11-21 11:18 - 2025-11-21 11:18 - 002444288 _____ (Farbar) C:\Users\sobec\Downloads\FRST64.exe
2025-11-21 11:09 - 2025-11-21 11:09 - 002444288 _____ (Farbar) C:\Users\sobec\Downloads\FRST64.vATlGS0L.exe.part
2025-11-21 11:09 - 2025-11-21 11:09 - 000000000 _____ C:\Users\sobec\OneDrive\Plocha\FRST64.exe
2025-11-21 01:33 - 2025-11-21 01:33 - 000798607 _____ C:\Users\sobec\Downloads\112025_bulletin.pdf
2025-11-20 13:02 - 2025-11-20 13:02 - 000049785 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-19 at 19.09.57.jpeg
2025-11-20 13:02 - 2025-11-20 13:02 - 000022093 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-19 at 19.09.58.jpeg
2025-11-20 11:10 - 2025-11-20 11:10 - 000473143 _____ C:\Users\sobec\Downloads\nelenime_zelenime_Chotovice_na_farme_zapich_20251118.pdf
2025-11-19 23:04 - 2025-11-20 00:00 - 000060743 _____ C:\Users\sobec\OneDrive\Dokumenty\AutoSave_5890.lbrn2
2025-11-17 09:59 - 2025-11-17 09:59 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-11-17 09:59 - 2025-11-17 09:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-11-16 20:46 - 2025-11-16 20:47 - 000010083 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-16 at 20.38.12.jpeg
2025-11-16 20:46 - 2025-11-16 20:46 - 000093455 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-16 at 20.37.37.jpeg
2025-11-16 20:24 - 2025-11-16 20:24 - 000334114 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-16 at 20.24.03.jpeg
2025-11-15 23:57 - 2025-11-15 23:57 - 013609944 _____ C:\Users\sobec\Downloads\(Windows)LaserTool-V2.1.5-setup.exe
2025-11-15 23:53 - 2025-11-15 23:53 - 000000000 ____D C:\ProgramData\Google
2025-11-15 23:38 - 2025-11-15 23:38 - 000000000 ____D C:\Users\sobec\Downloads\Firmware-RAY5-FW 20W
2025-11-15 16:15 - 2025-11-15 16:15 - 000011231 _____ C:\Users\sobec\Downloads\f3f9b782eb67d5aacd549e4e0fb7b149.svg
2025-11-15 15:50 - 2025-11-15 15:50 - 000034426 _____ C:\Users\sobec\Downloads\zapich.DXF
2025-11-14 20:48 - 2025-11-14 20:48 - 000075273 _____ C:\Users\sobec\Downloads\Part Studio 3 - Part 1.dxf
2025-11-14 16:42 - 2025-11-14 16:42 - 000136707 _____ C:\Users\sobec\Downloads\Hradil diáře kalendáře.pdf
2025-11-12 22:23 - 2025-11-12 22:23 - 000075022 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 11.25.12.jpeg
2025-11-12 18:16 - 2025-11-12 18:16 - 000210182 _____ C:\Users\sobec\Downloads\gravvv.pdf
2025-11-12 17:59 - 2025-11-12 17:59 - 000088465 _____ C:\Users\sobec\Downloads\toník.pdf
2025-11-12 17:59 - 2025-11-12 17:59 - 000051316 _____ C:\Users\sobec\Downloads\kristian.pdf
2025-11-11 19:35 - 2025-11-11 19:35 - 000254665 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 19.35.02.jpeg
2025-11-11 18:22 - 2025-11-11 18:22 - 000539672 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 18.22.03.jpeg
2025-11-11 14:06 - 2025-11-11 14:06 - 000030802 _____ C:\Users\sobec\Downloads\donau-samolepici-blocek-76-76-mm-400-listu-mix-neon-barev_115305.webp
2025-11-11 13:03 - 2025-11-11 13:03 - 000240911 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 13.02.10(3).jpeg
2025-11-11 13:02 - 2025-11-11 13:04 - 000297987 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 13.02.10(2).jpeg
2025-11-11 13:02 - 2025-11-11 13:03 - 000167760 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 13.02.10.jpeg
2025-11-11 13:02 - 2025-11-11 13:02 - 000126398 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-11 at 13.02.10(1).jpeg
2025-11-11 12:35 - 2025-11-11 12:35 - 001401596 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(10).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001405777 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(3).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001375847 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(2).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001347336 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(1).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001345548 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04.jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001323869 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(9).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001299539 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(7).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001222928 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(5).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001181502 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(6).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001139906 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(4).jpeg
2025-11-11 12:34 - 2025-11-11 12:34 - 001125654 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-10 at 20.39.04(8).jpeg
2025-11-11 11:19 - 2025-11-11 11:19 - 024552117 _____ C:\Users\sobec\Downloads\Quick Install Limit Switch Instructions1.1.pdf
2025-11-10 20:48 - 2025-11-10 20:49 - 000129992 _____ C:\Windows\unins000.dat
2025-11-10 20:48 - 2025-11-10 20:49 - 000024097 _____ C:\Windows\unins000.msg
2025-11-10 20:48 - 2025-11-10 20:48 - 003057504 _____ (Lenovo ) C:\Windows\unins000.exe
2025-11-09 21:42 - 2025-11-09 21:42 - 000974033 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.57.jpeg
2025-11-09 21:41 - 2025-11-09 21:41 - 001304418 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.56.jpeg
2025-11-09 21:41 - 2025-11-09 21:41 - 001183767 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.54(1).jpeg
2025-11-09 21:41 - 2025-11-09 21:41 - 001160694 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.55.jpeg
2025-11-09 21:41 - 2025-11-09 21:41 - 001152466 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.54.jpeg
2025-11-09 21:41 - 2025-11-09 21:41 - 000749396 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-09 at 21.37.53.jpeg
2025-11-08 02:01 - 2025-11-08 02:01 - 001825255 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.40(1).jpeg
2025-11-08 02:01 - 2025-11-08 02:01 - 001711860 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.40.jpeg
2025-11-08 02:01 - 2025-11-08 02:01 - 001596878 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.39.jpeg
2025-11-08 01:48 - 2025-11-08 01:48 - 001594792 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.14(3).jpeg
2025-11-08 01:48 - 2025-11-08 01:48 - 001585166 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.14.jpeg
2025-11-08 01:48 - 2025-11-08 01:48 - 001565926 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.14(1).jpeg
2025-11-08 01:48 - 2025-11-08 01:48 - 001495867 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.14(2).jpeg
2025-11-08 01:48 - 2025-11-08 01:48 - 001356366 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.14(4).jpeg
2025-11-08 01:32 - 2025-11-08 01:33 - 001967336 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.12(3).jpeg
2025-11-08 01:32 - 2025-11-08 01:33 - 001822778 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.12(2).jpeg
2025-11-08 01:31 - 2025-11-08 01:33 - 001978813 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.12(1).jpeg
2025-11-08 01:31 - 2025-11-08 01:33 - 001676246 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.12.jpeg
2025-11-08 01:07 - 2025-11-08 01:15 - 002382017 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.13(3).jpeg
2025-11-08 01:07 - 2025-11-08 01:15 - 001994064 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.13(2).jpeg
2025-11-08 01:07 - 2025-11-08 01:14 - 001778791 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.13(1).jpeg
2025-11-08 01:07 - 2025-11-08 01:07 - 001642742 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.13.jpeg
2025-11-08 01:07 - 2025-11-08 01:07 - 001255906 _____ C:\Users\sobec\Downloads\WhatsApp Image 2025-11-07 at 21.09.13(4).jpeg
2025-11-07 19:14 - 2025-11-07 19:14 - 000084073 _____ C:\Users\sobec\Downloads\tip podtacek.avif
2025-11-07 13:46 - 2025-11-07 13:46 - 000743911 _____ C:\Users\sobec\Downloads\Andella svíčky gravírování podtácky.pdf
2025-11-07 13:46 - 2025-11-07 13:46 - 000062192 _____ C:\Users\sobec\Downloads\obálka narozeniny.pdf
2025-11-06 20:27 - 2025-11-06 20:27 - 004296072 _____ C:\Users\sobec\Downloads\Firmware-RAY5-FW 20W.zip
2025-11-06 19:38 - 2025-11-06 19:38 - 000064933 _____ C:\Users\sobec\Downloads\lucy_marshall.zip
2025-11-06 11:33 - 2025-11-06 11:33 - 000000000 ____D C:\Program Files\Windows Kits
2025-11-06 11:33 - 2025-11-06 11:33 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-11-05 20:00 - 2025-11-05 20:00 - 000000218 _____ C:\Users\sobec\AppData\Local\recently-used.xbel
2025-11-05 19:17 - 2025-11-05 19:17 - 000018324 _____ C:\Users\sobec\Downloads\r7vmwrk7.svg
2025-11-04 20:14 - 2025-11-04 20:14 - 003528572 _____ C:\Users\sobec\Downloads\venec222.DXF
2025-11-04 20:13 - 2025-11-04 20:13 - 002188451 _____ C:\Users\sobec\Downloads\venec111.DXF
2025-11-03 21:58 - 2025-11-03 21:58 - 000419677 _____ C:\Users\sobec\OneDrive\Dokumenty\vence2.pdf
2025-11-03 01:43 - 2025-11-03 01:43 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-11-03 00:42 - 2025-11-03 00:42 - 000591646 _____ C:\Users\sobec\Downloads\VENEC.DXF
2025-10-30 08:55 - 2025-10-30 08:55 - 002486237 _____ C:\Users\sobec\Downloads\adventni kalendar 4mm supliky 3mm_jThiYc.lbrn2
2025-10-30 08:54 - 2025-10-30 08:54 - 002492651 _____ C:\Users\sobec\Downloads\adventni kalendar 4mm supliky 3mm_WMwOWM.lbrn2
2025-10-30 08:53 - 2025-10-30 08:53 - 003325893 _____ C:\Users\sobec\Downloads\adventni kalendar Harry Potter_backup.lbrn2
2025-10-29 13:37 - 2025-10-29 13:37 - 002177718 _____ C:\Users\sobec\Downloads\strom.cdr

