Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim kontrola logu - vystraha pred virusmi

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tomi8
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 říj 2007 18:33

Prosim kontrola logu - vystraha pred virusmi

#1 Příspěvek od tomi8 »

Dobry den, prosim o kontrolu logu.

Virusova hrozba z google chrome:
win32/Cryptolocker.X9Zr
Win32/Melissa2023.Xi92
Win32/Zeus.2023
Win32/Mydoom.2023.
Win32/Conficker.2jf9
Win32/Pshtrm.Slmn
Win32/Trojan.H028hj

dakujem.
Tomas

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2025
Ran by tkkro (administrator) on DESKTOP-70VBQ4R (Dell Inc. XPS 8700) (30-10-2025 20:34:48)
Running from C:\Users\tkkro\Downloads\FRST64.exe
Loaded Profiles: tkkro
Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.99\msedgewebview2.exe <7>
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper64.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe <5>
(C:\Users\tkkro\Downloads\FRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2507.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(explorer.exe ->) (54418920-1845-464B-A595-EDBEA032F08F -> ) C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0\ControlCenter30\ControlCenter30.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(explorer.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe <2>
(explorer.exe ->) (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\PubPlatform.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Opera Norway AS -> Opera Software) C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\Overwolf.exe
(Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE
(services.exe ->) (Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.U.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [139264 2012-06-25] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [819200 2012-05-18] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [186984 2022-11-02] (Panda Security S.L. -> Panda Security, S.L.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [92692328 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4735888 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4699288 2025-10-03] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [39517600 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5869264 2025-06-19] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Overwolf] => C:\Users\tkkro\Desktop\overwolf\OverwolfLauncher.exe [1911040 2025-10-27] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [MicrosoftEdgeAutoLaunch_2951A22EE169901D4BD281DD08F1EC8C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4265040 2025-10-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Browser Assistant] => C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4712920 2025-09-11] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Stable] => C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe [2106840 2025-10-27] (Opera Norway AS -> Opera Software)
HKLM\...\Print\Monitors\Panasonic KX-MB1500 Language Monitor: C:\Windows\system32\ZDGLIC36.DLL [24576 2011-02-03] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-10-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.123\Installer\chrmstp.exe [2025-10-24] (Google LLC -> Google LLC)
Startup: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2025-10-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9385960E-1185-4899-8B8D-31C0032DE3AE} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5543640 2025-08-28] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {0B9301EB-5E36-4B83-B8DF-E00F8BDCABC5} - System32\Tasks\ASC_SkipUac_fokol => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {E55CBC48-98C1-4978-AA30-B7AAFB647D9D} - System32\Tasks\ASC_SkipUac_tkkro => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {3A9506F2-6093-4E83-8677-A6BBDCDC0E32} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem143.0.7482.0{674258D2-A324-4C88-88AF-166F6075C76A} => C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe [6933656 2025-10-19] (Google LLC -> Google LLC)
Task: {40BC1561-0536-4F7F-A9F0-0F3FB2B3B21D} - System32\Tasks\IMF_SkipUAC_fokol => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {856CA9B5-A4DE-4F10-BFF4-7666B0F131BC} - System32\Tasks\IMF_SkipUAC_tkkro => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {190E2001-08A8-4D78-97F0-26C18063AA73} - System32\Tasks\IObit SUM2025Sale (One-time) => "C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\sumen.exe" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\\/rpop
Task: {5ED981FA-B367-4919-9F38-35CFAEE78414} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17010512 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB9B7C16-9E96-4165-95A7-C073492DCBEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8880983D-5770-4468-BE3B-B2760DD7B45C} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70504 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {974DF8E5-7B61-484D-AE9F-2EF8C329CFAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA5C2C39-0B4B-4B1F-8FE5-3B88D712140E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DC56855-AA49-4267-A1B8-A9CC42A91323} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FB9BF37-A89E-4E21-ACA8-628AF27331B0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFB5FF9-F3D9-44E4-A590-5BFF11676235} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFFA08B2-96E1-4C5D-9D6D-A0D1499BED7D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Task: {23FE3FB4-334A-46AD-B9C9-51AE393264DA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCFE597D-010D-407F-9429-7FD31B355C04} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveLauncher.exe [725864 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC808F09-B746-41CB-B727-324F02862218} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1753257838 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tkkro\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {FDC48675-61E5-4B9B-924D-7B0547B30C8A} - System32\Tasks\Opera GX scheduled Autoupdate 1752689434 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {32317B31-79F5-4C66-A7C5-002C054F8446} - System32\Tasks\Opera scheduled assistant Autoupdate 1761851154 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\tkkro\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {F2BF5BCA-1513-4947-9919-61874FE1951A} - System32\Tasks\Opera scheduled Autoupdate 1761851152 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software)
Task: {412D0520-C155-4EEA-A3F4-CDB6432E6885} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD) -> C:\Users\tkkro\Desktop\overwolf\/RunningFrom Schedule

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{212d4b5c-3843-4e57-9e43-e4ee35d8f237}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-30]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge StartupUrls: Default -> "hxxp://www.google.sk/"
Edge Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
Edge Extension: (Edge relevant text changes) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-03]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default [2025-10-30]
CHR Notifications: Default -> hxxps://aternos.org; hxxps://d41qmme071bc73f91jpg.hyperchainnet.com
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-03]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-10-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-14]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\System Profile [2025-10-17]

