Prosim kontrola logu - vystraha pred virusmi
Napsal: 30 říj 2025 20:49
Dobry den, prosim o kontrolu logu.
Virusova hrozba z google chrome:
win32/Cryptolocker.X9Zr
Win32/Melissa2023.Xi92
Win32/Zeus.2023
Win32/Mydoom.2023.
Win32/Conficker.2jf9
Win32/Pshtrm.Slmn
Win32/Trojan.H028hj
dakujem.
Tomas
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2025
Ran by tkkro (administrator) on DESKTOP-70VBQ4R (Dell Inc. XPS 8700) (30-10-2025 20:34:48)
Running from C:\Users\tkkro\Downloads\FRST64.exe
Loaded Profiles: tkkro
Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.99\msedgewebview2.exe <7>
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper64.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe <5>
(C:\Users\tkkro\Downloads\FRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2507.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(explorer.exe ->) (54418920-1845-464B-A595-EDBEA032F08F -> ) C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0\ControlCenter30\ControlCenter30.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(explorer.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe <2>
(explorer.exe ->) (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\PubPlatform.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Opera Norway AS -> Opera Software) C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\Overwolf.exe
(Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE
(services.exe ->) (Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.U.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [139264 2012-06-25] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [819200 2012-05-18] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [186984 2022-11-02] (Panda Security S.L. -> Panda Security, S.L.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [92692328 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4735888 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4699288 2025-10-03] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [39517600 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5869264 2025-06-19] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Overwolf] => C:\Users\tkkro\Desktop\overwolf\OverwolfLauncher.exe [1911040 2025-10-27] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [MicrosoftEdgeAutoLaunch_2951A22EE169901D4BD281DD08F1EC8C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4265040 2025-10-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Browser Assistant] => C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4712920 2025-09-11] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Stable] => C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe [2106840 2025-10-27] (Opera Norway AS -> Opera Software)
HKLM\...\Print\Monitors\Panasonic KX-MB1500 Language Monitor: C:\Windows\system32\ZDGLIC36.DLL [24576 2011-02-03] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-10-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.123\Installer\chrmstp.exe [2025-10-24] (Google LLC -> Google LLC)
Startup: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2025-10-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {9385960E-1185-4899-8B8D-31C0032DE3AE} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5543640 2025-08-28] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {0B9301EB-5E36-4B83-B8DF-E00F8BDCABC5} - System32\Tasks\ASC_SkipUac_fokol => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {E55CBC48-98C1-4978-AA30-B7AAFB647D9D} - System32\Tasks\ASC_SkipUac_tkkro => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {3A9506F2-6093-4E83-8677-A6BBDCDC0E32} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem143.0.7482.0{674258D2-A324-4C88-88AF-166F6075C76A} => C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe [6933656 2025-10-19] (Google LLC -> Google LLC)
Task: {40BC1561-0536-4F7F-A9F0-0F3FB2B3B21D} - System32\Tasks\IMF_SkipUAC_fokol => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {856CA9B5-A4DE-4F10-BFF4-7666B0F131BC} - System32\Tasks\IMF_SkipUAC_tkkro => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {190E2001-08A8-4D78-97F0-26C18063AA73} - System32\Tasks\IObit SUM2025Sale (One-time) => "C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\sumen.exe" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\\/rpop
Task: {5ED981FA-B367-4919-9F38-35CFAEE78414} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17010512 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB9B7C16-9E96-4165-95A7-C073492DCBEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8880983D-5770-4468-BE3B-B2760DD7B45C} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70504 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {974DF8E5-7B61-484D-AE9F-2EF8C329CFAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA5C2C39-0B4B-4B1F-8FE5-3B88D712140E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DC56855-AA49-4267-A1B8-A9CC42A91323} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FB9BF37-A89E-4E21-ACA8-628AF27331B0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFB5FF9-F3D9-44E4-A590-5BFF11676235} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFFA08B2-96E1-4C5D-9D6D-A0D1499BED7D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Task: {23FE3FB4-334A-46AD-B9C9-51AE393264DA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCFE597D-010D-407F-9429-7FD31B355C04} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveLauncher.exe [725864 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC808F09-B746-41CB-B727-324F02862218} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1753257838 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tkkro\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {FDC48675-61E5-4B9B-924D-7B0547B30C8A} - System32\Tasks\Opera GX scheduled Autoupdate 1752689434 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {32317B31-79F5-4C66-A7C5-002C054F8446} - System32\Tasks\Opera scheduled assistant Autoupdate 1761851154 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\tkkro\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {F2BF5BCA-1513-4947-9919-61874FE1951A} - System32\Tasks\Opera scheduled Autoupdate 1761851152 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software)
Task: {412D0520-C155-4EEA-A3F4-CDB6432E6885} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD) -> C:\Users\tkkro\Desktop\overwolf\/RunningFrom Schedule
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{212d4b5c-3843-4e57-9e43-e4ee35d8f237}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-30]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge StartupUrls: Default -> "hxxp://www.google.sk/"
Edge Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
Edge Extension: (Edge relevant text changes) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-03]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default [2025-10-30]
CHR Notifications: Default -> hxxps://aternos.org; hxxps://d41qmme071bc73f91jpg.hyperchainnet.com
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-03]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-10-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-14]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\System Profile [2025-10-17]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288288 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [126268152 2025-09-11] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-10-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe [3604880 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141688 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
R3 ImfElamService; C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe [4604200 2024-09-25] (IObit CO., LTD -> IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2641888 2024-10-11] (IObit CO., LTD -> IObit)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [119560 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveUpdaterService.exe [3888488 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD)
R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [195736 2023-04-13] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [81424 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.U.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NativePushService; "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-04-28] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2024-09-25] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2024-09-25] (IObit CO., LTD -> IObit)