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-11-21 11:20 - 2023-10-20 13:08 - 000000000 ____D C:\Users\sobec\AppData\Local\Malwarebytes
2025-11-21 11:12 - 2023-05-24 00:15 - 000000000 ____D C:\Users\sobec\OneDrive\Dokumenty\Sticky Passwords
2025-11-21 11:08 - 2020-11-19 08:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-11-21 10:54 - 2025-04-04 15:28 - 000000000 ____D C:\ProgramData\ActiveBackupforBusinessAgent
2025-11-21 10:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-11-21 10:32 - 2022-02-11 16:31 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-11-21 10:28 - 2021-12-16 01:29 - 000000000 ____D C:\Windows\SystemTemp
2025-11-21 10:28 - 2021-11-23 17:31 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{18C88CBC-C706-4FD9-BF77-62B4EF6631CC}
2025-11-21 10:28 - 2021-09-30 09:39 - 000000000 ____D C:\Users\sobec\AppData\Roaming\Microsoft\Excel
2025-11-21 10:27 - 2023-11-21 14:28 - 000000000 ____D C:\Users\sobec\AppData\Local\LightBurn
2025-11-20 12:58 - 2023-11-22 00:58 - 000000000 ____D C:\Users\sobec\OneDrive\Dokumenty\gravírování
2025-11-20 12:25 - 2021-05-23 20:50 - 000000000 ____D C:\ProgramData\NVIDIA
2025-11-20 11:06 - 2022-10-13 23:40 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-11-20 11:05 - 2020-11-19 08:32 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-11-19 23:59 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2025-11-19 02:20 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-11-18 22:17 - 2024-12-14 12:32 - 000000211 _____ C:\Users\sobec\OneDrive\Plocha\Nový textový dokument.txt
2025-11-18 21:21 - 2025-02-07 11:42 - 000003552 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-1637531825-2475991144-1358310430-1001
2025-11-18 21:21 - 2021-12-13 00:41 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1637531825-2475991144-1358310430-1001
2025-11-18 21:21 - 2021-10-21 18:16 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-11-18 21:21 - 2021-10-17 11:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-11-18 21:21 - 2021-10-17 11:41 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-11-18 01:42 - 2025-03-11 13:02 - 000000000 ____D C:\Users\sobec\AppData\Local\SynologyDrive
2025-11-18 00:52 - 2020-11-19 08:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-11-17 09:59 - 2021-09-30 03:01 - 000001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-11-17 09:59 - 2021-09-30 03:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-11-17 00:02 - 2021-09-29 17:12 - 000000000 ____D C:\Program Files (x86)\Steam
2025-11-16 23:29 - 2021-05-23 21:34 - 000718024 _____ C:\Windows\system32\perfh005.dat
2025-11-16 23:29 - 2021-05-23 21:34 - 000145166 _____ C:\Windows\system32\perfc005.dat
2025-11-16 23:29 - 2021-05-23 20:53 - 001693148 _____ C:\Windows\system32\PerfStringBackup.INI
2025-11-16 23:29 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-11-16 23:23 - 2025-03-26 01:11 - 000000000 ____D C:\Users\sobec\AppData\Roaming\Synology Image Assistant
2025-11-16 23:23 - 2020-11-19 08:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-11-16 23:22 - 2020-11-27 01:59 - 000008192 ___SH C:\DumpStack.log.tmp
2025-11-16 23:22 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-11-16 23:18 - 2022-02-12 12:46 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2025-11-16 23:05 - 2021-09-30 02:54 - 000000000 ____D C:\Users\sobec
2025-11-16 20:30 - 2021-11-24 20:37 - 000000000 ____D C:\Users\sobec\AppData\Roaming\Microsoft\Word
2025-11-15 11:22 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-11-14 10:19 - 2024-08-02 18:13 - 000164213 _____ C:\Users\sobec\Downloads\ETF nákupy J.S.H..xlsx
2025-11-14 08:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-11-13 19:23 - 2025-09-23 11:28 - 000436600 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll
2025-11-13 19:23 - 2022-10-21 14:32 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-11-13 19:23 - 2022-10-21 14:32 - 000076152 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-11-13 19:23 - 2021-11-23 12:28 - 000285048 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-11-13 19:23 - 2021-09-30 03:15 - 004581752 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-11-13 19:23 - 2021-09-30 03:15 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2025-11-13 19:23 - 2021-09-30 03:15 - 000244080 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-11-13 19:23 - 2021-09-30 03:15 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-11-12 11:51 - 2021-09-29 17:31 - 000000000 ____D C:\Users\sobec\AppData\Local\UnrealEngine
2025-11-12 11:51 - 2021-05-23 20:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-11-12 11:45 - 2021-09-29 20:16 - 000000000 ____D C:\Windows\system32\MRT
2025-11-12 11:44 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2025-11-12 07:35 - 2021-10-17 11:36 - 000000000 ____D C:\Program Files\Microsoft Office
2025-11-10 20:49 - 2021-05-23 20:44 - 000000000 ____D C:\Windows\TempInst
2025-11-05 20:00 - 2023-12-11 17:51 - 000000000 ____D C:\Users\sobec\AppData\Roaming\inkscape
2025-11-05 20:00 - 2023-12-11 17:51 - 000000000 ____D C:\Users\sobec\.dbus-keyrings
2025-11-04 20:14 - 2025-07-02 12:04 - 000000000 ____D C:\Users\sobec\OneDrive\Dokumenty\Corel User Files
2025-11-04 12:26 - 2025-10-07 15:23 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-11-03 23:41 - 2023-10-20 13:08 - 000245336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-11-03 00:30 - 2020-11-19 08:32 - 000003638 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-11-03 00:30 - 2020-11-19 08:32 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-10-29 10:22 - 2021-09-30 02:58 - 000000000 ____D C:\Users\sobec\AppData\Local\Packages