Opera:
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288288 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [126268152 2025-09-11] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-10-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe [3604880 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141688 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
R3 ImfElamService; C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe [4604200 2024-09-25] (IObit CO., LTD -> IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2641888 2024-10-11] (IObit CO., LTD -> IObit)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [119560 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveUpdaterService.exe [3888488 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD)
R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [195736 2023-04-13] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [81424 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.U.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NativePushService; "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-04-28] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2024-09-25] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2024-09-25] (IObit CO., LTD -> IObit)
R3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-07-02] (IObit CO., LTD -> IObit)
R1 NNSDNS; C:\Windows\system32\DRIVERS\NNSDNS.sys [146184 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [215264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [128744 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [146664 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [151152 2022-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
R1 NNSNHWFP; C:\Windows\system32\DRIVERS\NNSNHWFP.sys [211208 2022-12-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [164568 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [137960 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [407264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [575720 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [125672 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [335064 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S3 ObCallbackProcess; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ObCallbackProcess.sys [53608 2024-09-25] (IObit CO., LTD -> IObit)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [198376 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S0 psinelam; C:\Windows\System32\DRIVERS\psinelam.sys [37952 2024-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [176360 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [218856 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [150760 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [162536 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [130280 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [63360 2023-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.U.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-30 20:33 - 2025-10-30 20:34 - 000037981 _____ C:\Users\tkkro\Downloads\Addition.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000031379 _____ C:\Users\tkkro\Downloads\FRST.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000000000 ____D C:\FRST
2025-10-30 20:30 - 2025-10-30 20:31 - 002443264 _____ (Farbar) C:\Users\tkkro\Downloads\FRST64.exe
2025-10-30 20:07 - 2025-10-30 20:07 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2025-10-30 20:06 - 2025-10-30 20:06 - 000004248 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1761851152
2025-10-30 20:05 - 2025-10-30 20:05 - 000004518 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1761851154
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\Desktop\Prehliadač Opera.lnk
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2025-10-30 20:05 - 2022-12-06 11:53 - 000211208 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsnhwfp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000407264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprot.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000215264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000146184 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsdns.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000137960 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspop3.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000128744 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttps.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000125672 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnssmtp.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000198376 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000162536 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000130280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2025-10-30 20:04 - 2025-10-30 20:07 - 000002305 _____ C:\Users\Public\Desktop\Panda Dome.lnk
2025-10-30 20:04 - 2025-10-30 20:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2025-10-30 20:04 - 2025-10-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2025-10-30 20:04 - 2022-11-06 11:24 - 000575720 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprv.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000335064 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsstrm.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000164568 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspicc.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000146664 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsids.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000218856 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000176360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000150760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2025-10-30 20:03 - 2025-10-30 20:05 - 000000000 ____D C:\ProgramData\Panda Security
2025-10-30 20:00 - 2025-10-30 20:00 - 003369480 _____ (Panda Security, S.L.) C:\Users\tkkro\Downloads\PANDAFREEAV.exe
2025-10-30 19:51 - 2025-10-30 19:51 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub subury
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub kanal
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub
2025-10-30 13:29 - 2025-10-30 13:29 - 000001419 _____ C:\Users\tkkro\Desktop\Roblox Player.lnk
2025-10-30 08:41 - 2025-10-30 08:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-10-30 08:41 - 2025-10-30 08:41 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-10-27 15:00 - 2025-10-27 15:07 - 410430982 _____ C:\Users\tkkro\Downloads\Skyblock_Infinite_Revamped.zip
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\ProgramData\CapCut
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\Program Files\CapCut
2025-10-24 14:08 - 2025-10-24 14:08 - 000031362 _____ C:\Users\tkkro\Downloads\unnamed.webp
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\mssdk
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Local\VEDetector
2025-10-24 13:40 - 2025-10-26 18:33 - 000000000 ____D C:\Users\tkkro\AppData\Local\CapCut
2025-10-24 13:32 - 2025-10-24 13:32 - 002897776 _____ C:\Users\tkkro\Downloads\CapCut_7564765176285741057_installer.exe
2025-10-23 17:48 - 2025-10-23 17:48 - 000000000 ____D C:\Voiceover
2025-10-23 17:45 - 2025-08-18 17:21 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-10-23 17:44 - 2025-10-24 13:27 - 000000000 ____D C:\ProgramData\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Local\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-10-23 17:38 - 2025-10-23 17:46 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-10-23 17:38 - 2025-10-23 17:38 - 002202088 _____ C:\Users\tkkro\Downloads\filmora-idco_setup_full1901.exe
2025-10-23 17:32 - 2025-10-07 09:16 - 002406071 _____ C:\Users\tkkro\Documents\video.mp4
2025-10-22 19:57 - 2025-10-29 21:35 - 000000000 ____D C:\Users\tkkro\Documents\ShareX
2025-10-22 19:49 - 2025-10-22 19:49 - 000000825 _____ C:\Users\tkkro\Desktop\ShareX.lnk
2025-10-22 19:49 - 2025-10-22 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2025-10-22 19:48 - 2025-10-22 19:48 - 000000000 ____D C:\Program Files\ShareX
2025-10-22 19:34 - 2025-10-22 19:36 - 106603663 _____ (ShareX Team ) C:\Users\tkkro\Downloads\ShareX-18.0.1-setup.exe
2025-10-22 19:24 - 2025-10-22 19:24 - 000357360 _____ C:\Users\tkkro\Downloads\photo-1657632843433-e6a8b7451ac6.jpeg
2025-10-17 20:19 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.0
2025-10-17 20:19 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Windows Kits
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-10-16 19:48 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.0
2025-10-13 20:04 - 2025-10-13 20:05 - 000490371 _____ C:\Users\tkkro\Downloads\photo-1732624696535-68022a5b84dc.jpeg
2025-10-09 13:00 - 2025-10-09 13:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Electronic Arts
2025-10-09 12:59 - 2025-10-09 13:04 - 000000000 ____D C:\Users\tkkro\AppData\Local\Skate
2025-10-09 12:59 - 2025-10-09 12:59 - 000000000 ____D C:\ProgramData\Frostbite
2025-10-09 12:56 - 2025-10-09 13:03 - 000000000 ____D C:\ProgramData\Packer
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EA
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\ProgramData\eaanticheat
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Program Files\EA
2025-10-08 13:31 - 2025-10-30 17:36 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EasyAntiCheat
2025-10-08 06:46 - 2025-10-08 06:46 - 000000354 _____ C:\Users\tkkro\Desktop\Fortnite.url
2025-10-07 19:00 - 2025-10-07 19:00 - 000253230 _____ C:\Users\tkkro\Downloads\wallpaper_mikael_gustafsson.webp
2025-10-07 15:49 - 2025-10-07 15:49 - 000028406 _____ C:\Users\tkkro\Downloads\r0zg2ds05k541.webp
2025-10-07 11:54 - 2025-10-07 11:54 - 000072544 _____ C:\Users\tkkro\Downloads\SKRATKY.pptx
2025-10-06 19:16 - 2025-10-06 19:16 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\QuickStyles
2025-10-05 15:04 - 2025-10-05 15:04 - 000315386 _____ C:\Users\tkkro\Downloads\200-2_alkan-f-x-l.webp
2025-09-30 12:34 - 2025-09-30 12:34 - 000002182 _____ C:\Users\tkkro\Desktop\Mortyr 3.lnk
2025-09-30 12:34 - 2025-09-30 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2025-09-30 12:28 - 2025-09-30 12:28 - 000000000 ____D C:\Program Files (x86)\City Interactive