R3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-07-02] (IObit CO., LTD -> IObit)
R1 NNSDNS; C:\Windows\system32\DRIVERS\NNSDNS.sys [146184 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [215264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [128744 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [146664 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [151152 2022-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
R1 NNSNHWFP; C:\Windows\system32\DRIVERS\NNSNHWFP.sys [211208 2022-12-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [164568 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [137960 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [407264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [575720 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [125672 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [335064 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S3 ObCallbackProcess; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ObCallbackProcess.sys [53608 2024-09-25] (IObit CO., LTD -> IObit)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [198376 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S0 psinelam; C:\Windows\System32\DRIVERS\psinelam.sys [37952 2024-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [176360 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [218856 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [150760 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [162536 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [130280 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [63360 2023-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.U.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-30 20:33 - 2025-10-30 20:34 - 000037981 _____ C:\Users\tkkro\Downloads\Addition.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000031379 _____ C:\Users\tkkro\Downloads\FRST.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000000000 ____D C:\FRST
2025-10-30 20:30 - 2025-10-30 20:31 - 002443264 _____ (Farbar) C:\Users\tkkro\Downloads\FRST64.exe
2025-10-30 20:07 - 2025-10-30 20:07 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2025-10-30 20:06 - 2025-10-30 20:06 - 000004248 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1761851152
2025-10-30 20:05 - 2025-10-30 20:05 - 000004518 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1761851154
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\Desktop\Prehliadač Opera.lnk
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2025-10-30 20:05 - 2022-12-06 11:53 - 000211208 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsnhwfp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000407264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprot.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000215264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000146184 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsdns.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000137960 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspop3.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000128744 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttps.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000125672 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnssmtp.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000198376 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000162536 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000130280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2025-10-30 20:04 - 2025-10-30 20:07 - 000002305 _____ C:\Users\Public\Desktop\Panda Dome.lnk
2025-10-30 20:04 - 2025-10-30 20:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2025-10-30 20:04 - 2025-10-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2025-10-30 20:04 - 2022-11-06 11:24 - 000575720 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprv.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000335064 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsstrm.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000164568 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspicc.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000146664 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsids.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000218856 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000176360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000150760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2025-10-30 20:03 - 2025-10-30 20:05 - 000000000 ____D C:\ProgramData\Panda Security
2025-10-30 20:00 - 2025-10-30 20:00 - 003369480 _____ (Panda Security, S.L.) C:\Users\tkkro\Downloads\PANDAFREEAV.exe
2025-10-30 19:51 - 2025-10-30 19:51 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub subury
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub kanal
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub
2025-10-30 13:29 - 2025-10-30 13:29 - 000001419 _____ C:\Users\tkkro\Desktop\Roblox Player.lnk
2025-10-30 08:41 - 2025-10-30 08:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-10-30 08:41 - 2025-10-30 08:41 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-10-27 15:00 - 2025-10-27 15:07 - 410430982 _____ C:\Users\tkkro\Downloads\Skyblock_Infinite_Revamped.zip
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\ProgramData\CapCut
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\Program Files\CapCut
2025-10-24 14:08 - 2025-10-24 14:08 - 000031362 _____ C:\Users\tkkro\Downloads\unnamed.webp
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\mssdk
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Local\VEDetector
2025-10-24 13:40 - 2025-10-26 18:33 - 000000000 ____D C:\Users\tkkro\AppData\Local\CapCut
2025-10-24 13:32 - 2025-10-24 13:32 - 002897776 _____ C:\Users\tkkro\Downloads\CapCut_7564765176285741057_installer.exe
2025-10-23 17:48 - 2025-10-23 17:48 - 000000000 ____D C:\Voiceover
2025-10-23 17:45 - 2025-08-18 17:21 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-10-23 17:44 - 2025-10-24 13:27 - 000000000 ____D C:\ProgramData\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Local\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-10-23 17:38 - 2025-10-23 17:46 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-10-23 17:38 - 2025-10-23 17:38 - 002202088 _____ C:\Users\tkkro\Downloads\filmora-idco_setup_full1901.exe
2025-10-23 17:32 - 2025-10-07 09:16 - 002406071 _____ C:\Users\tkkro\Documents\video.mp4
2025-10-22 19:57 - 2025-10-29 21:35 - 000000000 ____D C:\Users\tkkro\Documents\ShareX
2025-10-22 19:49 - 2025-10-22 19:49 - 000000825 _____ C:\Users\tkkro\Desktop\ShareX.lnk
2025-10-22 19:49 - 2025-10-22 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2025-10-22 19:48 - 2025-10-22 19:48 - 000000000 ____D C:\Program Files\ShareX
2025-10-22 19:34 - 2025-10-22 19:36 - 106603663 _____ (ShareX Team ) C:\Users\tkkro\Downloads\ShareX-18.0.1-setup.exe
2025-10-22 19:24 - 2025-10-22 19:24 - 000357360 _____ C:\Users\tkkro\Downloads\photo-1657632843433-e6a8b7451ac6.jpeg
2025-10-17 20:19 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.0
2025-10-17 20:19 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Windows Kits
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-10-16 19:48 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.0
2025-10-13 20:04 - 2025-10-13 20:05 - 000490371 _____ C:\Users\tkkro\Downloads\photo-1732624696535-68022a5b84dc.jpeg
2025-10-09 13:00 - 2025-10-09 13:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Electronic Arts
2025-10-09 12:59 - 2025-10-09 13:04 - 000000000 ____D C:\Users\tkkro\AppData\Local\Skate
2025-10-09 12:59 - 2025-10-09 12:59 - 000000000 ____D C:\ProgramData\Frostbite
2025-10-09 12:56 - 2025-10-09 13:03 - 000000000 ____D C:\ProgramData\Packer
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EA
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\ProgramData\eaanticheat
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Program Files\EA