==================== Files in the root of some directories ========

2021-11-23 15:18 - 2021-11-23 15:18 - 000093359 _____ () C:\Users\sobec\AppData\Roaming\icarus-dxdiag.xml
2022-03-12 10:18 - 2025-03-11 13:35 - 000000128 _____ () C:\Users\sobec\AppData\Roaming\winscp.rnd
2024-04-27 19:15 - 2024-04-28 11:42 - 000008210 _____ () C:\Users\sobec\AppData\Local\krita-sysinfo.log
2024-04-27 19:15 - 2024-04-28 11:59 - 000011738 _____ () C:\Users\sobec\AppData\Local\krita.log
2024-04-28 11:59 - 2024-04-28 11:59 - 000000039 _____ () C:\Users\sobec\AppData\Local\kritadisplayrc
2024-04-27 19:16 - 2024-04-28 11:59 - 000023210 _____ () C:\Users\sobec\AppData\Local\kritarc
2022-06-09 13:52 - 2025-05-07 11:19 - 000000128 _____ () C:\Users\sobec\AppData\Local\PUTTY.RND
2023-07-20 11:03 - 2023-07-20 11:03 - 000000001 _____ () C:\Users\sobec\AppData\Local\RawCopy.1.10.agreement
2023-07-20 12:36 - 2023-07-20 12:36 - 000000033 _____ () C:\Users\sobec\AppData\Local\RawCopy.opendialog.dir
2023-07-20 12:36 - 2023-07-20 12:36 - 000000001 _____ () C:\Users\sobec\AppData\Local\RawCopy.opendialog.filterindex
2023-07-20 11:04 - 2023-09-13 00:45 - 000000033 _____ () C:\Users\sobec\AppData\Local\RawCopy.savedialog.dir
2023-07-20 11:04 - 2023-09-13 00:45 - 000000001 _____ () C:\Users\sobec\AppData\Local\RawCopy.savedialog.filterindex
2023-07-20 12:37 - 2023-07-20 12:37 - 000000055 _____ () C:\Users\sobec\AppData\Local\RawCopy.sourcedisk.filepath
2023-07-20 11:03 - 2023-09-13 00:44 - 000000001 _____ () C:\Users\sobec\AppData\Local\RawCopy.sourcedisk.index
2025-11-05 20:00 - 2025-11-05 20:00 - 000000218 _____ () C:\Users\sobec\AppData\Local\recently-used.xbel
2023-07-01 10:57 - 2023-07-01 10:57 - 000007605 _____ () C:\Users\sobec\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025
Ran by sobec (21-11-2025 11:21:18)
Running from C:\Users\sobec\Downloads
Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) (2021-09-30 01:48:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1637531825-2475991144-1358310430-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1637531825-2475991144-1358310430-503 - Limited - Disabled)
emachines (S-1-5-21-1637531825-2475991144-1358310430-1007 - Limited - Enabled)
Guest (S-1-5-21-1637531825-2475991144-1358310430-501 - Limited - Disabled)
sobec (S-1-5-21-1637531825-2475991144-1358310430-1001 - Administrator - Enabled) => C:\Users\sobec
WDAGUtilityAccount (S-1-5-21-1637531825-2475991144-1358310430-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20937 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601120}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
BCD and Boot (HKLM-x32\...\{070DEFEF-C937-B33E-AA1C-0266257D7016}) (Version: 10.1.26100.2454 - Microsoft) Hidden
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
Dolby Vision Provisioning Utility (HKLM-x32\...\provisiondolbyvision1_1-20200601_is1) (Version: 2.0.0.2 (2024 August Data a) - Lenovo Group Limited)
DVD to ISO (HKLM-x32\...\{646E7341-F4F6-46E1-A6AE-2A91FED3F0E8}_is1) (Version: - dvdtoiso.com)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.496.0.6009 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{980e8c2b-d40d-490d-a02c-b70dc032c133}) (Version: 13.496.0.6009 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{C74274AB-A56B-4746-BC3D-F65DD0D29591}) (Version: 1.3.150.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{88FE81B2-A29B-4500-926C-D9F798539574}) (Version: 3.0.1 - Epic Games, Inc.)
FormatFactory 5.12.2.0 (HKLM-x32\...\FormatFactory) (Version: 5.12.2.0 - Free Time)
GIMP 2.10.36-1 (HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\GIMP-2_is1) (Version: 2.10.36 - The GIMP Team)
GM-211 gaming mouse (HKLM-x32\...\{960FBE43-F6C1-47B2-8214-338FF447B677}_is1) (Version: 1.0 - ASBISc Enterprises PLC)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.73.27 - GOG.com)
Inkscape (HKLM\...\{2AB0D298-5B41-4C70-BB32-46F153F7A1BF}) (Version: 1.3.2 - Inkscape)
Kits Configuration Installer (HKLM-x32\...\{2598EE05-986F-CECE-2CA7-C7EAFA28D7C1}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Kodi) (Version: 20.0.0.0 - XBMC Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Legion Arena (HKLM-x32\...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.96.0 - Lenovo Group Ltd.)
LightBurn version 1.7.04 (HKLM\...\LightBurn_is1) (Version: 1.7.04 - )
Malwarebytes version 5.4.3.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.4.3.221 - Malwarebytes)
Microsoft .NET Host - 8.0.7 (x64) (HKLM\...\{E424D6A6-FA28-41E2-8356-B59519A84BB0}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.7 (x64) (HKLM\...\{3E3E3302-0CAD-4D0D-B6C0-206B30773468}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.7 (x64) (HKLM\...\{CA4FE2DB-2E1C-453B-B8C9-960AB929E5B4}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 142.0.3595.90 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 142.0.3595.90 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{ECB4BDD1-984C-9F25-299C-A9EF75C14197}) (Version: 10.1.26100.6879 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.19328.20190 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.206.1021.0003 - Microsoft Corporation)
Microsoft OneNote - cs-cz (HKLM\...\OneNoteFreeRetail - cs-cz) (Version: 16.0.19328.20190 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM\...\{F6FBF64F-D459-4F03-BF3B-C0A36A0596A2}) (Version: 64.28.16739 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM-x32\...\{754bcfb5-42ac-4c12-8f12-b818943a1365}) (Version: 8.0.7.33814 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox) (Version: 145.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.2.1 - Mozilla)
Mozilla Thunderbird ESR (x64 cs) (HKLM\...\Mozilla Thunderbird 140.3.1 ESR (x64 cs)) (Version: 140.3.1 - Mozilla)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.50 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 527.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 527.99 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OA3Tool (HKLM-x32\...\{09CB886B-67D5-7606-F8B6-98898B147293}) (Version: 10.1.26100.2454 - Microsoft) Hidden
OACheck (HKLM-x32\...\{1C687983-A81E-830B-F38D-4B32EBC084FC}) (Version: 10.1.26100.2454 - Microsoft) Hidden
OATool (HKLM-x32\...\{438171C4-4F51-C414-756E-9C27E2FCE6A2}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19328.20106 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 7.0.14 (HKLM\...\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}) (Version: 7.0.14 - Oracle and/or its affiliates)
Oscdimg (DesktopEditions) (HKLM-x32\...\{4B4EAA11-508C-E2BC-DE53-66001469476F}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Oscdimg (OnecoreUAP) (HKLM-x32\...\{AA0852D8-D1C3-5D2E-34B2-282A4F10036E}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
Raspberry Pi Imager (HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Raspberry Pi Imager) (Version: 1.8.1 - Raspberry Pi Ltd)
RealVNC Viewer 7.11.1 (HKLM\...\{2F887B11-7F6D-4DFD-B942-112453D6A115}) (Version: 7.11.1.26 - RealVNC)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.102.2459 - Rockstar Games)
Rockstar Games SDK (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.4.0.77 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sticky Password (HKLM-x32\...\Sticky Password_is1) (Version: 8.9.4.2125 - Lamantine Software)
STL Thumbnail (HKLM-x32\...\{264B29AB-7851-4DD2-BF43-CDBD492B1BD3}) (Version: 1.0.0 - Cabbagecreek)
stl-thumb (HKLM\...\{557FDC87-E251-449D-A5DF-6B4DC8BF8E45}) (Version: 0.5.0 - UnlimitedBacon) Hidden
STL-Thumb (HKLM-x32\...\{d644e66e-2885-44aa-8732-3c3ac01722b9}) (Version: 0.5.0 - UnlimitedBacon)
SVG See 1.1.0 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 1.0.0 - Tibold Kandrai)
SWAT 4 Gold Edition (HKLM-x32\...\1409964317_is1) (Version: 1.1 DLL fix - GOG.com)
Synology Active Backup for Business Agent (HKLM-x32\...\{91D1D692-8516-43F7-81DA-E0FF8220594F}) (Version: 3.0.4638 - Synology Inc.)
Synology Drive Client (HKLM\...\{363EF8B8-FB9E-4425-9938-3665C83897BE}) (Version: 7.5.2.16110 - Synology)
Synology Image Assistant 1.0.2-56 (HKLM\...\70f7506f-6740-5e7b-8650-5d68a656aca9) (Version: 1.0.2-56 - Synology Inc.)