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-30 20:28 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-30 20:27 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2025-10-30 20:26 - 2025-01-03 20:20 - 000000000 ____D C:\Program Files (x86)\Steam
2025-10-30 20:07 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2025-10-30 20:06 - 2025-07-16 19:10 - 000000000 ____D C:\Users\tkkro\AppData\Local\Opera Software
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\GroupPolicy
2025-10-30 20:04 - 2025-07-16 19:08 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Opera Software
2025-10-30 19:42 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Local\Roblox
2025-10-30 17:08 - 2024-10-30 17:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-10-30 15:02 - 2025-03-18 21:27 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.minecraft
2025-10-30 13:58 - 2025-04-02 12:46 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.tlauncher
2025-10-30 13:29 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2025-10-30 08:44 - 2024-11-01 08:46 - 000000708 _____ C:\ProgramData\pdinst.ini
2025-10-30 08:42 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\D3DSCache
2025-10-30 08:41 - 2025-01-28 10:54 - 000003552 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-10 12:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-10-30 08:41 - 2025-01-03 20:08 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-03 20:07 - 000000000 ___RD C:\Users\tkkro\OneDrive
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2025-10-30 08:40 - 2025-03-18 21:00 - 000000000 ____D C:\Users\tkkro\Desktop\overwolf
2025-10-30 08:40 - 2025-03-18 20:57 - 000000000 ____D C:\Users\tkkro\AppData\Local\Overwolf
2025-10-29 21:35 - 2024-10-30 17:53 - 000000000 ____D C:\ProgramData\NVIDIA
2025-10-29 21:09 - 2025-01-13 14:22 - 000002554 _____ C:\Windows\SysWOW64\pubfreeware.ini
2025-10-29 16:04 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\Packages
2025-10-29 15:24 - 2025-02-24 14:33 - 000000000 ____D C:\XboxGames
2025-10-29 15:24 - 2024-10-30 17:54 - 000000000 ____D C:\ProgramData\Packages
2025-10-27 20:45 - 2024-11-01 08:47 - 000000000 ____D C:\ProgramData\ProductData3
2025-10-27 16:27 - 2025-03-24 13:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\CrashDumps
2025-10-27 12:58 - 2025-01-03 20:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\Steam
2025-10-26 19:16 - 2025-01-09 20:17 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Word
2025-10-25 17:24 - 2024-10-30 17:47 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-10-25 17:24 - 2024-10-30 17:47 - 000003504 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-10-25 06:49 - 2024-10-30 17:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-25 06:49 - 2024-10-30 17:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-24 19:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\NDF
2025-10-24 18:26 - 2024-10-30 18:02 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-24 18:26 - 2024-10-30 18:02 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-24 13:30 - 2025-09-09 13:18 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\obs-studio
2025-10-23 17:45 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-10-16 19:48 - 2025-02-24 14:33 - 004213112 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-10-16 19:48 - 2025-02-24 14:33 - 000076144 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-10-16 19:47 - 2025-02-24 14:33 - 000285048 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-10-16 19:47 - 2025-02-24 14:33 - 000244088 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-10-16 13:39 - 2025-01-09 18:44 - 000000000 ____D C:\Program Files\Microsoft Office
2025-10-15 15:00 - 2024-10-30 18:05 - 000000000 ____D C:\Windows\system32\MRT
2025-10-15 15:00 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-10-15 14:57 - 2024-10-30 18:05 - 214534944 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-10-11 19:20 - 2025-01-03 20:04 - 000000000 ____D C:\Users\tkkro
2025-10-11 18:47 - 2024-10-30 17:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-10-11 18:46 - 2025-02-03 16:17 - 000012288 ___SH C:\DumpStack.log.tmp
2025-10-09 13:07 - 2025-01-06 13:28 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-10-08 13:32 - 2025-03-30 06:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-10-07 16:12 - 2025-01-03 20:34 - 000000000 ____D C:\Program Files\Epic Games
2025-10-07 12:26 - 2025-01-31 18:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\PowerPoint
2025-10-06 19:27 - 2025-08-13 19:08 - 000002434 _____ C:\Users\tkkro\Desktop\PowerPoint.lnk
2025-10-06 19:27 - 2025-08-13 19:08 - 000002429 _____ C:\Users\tkkro\Desktop\Excel.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002517 _____ C:\Users\tkkro\Desktop\Word.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002439 _____ C:\Users\tkkro\Desktop\OneNote.lnk
2025-10-01 13:11 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\VirtualStore

==================== Files in the root of some directories ========

2025-02-01 18:02 - 2025-02-15 16:52 - 000007625 _____ () C:\Users\tkkro\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2025
Ran by tkkro (30-10-2025 20:36:14)
Running from C:\Users\tkkro\Downloads
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2024-10-30 16:48:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4097984775-1942777989-3443805053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4097984775-1942777989-3443805053-503 - Limited - Disabled)
Guest (S-1-5-21-4097984775-1942777989-3443805053-501 - Limited - Disabled)
tkkro (S-1-5-21-4097984775-1942777989-3443805053-1002 - Administrator - Enabled) => C:\Users\tkkro
WDAGUtilityAccount (S-1-5-21-4097984775-1942777989-3443805053-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Enabled - Up to date) {8404BB29-B609-D604-AF5C-6806F0482FD3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {1B2E67BD-0994-AA89-E0C2-268754ADA0AC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 18.5.0 - IObit)
CPUID CPU-Z 2.11 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.11 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.288.1.8404 - Overwolf app)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.123 - Google LLC)
IObit Malware Fighter 12 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 12.0.0.1433 - IObit)
Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.99 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.99 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{0812546C-471E-E343-DE9C-AECF3D0137E6}) (Version: 10.1.26100.6154 - Microsoft Corporation)
Microsoft Office 2019 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudent2019Retail - sk-sk) (Version: 16.0.19127.20302 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.194.1005.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mortyr 3: Diverzní akce (HKLM-x32\...\Mortyr3_is1) (Version: - City Interactive)
NVIDIA Grafický ovládač 566.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 566.03 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 31.0.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Opera Stable 123.0.5669.23 (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Opera 123.0.5669.23) (Version: 123.0.5669.23 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.283.1.4 - Overwolf Ltd.)
Panasonic Multi-Function Station software (HKLM-x32\...\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}) (Version: 1.00 - Panasonic System Networks Co., Ltd.)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{2D719FEF-BFA6-47CB-8017-96358D753C60}) (Version: 12.12.80 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 22.03.05.0000 - Panda Security)
Roblox Player for tkkro (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 18.0.1 - ShareX Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.9316 - TLauncher Inc.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Wargaming.net Game Center for Steam (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Wargaming.net Game Center for Steam) (Version: 25.5.0.352 - Wargaming.net)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Chrome apps:
============
Instagram (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\7815dab0388481ea744919410c3232d7) (Version: 1.0 - Google\Chrome)

Packages:
=========
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0 [2025-07-01] (CLEVO CO.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-09-07] (Instagram)
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-10-16] ()
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-10-16] ()
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.11401.0_x64__8wekyb3d8bbwe [2025-10-16] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.2.2.0_x64__8wekyb3d8bbwe [2025-02-24] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-06-17] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-10-16] ()
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm [2025-10-23] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\nvshext.dll [2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
ShortcutWithArgument: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp

==================== Loaded Modules (Whitelisted) =============

2025-10-23 17:45 - 2024-09-29 13:45 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2025-10-22 19:48 - 2024-01-21 13:44 - 000113664 _____ (Gregoire Pailler) [File not signed] [File is in use] C:\Program Files\ShareX\MegaApiClient.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-10-22 19:48 - 2025-08-19 03:34 - 000263680 _____ (Özgür Özçıtak) [File not signed] [File is in use] C:\Program Files\ShareX\ImageListView.dll
2025-01-29 20:23 - 2011-01-21 13:18 - 000135168 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSSEL.DLL
2025-01-29 20:21 - 2012-08-21 18:21 - 000033280 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\K0JDUC36.DLL
2025-01-29 20:21 - 2011-02-03 11:08 - 000024576 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\System32\ZDGLIC36.DLL
2025-01-29 20:23 - 2010-03-29 20:05 - 000110592 _____ (Panosonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSNWK.DLL
2025-10-22 19:48 - 2025-08-19 03:35 - 002085888 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001075712 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HelpersLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000187392 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HistoryLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000129024 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ImageEffectsLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000040960 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.IndexerLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000197120 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.MediaLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000863232 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ScreenCaptureLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001656832 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.UploadersLib.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 000708096 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8646]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2024-09-25] (IObit CO., LTD -> IObit)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: AnchorFree TAP-Windows Adapter V9 -> aftap0901.sys
Ethernet: Realtek(R) PCI(e) Ethernet Controller -> rt640x64.sys