2025-10-08 13:31 - 2025-10-30 17:36 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EasyAntiCheat
2025-10-08 06:46 - 2025-10-08 06:46 - 000000354 _____ C:\Users\tkkro\Desktop\Fortnite.url
2025-10-07 19:00 - 2025-10-07 19:00 - 000253230 _____ C:\Users\tkkro\Downloads\wallpaper_mikael_gustafsson.webp
2025-10-07 15:49 - 2025-10-07 15:49 - 000028406 _____ C:\Users\tkkro\Downloads\r0zg2ds05k541.webp
2025-10-07 11:54 - 2025-10-07 11:54 - 000072544 _____ C:\Users\tkkro\Downloads\SKRATKY.pptx
2025-10-06 19:16 - 2025-10-06 19:16 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\QuickStyles
2025-10-05 15:04 - 2025-10-05 15:04 - 000315386 _____ C:\Users\tkkro\Downloads\200-2_alkan-f-x-l.webp
2025-09-30 12:34 - 2025-09-30 12:34 - 000002182 _____ C:\Users\tkkro\Desktop\Mortyr 3.lnk
2025-09-30 12:34 - 2025-09-30 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2025-09-30 12:28 - 2025-09-30 12:28 - 000000000 ____D C:\Program Files (x86)\City Interactive
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-30 20:28 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-30 20:27 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2025-10-30 20:26 - 2025-01-03 20:20 - 000000000 ____D C:\Program Files (x86)\Steam
2025-10-30 20:07 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2025-10-30 20:06 - 2025-07-16 19:10 - 000000000 ____D C:\Users\tkkro\AppData\Local\Opera Software
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\GroupPolicy
2025-10-30 20:04 - 2025-07-16 19:08 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Opera Software
2025-10-30 19:42 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Local\Roblox
2025-10-30 17:08 - 2024-10-30 17:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-10-30 15:02 - 2025-03-18 21:27 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.minecraft
2025-10-30 13:58 - 2025-04-02 12:46 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.tlauncher
2025-10-30 13:29 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2025-10-30 08:44 - 2024-11-01 08:46 - 000000708 _____ C:\ProgramData\pdinst.ini
2025-10-30 08:42 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\D3DSCache
2025-10-30 08:41 - 2025-01-28 10:54 - 000003552 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-10 12:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-10-30 08:41 - 2025-01-03 20:08 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-03 20:07 - 000000000 ___RD C:\Users\tkkro\OneDrive
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2025-10-30 08:40 - 2025-03-18 21:00 - 000000000 ____D C:\Users\tkkro\Desktop\overwolf
2025-10-30 08:40 - 2025-03-18 20:57 - 000000000 ____D C:\Users\tkkro\AppData\Local\Overwolf
2025-10-29 21:35 - 2024-10-30 17:53 - 000000000 ____D C:\ProgramData\NVIDIA
2025-10-29 21:09 - 2025-01-13 14:22 - 000002554 _____ C:\Windows\SysWOW64\pubfreeware.ini
2025-10-29 16:04 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\Packages
2025-10-29 15:24 - 2025-02-24 14:33 - 000000000 ____D C:\XboxGames
2025-10-29 15:24 - 2024-10-30 17:54 - 000000000 ____D C:\ProgramData\Packages
2025-10-27 20:45 - 2024-11-01 08:47 - 000000000 ____D C:\ProgramData\ProductData3
2025-10-27 16:27 - 2025-03-24 13:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\CrashDumps
2025-10-27 12:58 - 2025-01-03 20:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\Steam
2025-10-26 19:16 - 2025-01-09 20:17 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Word
2025-10-25 17:24 - 2024-10-30 17:47 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-10-25 17:24 - 2024-10-30 17:47 - 000003504 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-10-25 06:49 - 2024-10-30 17:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-25 06:49 - 2024-10-30 17:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-24 19:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\NDF
2025-10-24 18:26 - 2024-10-30 18:02 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-24 18:26 - 2024-10-30 18:02 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-24 13:30 - 2025-09-09 13:18 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\obs-studio
2025-10-23 17:45 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-10-16 19:48 - 2025-02-24 14:33 - 004213112 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-10-16 19:48 - 2025-02-24 14:33 - 000076144 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-10-16 19:47 - 2025-02-24 14:33 - 000285048 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-10-16 19:47 - 2025-02-24 14:33 - 000244088 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-10-16 13:39 - 2025-01-09 18:44 - 000000000 ____D C:\Program Files\Microsoft Office
2025-10-15 15:00 - 2024-10-30 18:05 - 000000000 ____D C:\Windows\system32\MRT
2025-10-15 15:00 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-10-15 14:57 - 2024-10-30 18:05 - 214534944 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-10-11 19:20 - 2025-01-03 20:04 - 000000000 ____D C:\Users\tkkro
2025-10-11 18:47 - 2024-10-30 17:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-10-11 18:46 - 2025-02-03 16:17 - 000012288 ___SH C:\DumpStack.log.tmp
2025-10-09 13:07 - 2025-01-06 13:28 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-10-08 13:32 - 2025-03-30 06:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-10-07 16:12 - 2025-01-03 20:34 - 000000000 ____D C:\Program Files\Epic Games
2025-10-07 12:26 - 2025-01-31 18:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\PowerPoint
2025-10-06 19:27 - 2025-08-13 19:08 - 000002434 _____ C:\Users\tkkro\Desktop\PowerPoint.lnk
2025-10-06 19:27 - 2025-08-13 19:08 - 000002429 _____ C:\Users\tkkro\Desktop\Excel.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002517 _____ C:\Users\tkkro\Desktop\Word.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002439 _____ C:\Users\tkkro\Desktop\OneNote.lnk
2025-10-01 13:11 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\VirtualStore
==================== Files in the root of some directories ========
2025-02-01 18:02 - 2025-02-15 16:52 - 000007625 _____ () C:\Users\tkkro\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2025
Ran by tkkro (30-10-2025 20:36:14)
Running from C:\Users\tkkro\Downloads
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2024-10-30 16:48:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4097984775-1942777989-3443805053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4097984775-1942777989-3443805053-503 - Limited - Disabled)
Guest (S-1-5-21-4097984775-1942777989-3443805053-501 - Limited - Disabled)
tkkro (S-1-5-21-4097984775-1942777989-3443805053-1002 - Administrator - Enabled) => C:\Users\tkkro
WDAGUtilityAccount (S-1-5-21-4097984775-1942777989-3443805053-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Dome (Enabled - Up to date) {8404BB29-B609-D604-AF5C-6806F0482FD3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {1B2E67BD-0994-AA89-E0C2-268754ADA0AC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 18.5.0 - IObit)
CPUID CPU-Z 2.11 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.11 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.288.1.8404 - Overwolf app)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.123 - Google LLC)
IObit Malware Fighter 12 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 12.0.0.1433 - IObit)
Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.99 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.99 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{0812546C-471E-E343-DE9C-AECF3D0137E6}) (Version: 10.1.26100.6154 - Microsoft Corporation)
Microsoft Office 2019 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudent2019Retail - sk-sk) (Version: 16.0.19127.20302 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.194.1005.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mortyr 3: Diverzní akce (HKLM-x32\...\Mortyr3_is1) (Version: - City Interactive)
NVIDIA Grafický ovládač 566.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 566.03 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 31.0.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Opera Stable 123.0.5669.23 (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Opera 123.0.5669.23) (Version: 123.0.5669.23 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.283.1.4 - Overwolf Ltd.)