Toolkit Documentation (HKLM-x32\...\{50F24D28-A356-7D82-A7FB-111D0B3434C8}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\...\Wargaming.net Game Center) (Version: 25.3.0.9647 - Wargaming.net)
Windows Assessment and Deployment Kit (HKLM-x32\...\{b09b3bef-7c75-4e26-ae6b-f6cdeb0fb071}) (Version: 10.1.26100.2454 - Microsoft Corporation)
Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons (HKLM-x32\...\{e0f929f8-610d-469c-bfa1-7961a14eb91b}) (Version: 10.1.26100.2454 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{B7733F66-4231-7C00-26F6-69C57B6FB08B}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows Deployment Image Servicing and Management - Headers and Libraries (HKLM-x32\...\{E908D793-A3B2-4DA4-E0BD-A43D7378B77D}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows Deployment Image Servicing and Management Tools (DesktopEditions) (HKLM-x32\...\{9ACE492A-5FF8-5536-E5CC-9A5C4C69AE89}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows Deployment Image Servicing and Management Tools (OnecoreUAP) (HKLM-x32\...\{765CB4D6-1A08-1F46-81D0-7016DA3604B2}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{7C2ACA41-3E86-6C9C-D31E-E893512BD9BA}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows Deployment Tools Environment (HKLM-x32\...\{1F90C29A-34E5-ACEB-E48D-40E1D3E04A28}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows PE Boot Files (DesktopEditions) (HKLM-x32\...\{C049B0B5-13F0-32A1-A7A2-26580B1ACB71}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows PE Boot Files (OnecoreUAP) (HKLM-x32\...\{D68A734E-1792-D583-8F8D-260253510384}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows PE Optional Packages (DesktopEditions) (HKLM-x32\...\{41D0D61E-F360-224F-C9AD-63E85C5190BD}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows PE Scripts (HKLM-x32\...\{BED2A6F5-83DF-0F73-BFCF-63D9F16FA1B6}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows PE wims (DesktopEditions) (HKLM-x32\...\{C36D1904-6607-4444-710B-A26FD6AAD1A0}) (Version: 10.1.26100.2454 - Microsoft) Hidden
Windows System Image Manager (HKLM-x32\...\{9BB0E43E-2F04-F989-F188-F787570FD478}) (Version: 10.1.26100.2454 - Microsoft) Hidden
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinSCP 5.19.6 (HKLM-x32\...\winscp3_is1) (Version: 5.19.6 - Martin Prikryl)
xTool Creative Space 2.3.24 (HKLM\...\b29304a7-41e3-5b24-bd90-477136b06003) (Version: 2.3.24 - Makeblock)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-10-02] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2024-06-13] (Advanced Micro Devices Inc.) [Startup Task]
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.20400.722.0_x64__rz1tebttyb220 [2024-09-05] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-09-25] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-10-10] (Microsoft Corporation)
DXF Thumbnails -> C:\Program Files\WindowsApps\14063AnodosApps.DXFThumbnails_1.3.2.0_x64__f7n1qgxcc752w [2024-11-28] (Anodos Apps)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa [2025-10-17] (Apple Inc.) [Startup Task]
Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_21.2.500.0_x64__4n2hpmxwrvr6p [2025-01-21] (XBMC Foundation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2509.13.0_x64__k1h2ywk1493x8 [2025-10-17] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.7.18.0_x64__5grkq8ppsgwt4 [2025-05-16] (LENOVO INC) [Startup Task]
Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-11-12] ()
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-11-12] ()
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.7.0_x64__w2gh52qy24etm [2025-08-11] (A-Volute)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-10] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-11-12] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2022-12-19] (Realtek Semiconductor Corp)
Survivalcraft 2 -> C:\Program Files\WindowsApps\20961CandyRufusGames.Survivalcraft2_2.4.40.8_neutral__c7jxg4av36ap6 [2025-04-13] (Candy Rufus Games)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.8.3.0_x64__gs5k5vmxr2ste [2025-08-26] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{04271989-C4D2-9D25-0D36-98FF32E6804F} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\ContextMenu.dll (Synology Inc. -> )
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\sobec\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001_Classes\CLSID\{E8927A9E-D3BF-4713-BAF4-C7084A954268}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-04-02] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-04-02] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-04-02] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-04-02] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\iconOverlay.dll [2025-04-02] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-11-14] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.206.1021.0003\FileSyncShell64.dll [2025-11-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-07-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_f08209179a3354de\nvshext.dll [2023-03-09] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-11-14] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1637531825-2475991144-1358310430-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\ContextMenu.dll [2025-04-02] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-1637531825-2475991144-1358310430-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\sobec\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\23\x64\ContextMenu.dll [2025-04-02] (Synology Inc. -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2025-03-26 01:11 - 2025-01-13 09:09 - 001859584 _____ () [File not signed] C:\Program Files\Synology\Synology Image Assistant\ffmpeg.dll
2025-03-26 01:11 - 2025-01-13 09:09 - 000478208 _____ () [File not signed] C:\Program Files\Synology\Synology Image Assistant\libegl.dll
2025-03-26 01:11 - 2025-01-13 09:09 - 007808512 _____ () [File not signed] C:\Program Files\Synology\Synology Image Assistant\libglesv2.dll
2025-03-26 01:11 - 2025-01-13 09:09 - 005238784 _____ () [File not signed] C:\Program Files\Synology\Synology Image Assistant\vk_swiftshader.dll
2025-08-15 03:15 - 2025-08-15 03:15 - 000030720 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2020-08-04 10:46 - 2020-08-04 10:46 - 000341504 _____ (Free Time) [File not signed] C:\Program Files (x86)\FormatFactory\ShellEx_108.dll
2025-05-23 16:18 - 2025-05-23 16:18 - 001295872 _____ (Hystax) [File not signed] C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\vsstracker_x64.dll
2021-10-17 11:39 - 2021-10-17 11:39 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-10-17 11:39 - 2021-10-17 11:39 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-03-26 01:11 - 2025-01-13 09:09 - 021775360 _____ (Microsoft(r) Corporation) [File not signed] C:\Program Files\Synology\Synology Image Assistant\dxcompiler.dll
2025-05-23 16:18 - 2025-05-23 16:18 - 005148672 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\libcrypto-3-x64.dll
2025-05-23 16:18 - 2025-05-23 16:18 - 000778752 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Synology\ActiveBackupforBusinessAgent\service\libssl-3-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\cejbegsc.sys:changelist [320]
AlternateDataStreams: C:\Users\sobec:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001 -> DefaultScope {9AD56C86-F1D9-4AAB-8A8A-117E908FCB02} URL =
SearchScopes: HKU\S-1-5-21-1637531825-2475991144-1358310430-1001 -> {9AD56C86-F1D9-4AAB-8A8A-117E908FCB02} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2025-11-21 10:24 - 000002746 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 avast.com
0.0.0.0 www.avast.com
0.0.0.0 totalav.com
0.0.0.0 www.totalav.com
0.0.0.0 scanguard.com
0.0.0.0 www.scanguard.com
0.0.0.0 totaladblock.com
0.0.0.0 www.totaladblock.com
0.0.0.0 pcprotect.com
0.0.0.0 www.pcprotect.com
0.0.0.0 mcafee.com
0.0.0.0 www.mcafee.com
0.0.0.0 bitdefender.com
0.0.0.0 www.bitdefender.com
0.0.0.0 us.norton.com
0.0.0.0 www.us.norton.com
0.0.0.0 avg.com
0.0.0.0 www.avg.com
0.0.0.0 malwarebytes.com
0.0.0.0 www.malwarebytes.com
0.0.0.0 pandasecurity.com
0.0.0.0 www.pandasecurity.com
0.0.0.0 surfshark.com
0.0.0.0 www.surfshark.com
0.0.0.0 avira.com
0.0.0.0 www.avira.com
0.0.0.0 norton.com
0.0.0.0 www.norton.com
0.0.0.0 eset.com