NNSNAHSL: Network Activity Hook Server LightWeight Filter Driver

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\Control Panel\Desktop\\Wallpaper -> c:\users\tkkro\downloads\wp6710191.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B7FAE2D9-33F3-486F-8910-0E7980590D1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21D4B83C-7B89-40F2-A545-CCA0D9DBB29F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{058B7C48-58D8-4E1D-AEFB-7925F7B702F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F9D755EE-73A1-40FF-A6BE-1AB7A6B26315}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{894F99F6-8F4E-46D2-A145-3A554E903AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9FE6571B-6C9A-44A0-97E5-20E66A0CBED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{151BF5E7-3BD3-49CA-81E7-2444E5890247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{29E01651-0953-4347-ADAA-AD8D29E03518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A2137977-B7CA-453C-83AE-1128A70AA72C}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{43614A71-6292-4524-8B2A-1E3AEDB9B009}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{30BB6EA8-C045-41FA-8EC6-648C14567767}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{73343FDB-800F-4C6A-B8CB-0678E861B833}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{DA522197-941E-48BA-AF25-65BE99B54E68}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{A3B81E93-FD18-4296-82EA-AE37DB1B95CB}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{E1EC91E5-C175-4F41-AB71-C75CF93EFC7E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{2214E935-0E25-4C84-884C-C0C88DF333E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8DE9377A-A66D-4E04-8001-0324C2850CCF}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{36112FFC-BCEC-4E9A-8105-C65A3B57EB42}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{3568E8D6-1E5E-4C79-BEBC-7BAF85E8F018}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{CD559E2A-B1C1-406B-9951-CA248D97AA6C}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [TCP Query User{C4FBDEAA-DCF8-4747-AC9D-58814D641F13}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{750A8C26-561A-489F-9E63-1285F41A08F3}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [{3CE1FCA6-EB80-43B1-B632-BFC91C2FD3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{413EBFEB-0A85-4C16-9785-F048973970E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{5A64C604-2C70-42E4-9AA5-313C5643FD6F}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{55C5CE38-7997-4DAC-A1FE-B839DE5A3279}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{BD5EE8B0-8314-44BA-AE47-BFCB1EDC6889}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera GX\opera.exe => No File
FirewallRules: [TCP Query User{2DD23EE8-3668-4867-9466-F53A904E8249}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EEE95090-5266-47FF-AA44-DFE31CDC7EF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7F0FE9B7-2FBF-426B-BE92-07BDC5793CE5}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CA7BAC75-F145-405C-BA44-AE1AB5B3ACAF}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{1EFCE25B-3EEF-4E67-8FEF-F9212A618B22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90297FA-CF3B-4E5E-AFE4-D9357BBD05A5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A36BC844-44F1-4255-B065-8B28DFCBBFDC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1C4DFE8-3515-4806-A0C1-6C7C1FCDDD93}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BD47556-0562-48D6-8674-403F19515E3D}] => (Allow) C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{57E1C116-A915-4C5B-8540-91E4C97E00D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{821D0214-40E9-4A05-BE71-B25C13558722}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{0BE3DB2E-18FE-4168-A693-9E6C99FF7A64}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{1D81B1EA-B682-4C05-AA47-2D30943BC26A}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{4BFD4078-57D6-4A9F-BE49-9E1C3A78473B}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{9E932D0C-33D4-4CC9-829C-401549ECBDE1}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9684FE81-BDF2-448A-B5E7-F4B3A25F289C}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6EE2C7BB-6A75-4859-A794-307F4ED73A10}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)

==================== Restore Points =========================

20-10-2025 14:58:39 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/30/2025 08:06:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (10/27/2025 04:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: javaw.exe, verzia: 21.0.7.0, časová značka: 0x1bc97390
Názov chybujúceho modulu: OpenAL.dll, verzia: 1.23.1.0, časová značka: 0x647635a1
Kód výnimky: 0xc0000409
Odstup chyby: 0x00000000000a2b05
Identifikácia chybujúceho procesu: 0x4780
Čas spustenia chybujúcej aplikácie: 0x01dc4742eadf0834
Cesta chybujúcej aplikácie: C:\Users\tkkro\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
Cesta chybujúceho modulu: C:\Users\tkkro\AppData\Roaming\.minecraft\versions\1.21.8\natives\OpenAL.dll
Identifikácia hlásenia: 72b7856b-12d1-416e-a831-d57dc7da956a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/26/2025 07:16:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8276. Message ID: [0x2509].

Error: (10/24/2025 01:54:56 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5444. Message ID: [0x2509].

Error: (10/22/2025 08:17:55 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 18136. Message ID: [0x2509].

Error: (10/22/2025 08:06:37 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 9208. Message ID: [0x2509].

Error: (10/21/2025 08:40:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 15832. Message ID: [0x2509].

Error: (10/16/2025 07:45:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1768. Message ID: [0x2509].


System errors:
=============
Error: (10/30/2025 08:40:14 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/29/2025 08:24:25 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/29/2025 02:43:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/29/2025 07:12:41 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/28/2025 12:28:14 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/27/2025 08:44:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/27/2025 12:57:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.

Error: (10/26/2025 06:32:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.


CodeIntegrity:
===============
Date: 2025-10-30 20:25:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-10-30 20:06:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\x64\PSINOAV.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A11 07/09/2015
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 12237.66 MB
Available physical RAM: 5857.8 MB
Total Virtual: 15565.66 MB
Available Virtual: 5004.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.06 GB) (Free:186.16 GB) (Model: Samsung SSD 870 EVO 500GB) NTFS

\\?\Volume{af14c36c-7ad2-4102-b034-4a9c639048cb}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{849eb65b-293c-4b14-9dbc-81d44162e426}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 199E659F)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119611
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosim kontrola logu - vystraha pred virusmi

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tomi8
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 říj 2007 18:33

Re: Prosim kontrola logu - vystraha pred virusmi

#3 Příspěvek od tomi8 »

# -------------------------------
# Malwarebytes AdwCleaner 8.6.0.613
# -------------------------------
# Build: 08-19-2025
# Database: 2025-08-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-30-2025
# Duration: 00:00:03
# OS: Windows 11 (Build 22000.2538)
# Cleaned: 28
# Failed: 0


***** [ Services ] *****

Deleted IMFservice

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\Users\fokol\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\fokol\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\tkkro\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\tkkro\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4204 octets] - [30/10/2025 20:56:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119611
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosim kontrola logu - vystraha pred virusmi

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tomi8
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 říj 2007 18:33