Panasonic Multi-Function Station software (HKLM-x32\...\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}) (Version: 1.00 - Panasonic System Networks Co., Ltd.)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{2D719FEF-BFA6-47CB-8017-96358D753C60}) (Version: 12.12.80 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 22.03.05.0000 - Panda Security)
Roblox Player for tkkro (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 18.0.1 - ShareX Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.9316 - TLauncher Inc.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Wargaming.net Game Center for Steam (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Wargaming.net Game Center for Steam) (Version: 25.5.0.352 - Wargaming.net)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Chrome apps:
============
Instagram (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\7815dab0388481ea744919410c3232d7) (Version: 1.0 - Google\Chrome)
Packages:
=========
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0 [2025-07-01] (CLEVO CO.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-09-07] (Instagram)
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-10-16] ()
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-10-16] ()
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.11401.0_x64__8wekyb3d8bbwe [2025-10-16] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.2.2.0_x64__8wekyb3d8bbwe [2025-02-24] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-06-17] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-10-16] ()
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm [2025-10-23] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\nvshext.dll [2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
ShortcutWithArgument: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
==================== Loaded Modules (Whitelisted) =============
2025-10-23 17:45 - 2024-09-29 13:45 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2025-10-22 19:48 - 2024-01-21 13:44 - 000113664 _____ (Gregoire Pailler) [File not signed] [File is in use] C:\Program Files\ShareX\MegaApiClient.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-10-22 19:48 - 2025-08-19 03:34 - 000263680 _____ (Özgür Özçıtak) [File not signed] [File is in use] C:\Program Files\ShareX\ImageListView.dll
2025-01-29 20:23 - 2011-01-21 13:18 - 000135168 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSSEL.DLL
2025-01-29 20:21 - 2012-08-21 18:21 - 000033280 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\K0JDUC36.DLL
2025-01-29 20:21 - 2011-02-03 11:08 - 000024576 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\System32\ZDGLIC36.DLL
2025-01-29 20:23 - 2010-03-29 20:05 - 000110592 _____ (Panosonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSNWK.DLL
2025-10-22 19:48 - 2025-08-19 03:35 - 002085888 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001075712 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HelpersLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000187392 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HistoryLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000129024 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ImageEffectsLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000040960 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.IndexerLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000197120 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.MediaLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000863232 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ScreenCaptureLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001656832 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.UploadersLib.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 000708096 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8646]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2024-09-25] (IObit CO., LTD -> IObit)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 192.168.0.1
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 2: AnchorFree TAP-Windows Adapter V9 -> aftap0901.sys
Ethernet: Realtek(R) PCI(e) Ethernet Controller -> rt640x64.sys
NNSNAHSL: Network Activity Hook Server LightWeight Filter Driver
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\Control Panel\Desktop\\Wallpaper -> c:\users\tkkro\downloads\wp6710191.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B7FAE2D9-33F3-486F-8910-0E7980590D1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21D4B83C-7B89-40F2-A545-CCA0D9DBB29F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{058B7C48-58D8-4E1D-AEFB-7925F7B702F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F9D755EE-73A1-40FF-A6BE-1AB7A6B26315}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{894F99F6-8F4E-46D2-A145-3A554E903AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9FE6571B-6C9A-44A0-97E5-20E66A0CBED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{151BF5E7-3BD3-49CA-81E7-2444E5890247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{29E01651-0953-4347-ADAA-AD8D29E03518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A2137977-B7CA-453C-83AE-1128A70AA72C}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{43614A71-6292-4524-8B2A-1E3AEDB9B009}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{30BB6EA8-C045-41FA-8EC6-648C14567767}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{73343FDB-800F-4C6A-B8CB-0678E861B833}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{DA522197-941E-48BA-AF25-65BE99B54E68}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{A3B81E93-FD18-4296-82EA-AE37DB1B95CB}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{E1EC91E5-C175-4F41-AB71-C75CF93EFC7E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{2214E935-0E25-4C84-884C-C0C88DF333E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8DE9377A-A66D-4E04-8001-0324C2850CCF}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{36112FFC-BCEC-4E9A-8105-C65A3B57EB42}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{3568E8D6-1E5E-4C79-BEBC-7BAF85E8F018}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{CD559E2A-B1C1-406B-9951-CA248D97AA6C}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [TCP Query User{C4FBDEAA-DCF8-4747-AC9D-58814D641F13}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{750A8C26-561A-489F-9E63-1285F41A08F3}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [{3CE1FCA6-EB80-43B1-B632-BFC91C2FD3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{413EBFEB-0A85-4C16-9785-F048973970E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{5A64C604-2C70-42E4-9AA5-313C5643FD6F}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{55C5CE38-7997-4DAC-A1FE-B839DE5A3279}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{BD5EE8B0-8314-44BA-AE47-BFCB1EDC6889}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera GX\opera.exe => No File
FirewallRules: [TCP Query User{2DD23EE8-3668-4867-9466-F53A904E8249}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EEE95090-5266-47FF-AA44-DFE31CDC7EF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7F0FE9B7-2FBF-426B-BE92-07BDC5793CE5}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CA7BAC75-F145-405C-BA44-AE1AB5B3ACAF}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{1EFCE25B-3EEF-4E67-8FEF-F9212A618B22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90297FA-CF3B-4E5E-AFE4-D9357BBD05A5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A36BC844-44F1-4255-B065-8B28DFCBBFDC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1C4DFE8-3515-4806-A0C1-6C7C1FCDDD93}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BD47556-0562-48D6-8674-403F19515E3D}] => (Allow) C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{57E1C116-A915-4C5B-8540-91E4C97E00D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{821D0214-40E9-4A05-BE71-B25C13558722}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{0BE3DB2E-18FE-4168-A693-9E6C99FF7A64}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{1D81B1EA-B682-4C05-AA47-2D30943BC26A}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{4BFD4078-57D6-4A9F-BE49-9E1C3A78473B}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{9E932D0C-33D4-4CC9-829C-401549ECBDE1}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9684FE81-BDF2-448A-B5E7-F4B3A25F289C}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6EE2C7BB-6A75-4859-A794-307F4ED73A10}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
==================== Restore Points =========================
20-10-2025 14:58:39 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/30/2025 08:06:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.
Error: (10/27/2025 04:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: javaw.exe, verzia: 21.0.7.0, časová značka: 0x1bc97390
Názov chybujúceho modulu: OpenAL.dll, verzia: 1.23.1.0, časová značka: 0x647635a1
Kód výnimky: 0xc0000409
Odstup chyby: 0x00000000000a2b05
Identifikácia chybujúceho procesu: 0x4780
Čas spustenia chybujúcej aplikácie: 0x01dc4742eadf0834
Cesta chybujúcej aplikácie: C:\Users\tkkro\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
Cesta chybujúceho modulu: C:\Users\tkkro\AppData\Roaming\.minecraft\versions\1.21.8\natives\OpenAL.dll
Identifikácia hlásenia: 72b7856b-12d1-416e-a831-d57dc7da956a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
Error: (10/26/2025 07:16:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8276. Message ID: [0x2509].
Error: (10/24/2025 01:54:56 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5444. Message ID: [0x2509].
Error: (10/22/2025 08:17:55 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 18136. Message ID: [0x2509].
Error: (10/22/2025 08:06:37 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 9208. Message ID: [0x2509].
Error: (10/21/2025 08:40:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 15832. Message ID: [0x2509].
Error: (10/16/2025 07:45:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1768. Message ID: [0x2509].
System errors:
=============
Error: (10/30/2025 08:40:14 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 08:24:25 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 02:43:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 07:12:41 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/28/2025 12:28:14 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/27/2025 08:44:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/27/2025 12:57:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/26/2025 06:32:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
CodeIntegrity:
===============
Date: 2025-10-30 20:25:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-10-30 20:06:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\x64\PSINOAV.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A11 07/09/2015
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 12237.66 MB
Available physical RAM: 5857.8 MB
Total Virtual: 15565.66 MB
Available Virtual: 5004.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.06 GB) (Free:186.16 GB) (Model: Samsung SSD 870 EVO 500GB) NTFS
\\?\Volume{af14c36c-7ad2-4102-b034-4a9c639048cb}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{849eb65b-293c-4b14-9dbc-81d44162e426}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 199E659F)
Partition: GPT.