2022-02-19 17:36 - 2024-12-13 17:24 - 000000508 _____ C:\Windows\system32\drivers\etc\hosts.ics
92.168.137.1 LAPTOP-BL5J37S2.mshome.net # 2027 2 4 18 16 36 25 371
192.168.137.147 SP-0515B5.mshome.net # 2022 2 6 26 16 36 25 371

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.2.1
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Realtek RTL8852AE WiFi 6 802.11ax PCIe Adapter -> rtwlane6.sys
VirtualBox Host-Only Network: VirtualBox Host-Only Ethernet Adapter -> VBoxNetAdp6.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

oracle_VBoxNetLwf: VirtualBox NDIS6 Bridged Networking Driver
INSECURE_NPCAP: Npcap Packet Driver (NPCAP)

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1637531825-2475991144-1358310430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sobec\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{aaa0abdd-5ec5-478d-9e9a-9f4dd92aaea9}.png
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 5) (TamperProtectionSource: )
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions|.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\sobec
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\system32\config\systemprofile


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "CorelDRAW Graphics Suite 11b"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{74D0202E-2AB2-4D3F-896F-A4B92B8E7F3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6A81BBC2-2AF6-488A-8697-53F40C6C2B33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{73C26253-DB19-490D-BF30-29CC4CDA66BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{126BB4A9-4141-49DE-8833-DF4307FE9D36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56B8B315-0BFA-41B0-B8CC-E1A77CE2269E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32C44440-B2E7-4658-A2F4-0F143F2F657E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ABDA76C1-CBE4-4000-854B-18E6EF2B859E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{19A804B5-7D2F-4A0D-B97B-0EEFE0F463EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D397CCFA-00E2-4B6C-BABA-E5B7FB9104D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AF2ADE8B-37D8-4345-994D-60AF69357F7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D80267DF-8249-444F-9BFC-CE8251B185C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9092E077-A85A-41FC-AB4A-F218E3DE7964}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3388FE3A-C3A2-4C52-A6FD-7738150AF13E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{B15F941A-BEE2-43B8-BB3C-59D576D9DB0F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9E69AB14-3987-4F3B-85F7-7B827C29019D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{AE3700A7-F0DD-413A-B532-4E31F468EF9E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{AFD44067-E237-4346-BA4E-A9815331F92D}C:\program files\epic games\defensegrid\defensegrid.exe] => (Allow) C:\program files\epic games\defensegrid\defensegrid.exe => No File
FirewallRules: [UDP Query User{3997DFF0-877E-4D00-BF3A-268F5FE4D3D7}C:\program files\epic games\defensegrid\defensegrid.exe] => (Allow) C:\program files\epic games\defensegrid\defensegrid.exe => No File
FirewallRules: [TCP Query User{28551FEF-95DB-4FC5-9F1A-C453FE772002}C:\program files\epic games\gtav\gta5.exe] => (Block) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{0A346E19-989B-4F9E-A42F-09336F4AA2B7}C:\program files\epic games\gtav\gta5.exe] => (Block) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{2B273A24-A8FA-4347-9C3E-E876AAA8C9D9}C:\program files\epic games\defensegrid\defensegrid.exe] => (Block) C:\program files\epic games\defensegrid\defensegrid.exe => No File
FirewallRules: [UDP Query User{EEC0557F-6BE8-4BC1-BB19-AD24EB8D2B86}C:\program files\epic games\defensegrid\defensegrid.exe] => (Block) C:\program files\epic games\defensegrid\defensegrid.exe => No File
FirewallRules: [TCP Query User{1E04A0C6-CE79-4AFD-A1D9-3CDFC5DC3A60}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe => No File
FirewallRules: [UDP Query User{EE562EF0-1B44-4863-88BF-2EC4F72BDDBF}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe => No File
FirewallRules: [TCP Query User{2963C810-50CA-4271-B2B6-F2E10F0FAA8B}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{868AE3DF-B6F6-4AD0-A9DD-57129E842D01}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{BF71BEB0-08CD-43CF-9120-0A01D8F9ECE7}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [UDP Query User{FC16479B-4013-450B-ADD5-17E4FB05014B}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{AE0ACE0C-F8A1-4AE4-BA55-C5718EBEF5D0}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{BA90C681-3B07-4DC0-AE3C-BF926F14F17D}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{EB958CA6-D87F-424C-96D2-FF5DAE2C1C68}C:\program files (x86)\gog galaxy\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [UDP Query User{4C06B3B8-A417-4A0C-B948-7974F216A75A}C:\program files (x86)\gog galaxy\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) C:\program files (x86)\gog galaxy\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{EB4C8D72-3FD3-49E6-A670-658253369685}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{115D6E54-FA76-4D2E-B554-180C67F20656}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{9A70EC12-F086-4E89-85AD-380F380DB233}C:\program files\epic games\ttaodkoneshotadventure\binaries\win32\tinytina.exe] => (Allow) C:\program files\epic games\ttaodkoneshotadventure\binaries\win32\tinytina.exe => No File
FirewallRules: [UDP Query User{E80D793B-0A47-4A07-841F-99ED905A66FB}C:\program files\epic games\ttaodkoneshotadventure\binaries\win32\tinytina.exe] => (Allow) C:\program files\epic games\ttaodkoneshotadventure\binaries\win32\tinytina.exe => No File
FirewallRules: [{878C7F34-5149-4476-B93A-DD6E75306EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2 Demo\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{52784CD8-5C51-4E2A-A646-DA715DE588DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2 Demo\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{5AB037A3-FB57-48FD-901C-55D8D9CF1675}C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe] => (Allow) C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6FC32843-F895-4FA5-B693-3F96F28AE3A1}C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe] => (Allow) C:\program files\epic games\godfall\aperion\binaries\win64\aperion-win64-shipping.exe => No File
FirewallRules: [TCP Query User{11E60362-3DB8-46FD-B78A-2D55413ED574}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9F90988B-31B7-42AB-8738-A345EC690A8E}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{985D453A-817C-4309-8681-634C7EA4A2A1}C:\program files\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) C:\program files\epic games\pathfinderkingmaker\kingmaker.exe => No File
FirewallRules: [UDP Query User{A9DA51F8-D767-41DC-B73F-4BD6F4F9747F}C:\program files\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) C:\program files\epic games\pathfinderkingmaker\kingmaker.exe => No File
FirewallRules: [TCP Query User{AA6CD3BD-1EDF-417D-A4F7-466B932BDAED}C:\program files\epic games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Allow) C:\program files\epic games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{5AA67B61-2EAB-43ED-8C4A-110DA8E0885B}C:\program files\epic games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Allow) C:\program files\epic games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EDC91761-7AE2-4F3F-899D-954883885F29}C:\program files\epic games\secondextinction\secondextinctioneos.exe] => (Allow) C:\program files\epic games\secondextinction\secondextinctioneos.exe => No File
FirewallRules: [UDP Query User{C46A1C65-DADB-43AF-BA63-24C28F616709}C:\program files\epic games\secondextinction\secondextinctioneos.exe] => (Allow) C:\program files\epic games\secondextinction\secondextinctioneos.exe => No File