Re: Prosim kontrola logu - vystraha pred virusmi

#5 Příspěvek od tomi8 »

dakujem, logy:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2025
Ran by tkkro (administrator) on DESKTOP-70VBQ4R (Dell Inc. XPS 8700) (30-10-2025 21:45:23)
Running from C:\Users\tkkro\Downloads\FRST64.exe
Loaded Profiles: tkkro
Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2507.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(Opera Norway AS -> Opera Software) C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE
(services.exe ->) (Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.U.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [139264 2012-06-25] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [819200 2012-05-18] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [186984 2022-11-02] (Panda Security S.L. -> Panda Security, S.L.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [92692328 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4735888 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4699288 2025-10-03] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [39517600 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Advanced SystemCare] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto (No File)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Overwolf] => C:\Users\tkkro\Desktop\overwolf\OverwolfLauncher.exe [1911040 2025-10-27] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [MicrosoftEdgeAutoLaunch_2951A22EE169901D4BD281DD08F1EC8C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4265040 2025-10-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Browser Assistant] => C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4712920 2025-09-11] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Stable] => C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe [2106840 2025-10-27] (Opera Norway AS -> Opera Software)
HKLM\...\Print\Monitors\Panasonic KX-MB1500 Language Monitor: C:\Windows\system32\ZDGLIC36.DLL [24576 2011-02-03] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-10-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.123\Installer\chrmstp.exe [2025-10-24] (Google LLC -> Google LLC)
Startup: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2025-10-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9385960E-1185-4899-8B8D-31C0032DE3AE} - System32\Tasks\ASC_PerformanceMonitor => "C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {0B9301EB-5E36-4B83-B8DF-E00F8BDCABC5} - System32\Tasks\ASC_SkipUac_fokol => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {E55CBC48-98C1-4978-AA30-B7AAFB647D9D} - System32\Tasks\ASC_SkipUac_tkkro => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {3A9506F2-6093-4E83-8677-A6BBDCDC0E32} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem143.0.7482.0{674258D2-A324-4C88-88AF-166F6075C76A} => C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe [6933656 2025-10-19] (Google LLC -> Google LLC)
Task: {40BC1561-0536-4F7F-A9F0-0F3FB2B3B21D} - System32\Tasks\IMF_SkipUAC_fokol => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {856CA9B5-A4DE-4F10-BFF4-7666B0F131BC} - System32\Tasks\IMF_SkipUAC_tkkro => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {190E2001-08A8-4D78-97F0-26C18063AA73} - System32\Tasks\IObit SUM2025Sale (One-time) => "C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\sumen.exe" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\\/rpop
Task: {5ED981FA-B367-4919-9F38-35CFAEE78414} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17010512 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB9B7C16-9E96-4165-95A7-C073492DCBEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8880983D-5770-4468-BE3B-B2760DD7B45C} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70504 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {974DF8E5-7B61-484D-AE9F-2EF8C329CFAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA5C2C39-0B4B-4B1F-8FE5-3B88D712140E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DC56855-AA49-4267-A1B8-A9CC42A91323} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FB9BF37-A89E-4E21-ACA8-628AF27331B0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFB5FF9-F3D9-44E4-A590-5BFF11676235} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFFA08B2-96E1-4C5D-9D6D-A0D1499BED7D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Task: {23FE3FB4-334A-46AD-B9C9-51AE393264DA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCFE597D-010D-407F-9429-7FD31B355C04} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveLauncher.exe [725864 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC808F09-B746-41CB-B727-324F02862218} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1753257838 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tkkro\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {FDC48675-61E5-4B9B-924D-7B0547B30C8A} - System32\Tasks\Opera GX scheduled Autoupdate 1752689434 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {32317B31-79F5-4C66-A7C5-002C054F8446} - System32\Tasks\Opera scheduled assistant Autoupdate 1761851154 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\tkkro\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {F2BF5BCA-1513-4947-9919-61874FE1951A} - System32\Tasks\Opera scheduled Autoupdate 1761851152 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software)
Task: {412D0520-C155-4EEA-A3F4-CDB6432E6885} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD) -> C:\Users\tkkro\Desktop\overwolf\/RunningFrom Schedule

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{212d4b5c-3843-4e57-9e43-e4ee35d8f237}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-30]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge StartupUrls: Default -> "hxxp://www.google.sk/"
Edge Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
Edge Extension: (Edge relevant text changes) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-03]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default [2025-10-30]
CHR Notifications: Default -> hxxps://aternos.org; hxxps://d41qmme071bc73f91jpg.hyperchainnet.com
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-03]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-10-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-14]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\System Profile [2025-10-17]