==================== End of Addition.txt =======================
Virusova hrozba z google chrome:
win32/Cryptolocker.X9Zr
Win32/Melissa2023.Xi92
Win32/Zeus.2023
Win32/Mydoom.2023.
Win32/Conficker.2jf9
Win32/Pshtrm.Slmn
Win32/Trojan.H028hj
dakujem.
Tomas
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-10-2025
Ran by tkkro (administrator) on DESKTOP-70VBQ4R (Dell Inc. XPS 8700) (30-10-2025 20:34:48)
Running from C:\Users\tkkro\Downloads\FRST64.exe
Loaded Profiles: tkkro
Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.99\msedgewebview2.exe <7>
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.283.1.4\OverwolfHelper64.exe
(C:\Users\tkkro\Desktop\overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe <5>
(C:\Users\tkkro\Downloads\FRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2507.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(explorer.exe ->) (54418920-1845-464B-A595-EDBEA032F08F -> ) C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0\ControlCenter30\ControlCenter30.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(explorer.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAConsole.exe <2>
(explorer.exe ->) (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\PubPlatform.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Opera Norway AS -> Opera Software) C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Users\tkkro\Desktop\overwolf\Overwolf.exe
(Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE
(services.exe ->) (Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(services.exe ->) (Panda Security S.L. -> Panda Security, S.L.U.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
HKLM-x32\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\PCCMFSDM.exe [139264 2012-06-25] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files (x86)\Panasonic\MFStation\KmPcFax.exe [819200 2012-05-18] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2024-09-29] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [186984 2022-11-02] (Panda Security S.L. -> Panda Security, S.L.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [92692328 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4735888 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4699288 2025-10-03] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [39517600 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5869264 2025-06-19] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Overwolf] => C:\Users\tkkro\Desktop\overwolf\OverwolfLauncher.exe [1911040 2025-10-27] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [MicrosoftEdgeAutoLaunch_2951A22EE169901D4BD281DD08F1EC8C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4265040 2025-10-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Browser Assistant] => C:\Users\tkkro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4712920 2025-09-11] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Run: [Opera Stable] => C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe [2106840 2025-10-27] (Opera Norway AS -> Opera Software)
HKLM\...\Print\Monitors\Panasonic KX-MB1500 Language Monitor: C:\Windows\system32\ZDGLIC36.DLL [24576 2011-02-03] (Panasonic System Networks Co., Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-10-27] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.123\Installer\chrmstp.exe [2025-10-24] (Google LLC -> Google LLC)
Startup: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2025-10-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {9385960E-1185-4899-8B8D-31C0032DE3AE} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5543640 2025-08-28] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {0B9301EB-5E36-4B83-B8DF-E00F8BDCABC5} - System32\Tasks\ASC_SkipUac_fokol => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {E55CBC48-98C1-4978-AA30-B7AAFB647D9D} - System32\Tasks\ASC_SkipUac_tkkro => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11163352 2025-08-20] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {3A9506F2-6093-4E83-8677-A6BBDCDC0E32} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem143.0.7482.0{674258D2-A324-4C88-88AF-166F6075C76A} => C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe [6933656 2025-10-19] (Google LLC -> Google LLC)
Task: {40BC1561-0536-4F7F-A9F0-0F3FB2B3B21D} - System32\Tasks\IMF_SkipUAC_fokol => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {856CA9B5-A4DE-4F10-BFF4-7666B0F131BC} - System32\Tasks\IMF_SkipUAC_tkkro => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [7054816 2024-10-16] (IObit CO., LTD -> IObit)
Task: {190E2001-08A8-4D78-97F0-26C18063AA73} - System32\Tasks\IObit SUM2025Sale (One-time) => "C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\sumen.exe" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\\/rpop
Task: {5ED981FA-B367-4919-9F38-35CFAEE78414} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17010512 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB9B7C16-9E96-4165-95A7-C073492DCBEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8880983D-5770-4468-BE3B-B2760DD7B45C} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70504 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {974DF8E5-7B61-484D-AE9F-2EF8C329CFAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA5C2C39-0B4B-4B1F-8FE5-3B88D712140E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DC56855-AA49-4267-A1B8-A9CC42A91323} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313600 2025-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FB9BF37-A89E-4E21-ACA8-628AF27331B0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFB5FF9-F3D9-44E4-A590-5BFF11676235} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFFA08B2-96E1-4C5D-9D6D-A0D1499BED7D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File) <==== ATTENTION
Task: {23FE3FB4-334A-46AD-B9C9-51AE393264DA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4393320 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCFE597D-010D-407F-9429-7FD31B355C04} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002 => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveLauncher.exe [725864 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC808F09-B746-41CB-B727-324F02862218} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1753257838 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tkkro\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {FDC48675-61E5-4B9B-924D-7B0547B30C8A} - System32\Tasks\Opera GX scheduled Autoupdate 1752689434 => C:\Users\tkkro\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {32317B31-79F5-4C66-A7C5-002C054F8446} - System32\Tasks\Opera scheduled assistant Autoupdate 1761851154 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\tkkro\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {F2BF5BCA-1513-4947-9919-61874FE1951A} - System32\Tasks\Opera scheduled Autoupdate 1761851152 => C:\Users\tkkro\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5959128 2025-10-27] (Opera Norway AS -> Opera Software)
Task: {412D0520-C155-4EEA-A3F4-CDB6432E6885} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD) -> C:\Users\tkkro\Desktop\overwolf\/RunningFrom Schedule
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{212d4b5c-3843-4e57-9e43-e4ee35d8f237}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-30]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge StartupUrls: Default -> "hxxp://www.google.sk/"
Edge Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
Edge Extension: (Edge relevant text changes) - C:\Users\tkkro\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-03]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default [2025-10-30]
CHR Notifications: Default -> hxxps://aternos.org; hxxps://d41qmme071bc73f91jpg.hyperchainnet.com
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-03]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-10-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-14]
CHR Profile: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\System Profile [2025-10-17]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288288 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [126268152 2025-09-11] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-10-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-10-22] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncHelper.exe [3604880 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
R3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141688 2025-10-07] (Microsoft Corporation -> Microsoft Corporation)
R3 ImfElamService; C:\Program Files (x86)\IObit\IObit Malware Fighter\ImfElamSvc.exe [4604200 2024-09-25] (IObit CO., LTD -> IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2641888 2024-10-11] (IObit CO., LTD -> IObit)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [119560 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\Display.NvContainer\NVDisplay.Container.exe [1275024 2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.194.1005.0003\OneDriveUpdaterService.exe [3888488 2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-10-27] (Overwolf Ltd -> Overwolf LTD)
R2 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [195736 2023-04-13] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [81424 2023-10-05] (Panda Security S.L. -> Panda Security, S.L.U.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NativePushService; "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-04-28] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-10-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R2 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2021-10-10] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [26296 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2024-09-25] (IObit CO., LTD -> IObit)
S3 IMFEFSFileControl; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [40824 2024-09-25] (IObit Information Technology -> IObit)
R3 IMFForceDelete123; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [20008 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2024-09-25] (IObit Information Technology -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53232 2024-09-25] (IObit CO., LTD -> IObit)
R3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2024-09-25] (IObit Information Technology -> IObit)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-07-02] (IObit CO., LTD -> IObit)
R1 NNSDNS; C:\Windows\system32\DRIVERS\NNSDNS.sys [146184 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [215264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [128744 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [146664 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [151152 2022-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.)