FirewallRules: [TCP Query User{CC1A81F1-BE42-4AD1-A302-E5921F3C1EB4}C:\program files\epic games\magesofmystralia\build.exe] => (Allow) C:\program files\epic games\magesofmystralia\build.exe => No File
FirewallRules: [UDP Query User{26C39341-C718-4F85-9286-7E267F6E2E69}C:\program files\epic games\magesofmystralia\build.exe] => (Allow) C:\program files\epic games\magesofmystralia\build.exe => No File
FirewallRules: [{F897E3FC-2927-4651-9BE4-FBA9EEC8173F}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{FD74DEC5-4270-4B7F-BAEB-12CECE8555C9}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{7204E4E8-D302-4D13-91A1-3B060758D5D9}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{722ECC31-4E94-4D3C-9B07-F03B8D6C290B}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{4E232042-760A-4BF6-B92A-A2316FC39C80}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{C0C84760-8631-460B-8BDD-04910490BB9A}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{BA6AC780-A3A1-4F13-9EF2-986B8179B877}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{497D3E09-EC08-49F0-9C5B-0879B96E7FF2}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{2505EE43-C428-41E1-BB57-7D6EC46C5E2A}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
FirewallRules: [TCP Query User{2CD117D7-EB6E-4650-AEE8-49EEAB1BBDE3}C:\program files (x86)\steam\steamapps\common\for honor\forhonor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [UDP Query User{4F71549E-80D5-4319-AA11-52F739E05F81}C:\program files (x86)\steam\steamapps\common\for honor\forhonor.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\for honor\forhonor.exe => No File
FirewallRules: [TCP Query User{907C91C5-6216-4469-A661-F12110304B90}C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{682C9A6F-618D-4754-A035-30D7099E19FB}C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{DFCAF38C-FA05-48CA-9DCB-92202B9FA0DC}C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{D2A7368B-6812-47BB-A5F9-2A3048FE1DBC}C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.4.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{99E14610-D5B4-42F9-8B60-815F8FFFDEC3}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => No File
FirewallRules: [UDP Query User{E09451E8-4DC3-4952-B6BD-C73B9AD0E2A9}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => No File
FirewallRules: [TCP Query User{EC24BB50-5373-418E-B3D9-261C15EB57EC}C:\program files\epic games\rs2v\binaries\win64\vngame.exe] => (Allow) C:\program files\epic games\rs2v\binaries\win64\vngame.exe => No File
FirewallRules: [UDP Query User{6C9328B0-D006-4777-B562-C5B25F49F163}C:\program files\epic games\rs2v\binaries\win64\vngame.exe] => (Allow) C:\program files\epic games\rs2v\binaries\win64\vngame.exe => No File
FirewallRules: [{B94CA91C-1A21-4D82-8C91-E6802F36C1E5}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => No File
FirewallRules: [TCP Query User{4C84D460-1907-4663-9A85-B4EECFE0B326}C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{557213FB-62F9-41FB-91FD-4A758F291E42}C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{517C395E-06AB-4182-8B6A-ED121B1717A7}C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{CA7C55E6-0832-4557-9561-7FF47564A07C}C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_19.90.955.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{E4E80CF1-EC48-414F-9886-63B3835B1913}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{836B5705-F00B-4EF2-9260-21CDBC0B5FDF}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{4A934902-D21C-4496-8738-80E3BEE5A3FE}C:\program files\windowsapps\xbmcfoundation.kodi_20.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{5086D00D-6AF7-4E55-A234-2BD0E3CD91CD}C:\program files\windowsapps\xbmcfoundation.kodi_20.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{72965791-E128-48AC-A267-C752217484F7}F:\kodi\kodi.exe] => (Allow) F:\kodi\kodi.exe => No File
FirewallRules: [UDP Query User{B2E8F20A-49C2-492C-8946-7DEA2F97F449}F:\kodi\kodi.exe] => (Allow) F:\kodi\kodi.exe => No File
FirewallRules: [TCP Query User{432F44D9-83CC-4F69-9CA2-488B09D164A9}C:\program files\windowsapps\xbmcfoundation.kodi_20.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{895E4241-B383-41FD-A1D8-E131FDFC15BD}C:\program files\windowsapps\xbmcfoundation.kodi_20.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [{34A88096-ACD7-4B3A-99C6-B13449C70FDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{241DAF54-E485-4F12-9182-EA58ACFC438D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{46078EE2-136A-4EC2-94BD-9AF6929A413F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{91B1C61A-732B-4DE5-A50C-57BB3E5A85B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{E39BB3C5-A207-4261-8A9A-E397520146B3}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Allow) C:\program files\epic games\reddeadredemption2\rdr2.exe => No File
FirewallRules: [UDP Query User{0AA269B5-B46E-4F25-A849-65B891C05EFE}C:\program files\epic games\reddeadredemption2\rdr2.exe] => (Allow) C:\program files\epic games\reddeadredemption2\rdr2.exe => No File
FirewallRules: [{B9AC4200-ED9C-4ABE-A8BE-A00ADBAC984D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2021 Demo\playway-launcher-win32-ia32\playway-launcher.exe => No File
FirewallRules: [{8D5C0FE3-3F9F-47C6-BF38-F81C2F3E6FDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2021 Demo\playway-launcher-win32-ia32\playway-launcher.exe => No File
FirewallRules: [TCP Query User{1D5DE05C-C452-4F75-8B3E-4513D584712B}C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{BC416736-8FD5-4F9B-85F0-B7F3DD5E4A4E}C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{5C03F397-71F8-4A39-B689-1589660FFBBF}C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{CAF046D9-C22F-4523-8982-02D19F8F99E5}C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{DC542417-ED19-4806-895E-C70D2179CA2C}F:\kodi\kodi.exe] => (Allow) F:\kodi\kodi.exe => No File
FirewallRules: [UDP Query User{8A764554-7BDC-4263-B8C5-CBE3895C06BA}F:\kodi\kodi.exe] => (Allow) F:\kodi\kodi.exe => No File
FirewallRules: [TCP Query User{ECC09E45-8EA0-4C49-8EFC-9D04848557E2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{C56BBEE2-5D66-499D-93EF-21AC4BF80945}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{C1C0A166-6458-4AF4-A35F-1B8BC743ADC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23716A43-1687-4854-99E0-AA5E325BBD34}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{521D93CC-60D1-423A-8788-F78A11F91933}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C67CA468-7308-4DC6-935C-AC8FC779B1ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{08D990C8-A277-4BEC-AF59-7A72217C3ECB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{C4D30BA8-D691-48F5-956A-97D5606FEE0B}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{77765F83-35D6-48C1-AD4D-697A109E56D7}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [UDP Query User{ABBA77A4-A478-4E7B-ACCC-78F5CB8131AC}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe => No File
FirewallRules: [TCP Query User{4E84369A-64C4-4848-883F-586F055219C0}C:\program files\lightburn\lightburn.exe] => (Allow) C:\program files\lightburn\lightburn.exe (LightBurn Software, LLC -> )
FirewallRules: [UDP Query User{D48FD76E-655F-4326-84AC-5F05B1AE2980}C:\program files\lightburn\lightburn.exe] => (Allow) C:\program files\lightburn\lightburn.exe (LightBurn Software, LLC -> )
FirewallRules: [TCP Query User{09DBD08D-9CFC-4527-956E-E59C57E227A4}C:\program files\lightburn\lightburn.exe] => (Allow) C:\program files\lightburn\lightburn.exe (LightBurn Software, LLC -> )
FirewallRules: [UDP Query User{B5ED1E24-A1B5-4C39-B79A-E7BDC584851D}C:\program files\lightburn\lightburn.exe] => (Allow) C:\program files\lightburn\lightburn.exe (LightBurn Software, LLC -> )