Opera:
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288288 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [126268152 2025-09-11] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-10-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe [3604880 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141688 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
R3 ImfElamService; C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe [4604200 2024-09-25] (IObit CO., LTD -> IObit)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [119560 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveUpdaterService.exe [3888488 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD)
R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [195736 2023-04-13] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [81424 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.U.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AdvancedSystemCareService18; "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe" [X]
S2 NativePushService; "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2024-09-25] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2024-09-25] (IObit CO., LTD -> IObit)
R3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R1 NNSDNS; C:\Windows\system32\DRIVERS\NNSDNS.sys [146184 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [215264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [128744 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [146664 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [151152 2022-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
R1 NNSNHWFP; C:\Windows\system32\DRIVERS\NNSNHWFP.sys [211208 2022-12-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [164568 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [137960 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [407264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [575720 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [125672 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [335064 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S3 ObCallbackProcess; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ObCallbackProcess.sys [53608 2024-09-25] (IObit CO., LTD -> IObit)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [198376 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S0 psinelam; C:\Windows\System32\DRIVERS\psinelam.sys [37952 2024-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [176360 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [218856 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [150760 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [162536 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [130280 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [63360 2023-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.U.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
R3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
R3 iobit_monitor_server2021; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-30 21:03 - 2025-10-30 21:03 - 009566696 _____ (Malwarebytes) C:\Users\tkkro\Downloads\AdwCleaner (1).exe
2025-10-30 20:56 - 2025-10-30 20:57 - 000000000 ____D C:\AdwCleaner
2025-10-30 20:56 - 2025-10-30 20:56 - 009616736 _____ (Malwarebytes) C:\Users\tkkro\Downloads\adwcleaner.exe
2025-10-30 20:33 - 2025-10-30 20:37 - 000037980 _____ C:\Users\tkkro\Downloads\Addition.txt
2025-10-30 20:31 - 2025-10-30 21:46 - 000026625 _____ C:\Users\tkkro\Downloads\FRST.txt
2025-10-30 20:31 - 2025-10-30 21:45 - 000000000 ____D C:\FRST
2025-10-30 20:30 - 2025-10-30 20:31 - 002443264 _____ (Farbar) C:\Users\tkkro\Downloads\FRST64.exe
2025-10-30 20:07 - 2025-10-30 20:07 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2025-10-30 20:06 - 2025-10-30 20:06 - 000004248 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1761851152
2025-10-30 20:05 - 2025-10-30 20:05 - 000004518 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1761851154
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\Desktop\Prehliadač Opera.lnk
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2025-10-30 20:05 - 2022-12-06 11:53 - 000211208 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsnhwfp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000407264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprot.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000215264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000146184 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsdns.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000137960 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspop3.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000128744 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttps.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000125672 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnssmtp.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000198376 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000162536 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000130280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2025-10-30 20:04 - 2025-10-30 20:07 - 000002305 _____ C:\Users\Public\Desktop\Panda Dome.lnk
2025-10-30 20:04 - 2025-10-30 20:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2025-10-30 20:04 - 2025-10-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2025-10-30 20:04 - 2022-11-06 11:24 - 000575720 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprv.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000335064 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsstrm.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000164568 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspicc.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000146664 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsids.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000218856 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000176360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000150760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2025-10-30 20:03 - 2025-10-30 20:05 - 000000000 ____D C:\ProgramData\Panda Security
2025-10-30 20:00 - 2025-10-30 20:00 - 003369480 _____ (Panda Security, S.L.) C:\Users\tkkro\Downloads\PANDAFREEAV.exe
2025-10-30 19:51 - 2025-10-30 19:51 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub subury
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub kanal
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub
2025-10-30 13:29 - 2025-10-30 13:29 - 000001419 _____ C:\Users\tkkro\Desktop\Roblox Player.lnk
2025-10-30 08:41 - 2025-10-30 08:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-10-30 08:41 - 2025-10-30 08:41 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-10-27 15:00 - 2025-10-27 15:07 - 410430982 _____ C:\Users\tkkro\Downloads\Skyblock_Infinite_Revamped.zip
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\ProgramData\CapCut
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\Program Files\CapCut
2025-10-24 14:08 - 2025-10-24 14:08 - 000031362 _____ C:\Users\tkkro\Downloads\unnamed.webp
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\mssdk
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Local\VEDetector
2025-10-24 13:40 - 2025-10-26 18:33 - 000000000 ____D C:\Users\tkkro\AppData\Local\CapCut
2025-10-24 13:32 - 2025-10-24 13:32 - 002897776 _____ C:\Users\tkkro\Downloads\CapCut_7564765176285741057_installer.exe
2025-10-23 17:48 - 2025-10-23 17:48 - 000000000 ____D C:\Voiceover
2025-10-23 17:45 - 2025-08-18 17:21 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-10-23 17:44 - 2025-10-24 13:27 - 000000000 ____D C:\ProgramData\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Local\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-10-23 17:38 - 2025-10-23 17:46 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-10-23 17:38 - 2025-10-23 17:38 - 002202088 _____ C:\Users\tkkro\Downloads\filmora-idco_setup_full1901.exe
2025-10-23 17:32 - 2025-10-07 09:16 - 002406071 _____ C:\Users\tkkro\Documents\video.mp4
2025-10-22 19:57 - 2025-10-29 21:35 - 000000000 ____D C:\Users\tkkro\Documents\ShareX
2025-10-22 19:49 - 2025-10-22 19:49 - 000000825 _____ C:\Users\tkkro\Desktop\ShareX.lnk
2025-10-22 19:49 - 2025-10-22 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2025-10-22 19:48 - 2025-10-22 19:48 - 000000000 ____D C:\Program Files\ShareX
2025-10-22 19:34 - 2025-10-22 19:36 - 106603663 _____ (ShareX Team ) C:\Users\tkkro\Downloads\ShareX-18.0.1-setup.exe
2025-10-22 19:24 - 2025-10-22 19:24 - 000357360 _____ C:\Users\tkkro\Downloads\photo-1657632843433-e6a8b7451ac6.jpeg
2025-10-17 20:19 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.0
2025-10-17 20:19 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Windows Kits
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-10-16 19:48 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.0
2025-10-13 20:04 - 2025-10-13 20:05 - 000490371 _____ C:\Users\tkkro\Downloads\photo-1732624696535-68022a5b84dc.jpeg
2025-10-09 13:00 - 2025-10-09 13:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Electronic Arts
2025-10-09 12:59 - 2025-10-09 13:04 - 000000000 ____D C:\Users\tkkro\AppData\Local\Skate
2025-10-09 12:59 - 2025-10-09 12:59 - 000000000 ____D C:\ProgramData\Frostbite
2025-10-09 12:56 - 2025-10-09 13:03 - 000000000 ____D C:\ProgramData\Packer
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EA
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\ProgramData\eaanticheat
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Program Files\EA
2025-10-08 13:31 - 2025-10-30 17:36 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EasyAntiCheat
2025-10-08 06:46 - 2025-10-08 06:46 - 000000354 _____ C:\Users\tkkro\Desktop\Fortnite.url
2025-10-07 19:00 - 2025-10-07 19:00 - 000253230 _____ C:\Users\tkkro\Downloads\wallpaper_mikael_gustafsson.webp
2025-10-07 15:49 - 2025-10-07 15:49 - 000028406 _____ C:\Users\tkkro\Downloads\r0zg2ds05k541.webp
2025-10-07 11:54 - 2025-10-07 11:54 - 000072544 _____ C:\Users\tkkro\Downloads\SKRATKY.pptx
2025-10-06 19:16 - 2025-10-06 19:16 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\QuickStyles
2025-10-05 15:04 - 2025-10-05 15:04 - 000315386 _____ C:\Users\tkkro\Downloads\200-2_alkan-f-x-l.webp
2025-09-30 12:34 - 2025-09-30 12:34 - 000002182 _____ C:\Users\tkkro\Desktop\Mortyr 3.lnk
2025-09-30 12:34 - 2025-09-30 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2025-09-30 12:28 - 2025-09-30 12:28 - 000000000 ____D C:\Program Files (x86)\City Interactive

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-30 21:44 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-30 21:04 - 2025-03-24 13:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\CrashDumps
2025-10-30 21:03 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2025-10-30 21:00 - 2024-10-30 17:53 - 000000000 ____D C:\ProgramData\NVIDIA
2025-10-30 20:57 - 2025-01-03 20:13 - 000000000 ____D C:\Users\tkkro\AppData\LocalLow\IObit
2025-10-30 20:57 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\IObit
2025-10-30 20:57 - 2024-11-01 08:46 - 000000000 ____D C:\Users\fokol\AppData\LocalLow\IObit
2025-10-30 20:57 - 2024-11-01 08:46 - 000000000 ____D C:\ProgramData\IObit
2025-10-30 20:57 - 2024-11-01 08:46 - 000000000 ____D C:\Program Files (x86)\IObit
2025-10-30 20:57 - 2024-11-01 08:45 - 000000000 ____D C:\Users\fokol\AppData\Roaming\IObit
2025-10-30 20:54 - 2025-01-03 20:20 - 000000000 ____D C:\Program Files (x86)\Steam
2025-10-30 20:46 - 2025-01-09 20:17 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Word
2025-10-30 20:07 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2025-10-30 20:06 - 2025-07-16 19:10 - 000000000 ____D C:\Users\tkkro\AppData\Local\Opera Software
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\GroupPolicy
2025-10-30 20:04 - 2025-07-16 19:08 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Opera Software
2025-10-30 19:42 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Local\Roblox
2025-10-30 17:08 - 2024-10-30 17:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-10-30 15:02 - 2025-03-18 21:27 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.minecraft
2025-10-30 13:58 - 2025-04-02 12:46 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.tlauncher
2025-10-30 13:29 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2025-10-30 08:44 - 2024-11-01 08:46 - 000000708 _____ C:\ProgramData\pdinst.ini
2025-10-30 08:42 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\D3DSCache
2025-10-30 08:41 - 2025-01-28 10:54 - 000003552 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-10 12:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-10-30 08:41 - 2025-01-03 20:08 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-03 20:07 - 000000000 ___RD C:\Users\tkkro\OneDrive
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2025-10-30 08:40 - 2025-03-18 21:00 - 000000000 ____D C:\Users\tkkro\Desktop\overwolf
2025-10-30 08:40 - 2025-03-18 20:57 - 000000000 ____D C:\Users\tkkro\AppData\Local\Overwolf
2025-10-29 21:09 - 2025-01-13 14:22 - 000002554 _____ C:\Windows\SysWOW64\pubfreeware.ini
2025-10-29 16:04 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\Packages
2025-10-29 15:24 - 2025-02-24 14:33 - 000000000 ____D C:\XboxGames
2025-10-29 15:24 - 2024-10-30 17:54 - 000000000 ____D C:\ProgramData\Packages
2025-10-27 20:45 - 2024-11-01 08:47 - 000000000 ____D C:\ProgramData\ProductData3
2025-10-27 12:58 - 2025-01-03 20:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\Steam
2025-10-25 17:24 - 2024-10-30 17:47 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-10-25 17:24 - 2024-10-30 17:47 - 000003504 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-10-25 06:49 - 2024-10-30 17:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-25 06:49 - 2024-10-30 17:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-24 19:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\NDF
2025-10-24 18:26 - 2024-10-30 18:02 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-24 18:26 - 2024-10-30 18:02 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-24 13:30 - 2025-09-09 13:18 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\obs-studio
2025-10-23 17:45 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-10-16 19:48 - 2025-02-24 14:33 - 004213112 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-10-16 19:48 - 2025-02-24 14:33 - 000076144 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-10-16 19:47 - 2025-02-24 14:33 - 000285048 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-10-16 19:47 - 2025-02-24 14:33 - 000244088 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-10-16 13:39 - 2025-01-09 18:44 - 000000000 ____D C:\Program Files\Microsoft Office
2025-10-15 15:00 - 2024-10-30 18:05 - 000000000 ____D C:\Windows\system32\MRT
2025-10-15 15:00 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-10-15 14:57 - 2024-10-30 18:05 - 214534944 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-10-11 19:20 - 2025-01-03 20:04 - 000000000 ____D C:\Users\tkkro
2025-10-11 18:47 - 2024-10-30 17:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-10-11 18:46 - 2025-02-03 16:17 - 000012288 ___SH C:\DumpStack.log.tmp
2025-10-09 13:07 - 2025-01-06 13:28 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-10-08 13:32 - 2025-03-30 06:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-10-07 16:12 - 2025-01-03 20:34 - 000000000 ____D C:\Program Files\Epic Games
2025-10-07 12:26 - 2025-01-31 18:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\PowerPoint
2025-10-06 19:27 - 2025-08-13 19:08 - 000002434 _____ C:\Users\tkkro\Desktop\PowerPoint.lnk
2025-10-06 19:27 - 2025-08-13 19:08 - 000002429 _____ C:\Users\tkkro\Desktop\Excel.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002517 _____ C:\Users\tkkro\Desktop\Word.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002439 _____ C:\Users\tkkro\Desktop\OneNote.lnk
2025-10-01 13:11 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\VirtualStore