R1 NNSNHWFP; C:\Windows\system32\DRIVERS\NNSNHWFP.sys [211208 2022-12-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [164568 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [137960 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [407264 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [575720 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [125672 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [335064 2022-11-06] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S3 ObCallbackProcess; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ObCallbackProcess.sys [53608 2024-09-25] (IObit CO., LTD -> IObit)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [198376 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
S0 psinelam; C:\Windows\System32\DRIVERS\psinelam.sys [37952 2024-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [176360 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [218856 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [150760 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [162536 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [130280 2022-11-02] (WatchGuard Technologies, Inc. -> Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [63360 2023-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Panda Security, S.L.U.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [633264 2022-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-30 20:33 - 2025-10-30 20:34 - 000037981 _____ C:\Users\tkkro\Downloads\Addition.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000031379 _____ C:\Users\tkkro\Downloads\FRST.txt
2025-10-30 20:31 - 2025-10-30 20:35 - 000000000 ____D C:\FRST
2025-10-30 20:30 - 2025-10-30 20:31 - 002443264 _____ (Farbar) C:\Users\tkkro\Downloads\FRST64.exe
2025-10-30 20:07 - 2025-10-30 20:07 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2025-10-30 20:06 - 2025-10-30 20:06 - 000004248 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1761851152
2025-10-30 20:05 - 2025-10-30 20:05 - 000004518 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1761851154
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\Desktop\Prehliadač Opera.lnk
2025-10-30 20:05 - 2025-10-30 20:05 - 000001384 _____ C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2025-10-30 20:05 - 2022-12-06 11:53 - 000211208 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsnhwfp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000407264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprot.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000215264 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttp.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000146184 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsdns.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000137960 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspop3.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000128744 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttps.sys
2025-10-30 20:05 - 2022-11-06 11:24 - 000125672 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnssmtp.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000198376 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000162536 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2025-10-30 20:05 - 2022-11-03 00:33 - 000130280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2025-10-30 20:04 - 2025-10-30 20:07 - 000002305 _____ C:\Users\Public\Desktop\Panda Dome.lnk
2025-10-30 20:04 - 2025-10-30 20:05 - 000000000 ____D C:\Program Files (x86)\Panda Security
2025-10-30 20:04 - 2025-10-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2025-10-30 20:04 - 2022-11-06 11:24 - 000575720 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprv.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000335064 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsstrm.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000164568 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspicc.sys
2025-10-30 20:04 - 2022-11-06 11:24 - 000146664 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsids.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000218856 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000176360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2025-10-30 20:04 - 2022-11-03 00:33 - 000150760 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2025-10-30 20:03 - 2025-10-30 20:05 - 000000000 ____D C:\ProgramData\Panda Security
2025-10-30 20:00 - 2025-10-30 20:00 - 003369480 _____ (Panda Security, S.L.) C:\Users\tkkro\Downloads\PANDAFREEAV.exe
2025-10-30 19:51 - 2025-10-30 19:51 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub subury
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub kanal
2025-10-30 19:50 - 2025-10-30 19:50 - 000000000 ____D C:\Users\tkkro\Desktop\DoslovaJakub
2025-10-30 13:29 - 2025-10-30 13:29 - 000001419 _____ C:\Users\tkkro\Desktop\Roblox Player.lnk
2025-10-30 08:41 - 2025-10-30 08:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-10-30 08:41 - 2025-10-30 08:41 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-10-27 15:00 - 2025-10-27 15:07 - 410430982 _____ C:\Users\tkkro\Downloads\Skyblock_Infinite_Revamped.zip
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\ProgramData\CapCut
2025-10-26 18:33 - 2025-10-26 18:33 - 000000000 ____D C:\Program Files\CapCut
2025-10-24 14:08 - 2025-10-24 14:08 - 000031362 _____ C:\Users\tkkro\Downloads\unnamed.webp
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\mssdk
2025-10-24 13:41 - 2025-10-24 13:41 - 000000000 ____D C:\Users\tkkro\AppData\Local\VEDetector
2025-10-24 13:40 - 2025-10-26 18:33 - 000000000 ____D C:\Users\tkkro\AppData\Local\CapCut
2025-10-24 13:32 - 2025-10-24 13:32 - 002897776 _____ C:\Users\tkkro\Downloads\CapCut_7564765176285741057_installer.exe
2025-10-23 17:48 - 2025-10-23 17:48 - 000000000 ____D C:\Voiceover
2025-10-23 17:45 - 2025-08-18 17:21 - 000754688 _____ C:\Windows\system32\FilmoraContextMenu.dll
2025-10-23 17:44 - 2025-10-24 13:27 - 000000000 ____D C:\ProgramData\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\Users\tkkro\AppData\Local\Wondershare
2025-10-23 17:44 - 2025-10-23 17:50 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2025-10-23 17:38 - 2025-10-23 17:46 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2025-10-23 17:38 - 2025-10-23 17:38 - 002202088 _____ C:\Users\tkkro\Downloads\filmora-idco_setup_full1901.exe
2025-10-23 17:32 - 2025-10-07 09:16 - 002406071 _____ C:\Users\tkkro\Documents\video.mp4
2025-10-22 19:57 - 2025-10-29 21:35 - 000000000 ____D C:\Users\tkkro\Documents\ShareX
2025-10-22 19:49 - 2025-10-22 19:49 - 000000825 _____ C:\Users\tkkro\Desktop\ShareX.lnk
2025-10-22 19:49 - 2025-10-22 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2025-10-22 19:48 - 2025-10-22 19:48 - 000000000 ____D C:\Program Files\ShareX
2025-10-22 19:34 - 2025-10-22 19:36 - 106603663 _____ (ShareX Team ) C:\Users\tkkro\Downloads\ShareX-18.0.1-setup.exe
2025-10-22 19:24 - 2025-10-22 19:24 - 000357360 _____ C:\Users\tkkro\Downloads\photo-1657632843433-e6a8b7451ac6.jpeg
2025-10-17 20:19 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.0
2025-10-17 20:19 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000432504 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll.1
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Windows Kits
2025-10-16 19:48 - 2025-10-16 19:48 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-10-16 19:48 - 2025-10-16 19:47 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.0
2025-10-13 20:04 - 2025-10-13 20:05 - 000490371 _____ C:\Users\tkkro\Downloads\photo-1732624696535-68022a5b84dc.jpeg