FirewallRules: [TCP Query User{B91243AB-A15A-4F0E-A71A-D6A54BAFB230}C:\program files (x86)\gog galaxy\games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\gog galaxy\games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{327127DD-0EFC-4AE5-AC13-36058EAA23B2}C:\program files (x86)\gog galaxy\games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\gog galaxy\games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{240579ED-A296-4528-A99E-172E6DFC297B}C:\program files (x86)\winscp\winscp.exe] => (Allow) C:\program files (x86)\winscp\winscp.exe (Martin Prikryl -> Martin Prikryl)
FirewallRules: [UDP Query User{A1693615-E955-4590-B5EA-0786F59B9FB8}C:\program files (x86)\winscp\winscp.exe] => (Allow) C:\program files (x86)\winscp\winscp.exe (Martin Prikryl -> Martin Prikryl)
FirewallRules: [{22F1C092-EACB-461C-852E-D5EC027030B9}] => (Block) C:\program files (x86)\winscp\winscp.exe (Martin Prikryl -> Martin Prikryl)
FirewallRules: [{5C41CE22-8C99-45DE-A479-276790D63130}] => (Block) C:\program files (x86)\winscp\winscp.exe (Martin Prikryl -> Martin Prikryl)
FirewallRules: [TCP Query User{B2FB298D-0303-4A37-9794-2C97162026E5}C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{5D09E7D7-015A-479F-B0C8-8671F69FDD96}C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [{E7AD5058-3AFB-44C3-9AA3-B9265ED75A80}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [{D6EF6DE6-BF91-43CE-946B-AC811C45BF7C}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{9EA2810B-531C-4A35-8DD6-54322ADDB9CF}C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{A5923C04-781C-446B-8E59-BC18AFFC6D62}C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [{DF6BC347-AD9A-4A3A-AA98-F2C8872CD8A3}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [{D16693FE-BADF-4394-AAF9-DBA4E7A5178E}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_20.5.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{6EA0B35A-E7E2-4AA4-81F4-74C1092F98F5}C:\program files\windowsapps\xbmcfoundation.kodi_20.90.960.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.90.960.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{BAB3087E-A9B1-44F2-824F-9780B116734A}C:\program files\windowsapps\xbmcfoundation.kodi_20.90.960.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_20.90.960.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{920FF0A5-5D31-4CAA-B6A1-CBD1EC3C9CF3}C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{D1967EF0-313A-4FBB-8ECC-56F51B1FF867}C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{62C5ED21-4274-47AE-BF45-991FBB356B72}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D26A94AD-55B0-45B4-A061-7679695D345B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{7F4DB49F-7F08-499C-8D20-DAC9458398B4}C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{B1150E0A-2B38-49F3-BB25-6EBA118D2B64}C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.0.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{B766DF72-0292-4DBB-90B0-80F70F0A2B8B}C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{BC6FCB7D-DEF7-41A0-818E-6C6F408F8E16}C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{C108500E-ABD6-42EA-BB7D-6849F79859E5}C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [UDP Query User{C5F12B4A-3364-47AA-B046-CF00B7DCB83E}C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_21.1.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
FirewallRules: [TCP Query User{B3ABB4F8-371D-4D57-BB47-ACECAE54BCE0}C:\program files\epic games\ghostrunner2\ghostrunner2\binaries\win64\ghostrunner2-win64-shipping.exe] => (Allow) C:\program files\epic games\ghostrunner2\ghostrunner2\binaries\win64\ghostrunner2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1228E171-56FF-455A-9EC2-612600342613}C:\program files\epic games\ghostrunner2\ghostrunner2\binaries\win64\ghostrunner2-win64-shipping.exe] => (Allow) C:\program files\epic games\ghostrunner2\ghostrunner2\binaries\win64\ghostrunner2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{DE5F3D92-FF33-4680-B763-4E17E8A99728}C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe (C62BD90A-CDD8-477F-96C3-B25992247B97 -> XBMC Foundation)
FirewallRules: [UDP Query User{64EAEEB0-28F3-46FB-995D-5F66386E7CA0}C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe (C62BD90A-CDD8-477F-96C3-B25992247B97 -> XBMC Foundation)
FirewallRules: [TCP Query User{019C70F4-0C1A-4144-8D8F-1B7FD8291D7C}C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe (C62BD90A-CDD8-477F-96C3-B25992247B97 -> XBMC Foundation)
FirewallRules: [UDP Query User{62C3C020-66F6-4F27-9D4C-D00291F96685}C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe (C62BD90A-CDD8-477F-96C3-B25992247B97 -> XBMC Foundation)
FirewallRules: [TCP Query User{908CF4EF-D85E-445D-98D7-8A87CD83C46C}C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{03B5CED9-E78B-4E6B-A404-0D002F2813FA}C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{3CB37958-63CD-4387-BE53-9BB8029E315A}C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{62CF51B0-2C26-4568-8464-9384D8BF9EEE}C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\sobec\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [{2DA0542B-2F6A-4EDC-B466-CCDEC8BADDE2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AC713698-6671-41CE-BBD0-63BB5AD5A5DF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{42A70784-6AB2-4193-B197-486C5F1DBE2C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AD634A67-D27C-4DF3-A68B-3C73957C1D32}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3544490A-2C86-4CC0-A1DA-CC75EC8AF8F6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E2099211-72CC-4A0F-85B7-9E50D400F8DE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{92A1DB9F-A2E1-4804-A565-209C548AEC8A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{44AFF903-F2BF-4767-BFD1-3E12640ACE1F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3A7A954D-C3B8-475A-9AEA-6649C1F4C629}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8FE70753-9367-4960-85E5-4219A36E4DE0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{49A0A2BD-0C92-48DB-8AFA-0397F83104A5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E83CC83B-C103-47C9-939B-4FD4B5DF3D3F}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [{DD7FD5A2-63E0-4458-9947-7BA6702E8E82}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [TCP Query User{7E71151D-9F44-493E-8E36-89F4CC8C8AA4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{2785F417-FF23-4058-9AC3-F3D6BDAA39D9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DB093C87-0CD5-4D3D-AC5A-F79E35F4A661}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{E7E8E67E-9008-4735-98F8-E6800450DAF6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{6692F188-9DCE-42EE-A4A0-F87790EDB7D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row The Third Remastered\SRTTR.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [{A994C908-8BE3-43F4-90EF-A13BA46DD4BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row The Third Remastered\SRTTR.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [{BE4DDC2B-D5E8-4080-9313-95A455804DF7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0EA07051-4A2A-46EC-A3CA-396813EF2524}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9F828CB1-BF48-4871-82C6-64DA0C6F9491}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B5D45089-016E-4F2D-8DB1-30BFA8A16165}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{ADCA97BA-9FA0-4874-92D1-E52B90A32A3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FD1D808E-4C06-4992-9061-0ACCB7CDF1D1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FFA65005-EE05-485E-AD64-131A6E1ADD5E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{CE79E36F-6C73-43A7-BF20-353E0FC6DEFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