==================== Files in the root of some directories ========

2025-02-01 18:02 - 2025-02-15 16:52 - 000007625 _____ () C:\Users\tkkro\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119611
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosim kontrola logu - vystraha pred virusmi

#6 Příspěvek od Rudy »

To nejsou oba logy. Chybí Addition, který najde v C:\Users\tkkro\Downloads v souboru addititon.txt. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tomi8
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 15 říj 2007 18:33

Re: Prosim kontrola logu - vystraha pred virusmi

#7 Příspěvek od tomi8 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2025
Ran by tkkro (30-10-2025 21:46:38)
Running from C:\Users\tkkro\Downloads
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2024-10-30 16:48:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4097984775-1942777989-3443805053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4097984775-1942777989-3443805053-503 - Limited - Disabled)
Guest (S-1-5-21-4097984775-1942777989-3443805053-501 - Limited - Disabled)
tkkro (S-1-5-21-4097984775-1942777989-3443805053-1002 - Administrator - Enabled) => C:\Users\tkkro
WDAGUtilityAccount (S-1-5-21-4097984775-1942777989-3443805053-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Dome (Enabled - Up to date) {8404BB29-B609-D604-AF5C-6806F0482FD3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {1B2E67BD-0994-AA89-E0C2-268754ADA0AC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CPUID CPU-Z 2.11 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.11 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.288.1.8404 - Overwolf app)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.123 - Google LLC)
IObit Malware Fighter 12 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 12.0.0.1433 - IObit)
Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.99 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.99 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{0812546C-471E-E343-DE9C-AECF3D0137E6}) (Version: 10.1.26100.6154 - Microsoft Corporation)
Microsoft Office 2019 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudent2019Retail - sk-sk) (Version: 16.0.19127.20302 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.194.1005.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mortyr 3: Diverzní akce (HKLM-x32\...\Mortyr3_is1) (Version: - City Interactive)
NVIDIA Grafický ovládač 566.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 566.03 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 31.0.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Opera Stable 123.0.5669.23 (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Opera 123.0.5669.23) (Version: 123.0.5669.23 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.283.1.4 - Overwolf Ltd.)
Panasonic Multi-Function Station software (HKLM-x32\...\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}) (Version: 1.00 - Panasonic System Networks Co., Ltd.)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{2D719FEF-BFA6-47CB-8017-96358D753C60}) (Version: 12.12.80 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 22.03.05.0000 - Panda Security)
Roblox Player for tkkro (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 18.0.1 - ShareX Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.9316 - TLauncher Inc.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Wargaming.net Game Center for Steam (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Wargaming.net Game Center for Steam) (Version: 25.5.0.352 - Wargaming.net)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

Chrome apps:
============
Instagram (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\7815dab0388481ea744919410c3232d7) (Version: 1.0 - Google\Chrome)

Packages:
=========
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0 [2025-07-01] (CLEVO CO.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-09-07] (Instagram)
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-10-16] ()
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-10-16] ()
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.11401.0_x64__8wekyb3d8bbwe [2025-10-16] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.2.2.0_x64__8wekyb3d8bbwe [2025-02-24] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-06-17] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-10-16] ()
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm [2025-10-23] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\nvshext.dll [2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
ShortcutWithArgument: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp

==================== Loaded Modules (Whitelisted) =============

2025-01-29 20:21 - 2012-08-21 18:21 - 000033280 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\K0JDUC36.DLL
2025-01-29 20:21 - 2011-02-03 11:08 - 000024576 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\System32\ZDGLIC36.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8646]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: AnchorFree TAP-Windows Adapter V9 -> aftap0901.sys
Ethernet: Realtek(R) PCI(e) Ethernet Controller -> rt640x64.sys