2025-10-09 13:00 - 2025-10-09 13:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Electronic Arts
2025-10-09 12:59 - 2025-10-09 13:04 - 000000000 ____D C:\Users\tkkro\AppData\Local\Skate
2025-10-09 12:59 - 2025-10-09 12:59 - 000000000 ____D C:\ProgramData\Frostbite
2025-10-09 12:56 - 2025-10-09 13:03 - 000000000 ____D C:\ProgramData\Packer
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EA
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\ProgramData\eaanticheat
2025-10-09 12:56 - 2025-10-09 12:56 - 000000000 ____D C:\Program Files\EA
2025-10-08 13:31 - 2025-10-30 17:36 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\EasyAntiCheat
2025-10-08 06:46 - 2025-10-08 06:46 - 000000354 _____ C:\Users\tkkro\Desktop\Fortnite.url
2025-10-07 19:00 - 2025-10-07 19:00 - 000253230 _____ C:\Users\tkkro\Downloads\wallpaper_mikael_gustafsson.webp
2025-10-07 15:49 - 2025-10-07 15:49 - 000028406 _____ C:\Users\tkkro\Downloads\r0zg2ds05k541.webp
2025-10-07 11:54 - 2025-10-07 11:54 - 000072544 _____ C:\Users\tkkro\Downloads\SKRATKY.pptx
2025-10-06 19:16 - 2025-10-06 19:16 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\QuickStyles
2025-10-05 15:04 - 2025-10-05 15:04 - 000315386 _____ C:\Users\tkkro\Downloads\200-2_alkan-f-x-l.webp
2025-09-30 12:34 - 2025-09-30 12:34 - 000002182 _____ C:\Users\tkkro\Desktop\Mortyr 3.lnk
2025-09-30 12:34 - 2025-09-30 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2025-09-30 12:28 - 2025-09-30 12:28 - 000000000 ____D C:\Program Files (x86)\City Interactive
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-30 20:28 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-30 20:27 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2025-10-30 20:26 - 2025-01-03 20:20 - 000000000 ____D C:\Program Files (x86)\Steam
2025-10-30 20:07 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2025-10-30 20:06 - 2025-07-16 19:10 - 000000000 ____D C:\Users\tkkro\AppData\Local\Opera Software
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2025-10-30 20:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\GroupPolicy
2025-10-30 20:04 - 2025-07-16 19:08 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Opera Software
2025-10-30 19:42 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Local\Roblox
2025-10-30 17:08 - 2024-10-30 17:47 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-10-30 15:02 - 2025-03-18 21:27 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.minecraft
2025-10-30 13:58 - 2025-04-02 12:46 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\.tlauncher
2025-10-30 13:29 - 2025-09-10 13:37 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2025-10-30 08:44 - 2024-11-01 08:46 - 000000708 _____ C:\ProgramData\pdinst.ini
2025-10-30 08:42 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\D3DSCache
2025-10-30 08:41 - 2025-01-28 10:54 - 000003552 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-10 12:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-10-30 08:41 - 2025-01-03 20:08 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4097984775-1942777989-3443805053-1002
2025-10-30 08:41 - 2025-01-03 20:07 - 000000000 ___RD C:\Users\tkkro\OneDrive
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-30 08:41 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2025-10-30 08:40 - 2025-03-18 21:00 - 000000000 ____D C:\Users\tkkro\Desktop\overwolf
2025-10-30 08:40 - 2025-03-18 20:57 - 000000000 ____D C:\Users\tkkro\AppData\Local\Overwolf
2025-10-29 21:35 - 2024-10-30 17:53 - 000000000 ____D C:\ProgramData\NVIDIA
2025-10-29 21:09 - 2025-01-13 14:22 - 000002554 _____ C:\Windows\SysWOW64\pubfreeware.ini
2025-10-29 16:04 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\Packages
2025-10-29 15:24 - 2025-02-24 14:33 - 000000000 ____D C:\XboxGames
2025-10-29 15:24 - 2024-10-30 17:54 - 000000000 ____D C:\ProgramData\Packages
2025-10-27 20:45 - 2024-11-01 08:47 - 000000000 ____D C:\ProgramData\ProductData3
2025-10-27 16:27 - 2025-03-24 13:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\CrashDumps
2025-10-27 12:58 - 2025-01-03 20:23 - 000000000 ____D C:\Users\tkkro\AppData\Local\Steam
2025-10-26 19:16 - 2025-01-09 20:17 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Word
2025-10-25 17:24 - 2024-10-30 17:47 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-10-25 17:24 - 2024-10-30 17:47 - 000003504 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-10-25 06:49 - 2024-10-30 17:47 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-25 06:49 - 2024-10-30 17:47 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-24 19:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\NDF
2025-10-24 18:26 - 2024-10-30 18:02 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-24 18:26 - 2024-10-30 18:02 - 000002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-24 13:30 - 2025-09-09 13:18 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\obs-studio
2025-10-23 17:45 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-10-16 19:48 - 2025-02-24 14:33 - 004213112 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-10-16 19:48 - 2025-02-24 14:33 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-10-16 19:48 - 2025-02-24 14:33 - 000076144 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-10-16 19:47 - 2025-02-24 14:33 - 000285048 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-10-16 19:47 - 2025-02-24 14:33 - 000244088 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-10-16 13:39 - 2025-01-09 18:44 - 000000000 ____D C:\Program Files\Microsoft Office
2025-10-15 15:00 - 2024-10-30 18:05 - 000000000 ____D C:\Windows\system32\MRT
2025-10-15 15:00 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-10-15 14:57 - 2024-10-30 18:05 - 214534944 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-10-11 19:20 - 2025-01-03 20:04 - 000000000 ____D C:\Users\tkkro
2025-10-11 18:47 - 2024-10-30 17:47 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-10-11 18:46 - 2025-02-03 16:17 - 000012288 ___SH C:\DumpStack.log.tmp
2025-10-09 13:07 - 2025-01-06 13:28 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-10-08 13:32 - 2025-03-30 06:28 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2025-10-07 16:12 - 2025-01-03 20:34 - 000000000 ____D C:\Program Files\Epic Games
2025-10-07 12:26 - 2025-01-31 18:00 - 000000000 ____D C:\Users\tkkro\AppData\Roaming\Microsoft\PowerPoint
2025-10-06 19:27 - 2025-08-13 19:08 - 000002434 _____ C:\Users\tkkro\Desktop\PowerPoint.lnk
2025-10-06 19:27 - 2025-08-13 19:08 - 000002429 _____ C:\Users\tkkro\Desktop\Excel.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002517 _____ C:\Users\tkkro\Desktop\Word.lnk
2025-10-06 19:27 - 2025-08-13 19:07 - 000002439 _____ C:\Users\tkkro\Desktop\OneNote.lnk
2025-10-01 13:11 - 2025-01-03 20:05 - 000000000 ____D C:\Users\tkkro\AppData\Local\VirtualStore
==================== Files in the root of some directories ========
2025-02-01 18:02 - 2025-02-15 16:52 - 000007625 _____ () C:\Users\tkkro\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2025
Ran by tkkro (30-10-2025 20:36:14)
Running from C:\Users\tkkro\Downloads
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2024-10-30 16:48:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4097984775-1942777989-3443805053-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4097984775-1942777989-3443805053-503 - Limited - Disabled)
Guest (S-1-5-21-4097984775-1942777989-3443805053-501 - Limited - Disabled)
tkkro (S-1-5-21-4097984775-1942777989-3443805053-1002 - Administrator - Enabled) => C:\Users\tkkro