==================== Restore Points =========================

20-11-2025 11:15:55 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============
Name: Zařízení ACPI UCM-UCSI
Description: Zařízení ACPI UCM-UCSI
Class Guid: {e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}
Manufacturer: Microsoft
Service: UcmUcsiAcpiClient
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/16/2025 11:25:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač..

Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/16/2025 11:25:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {8ac17d81-c990-41bd-a0d1-140e990285a7}

Error: (11/15/2025 11:49:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program kodi.exe verze 21.2.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2744

Čas spuštění: 01dc5681a828b2cd

Čas ukončení: 3

Cesta k aplikaci: C:\Program Files\WindowsApps\XBMCFoundation.Kodi_21.2.500.0_x64__4n2hpmxwrvr6p\kodi.exe

ID hlášení: 9665beb7-8695-4bc0-b1f2-6d155f91feda

Úplný název balíčku s chybou: XBMCFoundation.Kodi_21.2.500.0_x64__4n2hpmxwrvr6p

ID aplikace relativní podle balíčku s chybou: Kodi

Typ zablokování: Unknown

Error: (11/15/2025 11:09:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d3d2de8d-1b72-4af3-8c8e-13574efdc560}

Error: (11/14/2025 08:49:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d3d2de8d-1b72-4af3-8c8e-13574efdc560}

Error: (11/13/2025 01:42:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..

Error: (11/13/2025 01:42:27 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]

Error: (11/10/2025 06:20:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {9827ff6a-ab55-4e3e-9970-f95a37048450}


System errors:
=============
Error: (11/21/2025 11:08:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/21/2025 10:47:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/21/2025 10:24:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/21/2025 02:29:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/20/2025 11:15:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: LAPTOP-BL5J37S2)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (11/20/2025 11:15:38 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: NT AUTHORITY)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (11/19/2025 11:59:21 PM) (Source: nvlddmkm) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/19/2025 11:59:21 PM) (Source: nvlddmkm) (EventID: 0) (User: )
Description: Event-ID 0


Windows Defender:
================
Date: 2025-11-21 10:24:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VulnerableDriver:WinNT/Winring0
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Temp\mmlnsvmripjk.sys
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.441.372.0, AS: 1.441.372.0, NIS: 1.441.372.0
Verze modulu: AM: 1.1.25100.9002, NIS: 1.1.25100.9002

Date: 2025-11-20 01:26:14
Description:
Antivirová ochrana v programu Microsoft Defender šċąή ħаѕ ъёёи ѕťθрρёð ьеƒθяė ĉõмρļěťīθή.%ŋ %тŜċăи ΪÐ:%в{8A3D5D53-1338-4A5F-AC8C-9ED0B2273B8D}%й %ťŠ¢ąņ Ťŷрέ:%ьAntimalwarový program%й %ţŚćдл Ρдгâmεтзřš:%вRychlé prohledávání%й %ŧŪšёг:%вNT AUTHORITY\SYSTEM%и %ŧŚтθр Ŗēαŝøŋ:%ъŠčђёďûľзδ śćªŋ шâš şќïрφėð ьє¢аűšέ ŧħë ŀåşŧ śцčċεśšƒцļ ѕčαη щăś ώίŧнΐп ťћз ļąšт 7 ďдỳş

Date: 2025-11-19 01:23:40
Description:
Antivirová ochrana v programu Microsoft Defender šċąή ħаѕ ъёёи ѕťθрρёð ьеƒθяė ĉõмρļěťīθή.%ŋ %тŜċăи ΪÐ:%в{91EA2712-42B6-48AE-A10E-96DF9070E7B3}%й %ťŠ¢ąņ Ťŷрέ:%ьAntimalwarový program%й %ţŚćдл Ρдгâmεтзřš:%вRychlé prohledávání%й %ŧŪšёг:%вNT AUTHORITY\SYSTEM%и %ŧŚтθр Ŗēαŝøŋ:%ъŠčђёďûľзδ śćªŋ шâš şќïрφėð ьє¢аűšέ ŧħë ŀåşŧ śцčċεśšƒцļ ѕčαη щăś ώίŧнΐп ťћз ļąšт 7 ďдỳş

Date: 2025-11-17 10:36:00
Description:
Antivirová ochrana v programu Microsoft Defender šċąή ħаѕ ъёёи ѕťθрρёð ьеƒθяė ĉõмρļěťīθή.%ŋ %тŜċăи ΪÐ:%в{88257879-9909-4FC1-85BF-23A166A8F6F4}%й %ťŠ¢ąņ Ťŷрέ:%ьAntimalwarový program%й %ţŚćдл Ρдгâmεтзřš:%вRychlé prohledávání%й %ŧŪšёг:%вNT AUTHORITY\SYSTEM%и %ŧŚтθр Ŗēαŝøŋ:%ъŜ¢ĥзδůŀėď ѕčаň ẃªś ѕκϊφρзđ ъε¢άύśé тнė ļǻşт šџ¢čзššƒцľ śĉåή ώãŝ щīŧнĩň τћė ľάŝŧ 7 đªγś

Date: 2025-11-16 23:47:35
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VulnerableDriver:WinNT/Winring0
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Temp\mmlnsvmripjk.sys
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.441.273.0, AS: 1.441.273.0, NIS: 1.441.273.0
Verze modulu: AM: 1.1.25100.9002, NIS: 1.1.25100.9002

CodeIntegrity:
===============
Date: 2025-11-20 12:00:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AI\aimgr.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO GKCN65WW 01/16/2024
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 5 5600H with Radeon Graphics
Percentage of memory in use: 80%
Total physical RAM: 14188.06 MB
Available physical RAM: 2774.77 MB
Total Virtual: 24400.21 MB
Available Virtual: 5764.09 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:248.36 GB) (Model: WDC PC SN730 SDBPNTY-1T00-1101) NTFS

\\?\Volume{cb8128e1-c741-42a0-985f-7c1bca466b0d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.33 GB) NTFS
\\?\Volume{e4c3571b-2b4d-4755-a245-440b93e738c6}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: F3D4E73A)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15755
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosba o prohlídku

#2 Příspěvek od JaRon »

Ahoj,
prescanuj PC s Adwcleanerom a NPE https://support.norton.com/sp/static/ex ... s/npe.html
Podaj info o nalezoch :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
shrek.r
Návštěvník
Návštěvník
Příspěvky: 71
Registrován: 19 čer 2013 14:51

Re: prosba o prohlídku

#3 Příspěvek od shrek.r »

Norton něco našel zatím jsem nedal opravit
Přílohy
norton.png
norton.png (37.32 KiB) Zobrazeno 37 x
Nahoru
shrek.r
Návštěvník
Návštěvník
Příspěvky: 71
Registrován: 19 čer 2013 14:51

Re: prosba o prohlídku

#4 Příspěvek od shrek.r »

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-21-2025
# Duration: 00:00:10
# OS: Windows 10 (Build 19045.6466)
# Scanned: 32107
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\sobec\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15755
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosba o prohlídku

#5 Příspěvek od JaRon »

2 a 3 polozku daj opravit
Taktiez kde sa nachadza IMcontroller
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
shrek.r
Návštěvník
Návštěvník
Příspěvky: 71
Registrován: 19 čer 2013 14:51

Re: prosba o prohlídku

#6 Příspěvek od shrek.r »

V nortnu jsem dal do karanteny 2 a 3 po restartu a skenu je tam už jen ten gaming mouse.

V advececleaneru jsem dal do karanteny vše krom toho klíče registru ten neobsahuje IMcontroller, po rsestaru a scenu je tam toto

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-21-2025
# Duration: 00:00:09
# OS: Windows 10 (Build 19045.6466)
# Scanned: 32108
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner[S00].txt - [1877 octets] - [21/11/2025 17:05:34]
AdwCleaner[S01].txt - [1938 octets] - [21/11/2025 17:36:51]
AdwCleaner[C01].txt - [1903 octets] - [21/11/2025 17:38:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15755
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: prosba o prohlídku

#7 Příspěvek od JaRon »

Vycisti PC s Ccleanerom, vcetne registrov
Restart
Vloz oba aktualne logy FRST + napis, ci su nejake problemy :all_coholic: :???:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“