NNSNAHSL: Network Activity Hook Server LightWeight Filter Driver

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\Control Panel\Desktop\\Wallpaper -> c:\users\tkkro\downloads\wp6710191.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B7FAE2D9-33F3-486F-8910-0E7980590D1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21D4B83C-7B89-40F2-A545-CCA0D9DBB29F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{058B7C48-58D8-4E1D-AEFB-7925F7B702F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F9D755EE-73A1-40FF-A6BE-1AB7A6B26315}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{894F99F6-8F4E-46D2-A145-3A554E903AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9FE6571B-6C9A-44A0-97E5-20E66A0CBED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{151BF5E7-3BD3-49CA-81E7-2444E5890247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{29E01651-0953-4347-ADAA-AD8D29E03518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A2137977-B7CA-453C-83AE-1128A70AA72C}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{43614A71-6292-4524-8B2A-1E3AEDB9B009}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{30BB6EA8-C045-41FA-8EC6-648C14567767}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{73343FDB-800F-4C6A-B8CB-0678E861B833}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{DA522197-941E-48BA-AF25-65BE99B54E68}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{A3B81E93-FD18-4296-82EA-AE37DB1B95CB}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{E1EC91E5-C175-4F41-AB71-C75CF93EFC7E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{2214E935-0E25-4C84-884C-C0C88DF333E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8DE9377A-A66D-4E04-8001-0324C2850CCF}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{36112FFC-BCEC-4E9A-8105-C65A3B57EB42}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{3568E8D6-1E5E-4C79-BEBC-7BAF85E8F018}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{CD559E2A-B1C1-406B-9951-CA248D97AA6C}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [TCP Query User{C4FBDEAA-DCF8-4747-AC9D-58814D641F13}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{750A8C26-561A-489F-9E63-1285F41A08F3}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [{3CE1FCA6-EB80-43B1-B632-BFC91C2FD3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{413EBFEB-0A85-4C16-9785-F048973970E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{5A64C604-2C70-42E4-9AA5-313C5643FD6F}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{55C5CE38-7997-4DAC-A1FE-B839DE5A3279}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{BD5EE8B0-8314-44BA-AE47-BFCB1EDC6889}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera GX\opera.exe => No File
FirewallRules: [TCP Query User{2DD23EE8-3668-4867-9466-F53A904E8249}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EEE95090-5266-47FF-AA44-DFE31CDC7EF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7F0FE9B7-2FBF-426B-BE92-07BDC5793CE5}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CA7BAC75-F145-405C-BA44-AE1AB5B3ACAF}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{1EFCE25B-3EEF-4E67-8FEF-F9212A618B22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90297FA-CF3B-4E5E-AFE4-D9357BBD05A5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A36BC844-44F1-4255-B065-8B28DFCBBFDC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1C4DFE8-3515-4806-A0C1-6C7C1FCDDD93}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BD47556-0562-48D6-8674-403F19515E3D}] => (Allow) C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{57E1C116-A915-4C5B-8540-91E4C97E00D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{821D0214-40E9-4A05-BE71-B25C13558722}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{0BE3DB2E-18FE-4168-A693-9E6C99FF7A64}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{1D81B1EA-B682-4C05-AA47-2D30943BC26A}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{4BFD4078-57D6-4A9F-BE49-9E1C3A78473B}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{9E932D0C-33D4-4CC9-829C-401549ECBDE1}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9684FE81-BDF2-448A-B5E7-F4B3A25F289C}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6EE2C7BB-6A75-4859-A794-307F4ED73A10}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)

==================== Restore Points =========================

20-10-2025 14:58:39 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/30/2025 09:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Názov chybujúceho modulu: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Kód výnimky: 0xc0000005
Odstup chyby: 0x000c2ca2
Identifikácia chybujúceho procesu: 0x2760
Čas spustenia chybujúcej aplikácie: 0x01dc49d8581883ad
Cesta chybujúcej aplikácie: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Cesta chybujúceho modulu: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Identifikácia hlásenia: fbbb825e-8180-4813-82f7-a7624dd25572
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/30/2025 09:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Názov chybujúceho modulu: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Kód výnimky: 0xc0000005
Odstup chyby: 0x000c2ca2
Identifikácia chybujúceho procesu: 0x4cf8
Čas spustenia chybujúcej aplikácie: 0x01dc49d84f2baf38
Cesta chybujúcej aplikácie: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Cesta chybujúceho modulu: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Identifikácia hlásenia: 4c236e9e-2f5e-4e21-9ce0-75d895054d16
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/30/2025 09:03:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Názov chybujúceho modulu: AdwCleaner (1).exe, verzia: 8.5.0.595, časová značka: 0x67c85360
Kód výnimky: 0xc0000005
Odstup chyby: 0x000c2ca2
Identifikácia chybujúceho procesu: 0x410c
Čas spustenia chybujúcej aplikácie: 0x01dc49d83f1054c9
Cesta chybujúcej aplikácie: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Cesta chybujúceho modulu: C:\Users\tkkro\Downloads\AdwCleaner (1).exe
Identifikácia hlásenia: c3ad8814-d20e-4095-a572-fef0261ef85f
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/30/2025 08:06:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (10/27/2025 04:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: javaw.exe, verzia: 21.0.7.0, časová značka: 0x1bc97390
Názov chybujúceho modulu: OpenAL.dll, verzia: 1.23.1.0, časová značka: 0x647635a1
Kód výnimky: 0xc0000409
Odstup chyby: 0x00000000000a2b05
Identifikácia chybujúceho procesu: 0x4780
Čas spustenia chybujúcej aplikácie: 0x01dc4742eadf0834
Cesta chybujúcej aplikácie: C:\Users\tkkro\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
Cesta chybujúceho modulu: C:\Users\tkkro\AppData\Roaming\.minecraft\versions\1.21.8\natives\OpenAL.dll
Identifikácia hlásenia: 72b7856b-12d1-416e-a831-d57dc7da956a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/26/2025 07:16:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8276. Message ID: [0x2509].

Error: (10/24/2025 01:54:56 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5444. Message ID: [0x2509].

Error: (10/22/2025 08:17:55 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 18136. Message ID: [0x2509].


System errors:
=============
Error: (10/30/2025 09:11:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-70VBQ4R)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (10/30/2025 09:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/30/2025 09:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/30/2025 09:00:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CredentialEnrollmentManagerUserSvc_15322f8f7 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2-krát.

Error: (10/30/2025 08:57:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Panda Devices Agent sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 300000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/30/2025 08:57:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FileSyncHelper sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/30/2025 08:57:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba CredentialEnrollmentManagerUserSvc_15322f8f7 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/30/2025 08:57:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Advanced SystemCare Service 18 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


CodeIntegrity:
===============
Date: 2025-10-30 20:25:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-10-30 20:06:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\x64\PSINOAV.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A11 07/09/2015
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 12237.66 MB
Available physical RAM: 7671.05 MB
Total Virtual: 15565.66 MB
Available Virtual: 8734.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.06 GB) (Free:186.1 GB) (Model: Samsung SSD 870 EVO 500GB) NTFS

\\?\Volume{af14c36c-7ad2-4102-b034-4a9c639048cb}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{849eb65b-293c-4b14-9dbc-81d44162e426}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 199E659F)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119611
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosim kontrola logu - vystraha pred virusmi

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CHR Notifications: Default -> hxxps://aternos.org; hxxps://d41qmme071bc73f91jpg.hyperchainnet.com
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8646]
FirewallRules: [{894F99F6-8F4E-46D2-A145-3A554E903AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9FE6571B-6C9A-44A0-97E5-20E66A0CBED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{30BB6EA8-C045-41FA-8EC6-648C14567767}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{73343FDB-800F-4C6A-B8CB-0678E861B833}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{8BD47556-0562-48D6-8674-403F19515E3D}] => (Allow) C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{57E1C116-A915-4C5B-8540-91E4C97E00D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{821D0214-40E9-4A05-BE71-B25C13558722}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{0BE3DB2E-18FE-4168-A693-9E6C99FF7A64}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{1D81B1EA-B682-4C05-AA47-2D30943BC26A}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{4BFD4078-57D6-4A9F-BE49-9E1C3A78473B}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Advanced SystemCare] => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto (No File)
Task: {FDC48675-61E5-4B9B-924D-7B0547B30C8A} - System32\Tasks\Opera GX scheduled Autoupdate 1752689434 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION

EmptyTemp:
End
Uložte do C:\Users\tkkro\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Odinstalujte vše od IOBit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“