WDAGUtilityAccount (S-1-5-21-4097984775-1942777989-3443805053-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Dome (Enabled - Up to date) {8404BB29-B609-D604-AF5C-6806F0482FD3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {1B2E67BD-0994-AA89-E0C2-268754ADA0AC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 18.5.0 - IObit)
CPUID CPU-Z 2.11 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.11 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.288.1.8404 - Overwolf app)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.123 - Google LLC)
IObit Malware Fighter 12 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 12.0.0.1433 - IObit)
Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.99 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.99 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{0812546C-471E-E343-DE9C-AECF3D0137E6}) (Version: 10.1.26100.6154 - Microsoft Corporation)
Microsoft Office 2019 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudent2019Retail - sk-sk) (Version: 16.0.19127.20302 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.194.1005.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mortyr 3: Diverzní akce (HKLM-x32\...\Mortyr3_is1) (Version: - City Interactive)
NVIDIA Grafický ovládač 566.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 566.03 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 31.0.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Opera Stable 123.0.5669.23 (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Opera 123.0.5669.23) (Version: 123.0.5669.23 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.283.1.4 - Overwolf Ltd.)
Panasonic Multi-Function Station software (HKLM-x32\...\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}) (Version: 1.00 - Panasonic System Networks Co., Ltd.)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{2D719FEF-BFA6-47CB-8017-96358D753C60}) (Version: 12.12.80 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 22.03.05.0000 - Panda Security)
Roblox Player for tkkro (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 18.0.1 - ShareX Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.9316 - TLauncher Inc.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
Wargaming.net Game Center for Steam (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\Wargaming.net Game Center for Steam) (Version: 25.5.0.352 - Wargaming.net)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Chrome apps:
============
Instagram (HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\...\7815dab0388481ea744919410c3232d7) (Version: 1.0 - Google\Chrome)
Packages:
=========
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0 [2025-07-01] (CLEVO CO.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-09-07] (Instagram)
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-10-16] ()
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-10-16] ()
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.11401.0_x64__8wekyb3d8bbwe [2025-10-16] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.2.2.0_x64__8wekyb3d8bbwe [2025-02-24] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-06-17] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-10-16] ()
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2542.2.0_x64__cv1g1gvanyjgm [2025-10-23] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-4097984775-1942777989-3443805053-1002_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.194.1005.0003\FileSyncShell64.dll [2025-10-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_74fb74d37997e9f3\nvshext.dll [2024-10-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2024-09-25] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2023-01-02] (Panda Security S.L. -> Panda Security, S.L.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\tkkro\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
ShortcutWithArgument: C:\Users\tkkro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Instagram.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp
==================== Loaded Modules (Whitelisted) =============
2025-10-23 17:45 - 2024-09-29 13:45 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2025-10-22 19:48 - 2024-01-21 13:44 - 000113664 _____ (Gregoire Pailler) [File not signed] [File is in use] C:\Program Files\ShareX\MegaApiClient.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2025-01-09 18:56 - 2025-01-09 18:56 - 000000000 ___JL (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-10-22 19:48 - 2025-08-19 03:34 - 000263680 _____ (Özgür Özçıtak) [File not signed] [File is in use] C:\Program Files\ShareX\ImageListView.dll
2025-01-29 20:23 - 2011-01-21 13:18 - 000135168 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSSEL.DLL
2025-01-29 20:21 - 2012-08-21 18:21 - 000033280 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\K0JDUC36.DLL
2025-01-29 20:21 - 2011-02-03 11:08 - 000024576 _____ (Panasonic System Networks Co., Ltd.) [File not signed] C:\Windows\System32\ZDGLIC36.DLL
2025-01-29 20:23 - 2010-03-29 20:05 - 000110592 _____ (Panosonic System Networks Co., Ltd.) [File not signed] C:\Program Files (x86)\Panasonic\MFStation\PCMFSNWK.DLL
2025-10-22 19:48 - 2025-08-19 03:35 - 002085888 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001075712 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HelpersLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000187392 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.HistoryLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000129024 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ImageEffectsLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000040960 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.IndexerLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000197120 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.MediaLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 000863232 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.ScreenCaptureLib.dll
2025-10-22 19:48 - 2025-08-19 03:35 - 001656832 _____ (ShareX Team) [File not signed] [File is in use] C:\Program Files\ShareX\ShareX.UploadersLib.dll
2025-10-23 17:45 - 2024-09-29 13:45 - 000708096 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8646]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2024-09-25] (IObit CO., LTD -> IObit)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-09-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 192.168.0.1
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 2: AnchorFree TAP-Windows Adapter V9 -> aftap0901.sys
Ethernet: Realtek(R) PCI(e) Ethernet Controller -> rt640x64.sys
NNSNAHSL: Network Activity Hook Server LightWeight Filter Driver
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-4097984775-1942777989-3443805053-1002\Control Panel\Desktop\\Wallpaper -> c:\users\tkkro\downloads\wp6710191.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B7FAE2D9-33F3-486F-8910-0E7980590D1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21D4B83C-7B89-40F2-A545-CCA0D9DBB29F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{058B7C48-58D8-4E1D-AEFB-7925F7B702F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F9D755EE-73A1-40FF-A6BE-1AB7A6B26315}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{894F99F6-8F4E-46D2-A145-3A554E903AEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9FE6571B-6C9A-44A0-97E5-20E66A0CBED9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{151BF5E7-3BD3-49CA-81E7-2444E5890247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{29E01651-0953-4347-ADAA-AD8D29E03518}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks\wgcs_api.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{A2137977-B7CA-453C-83AE-1128A70AA72C}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{43614A71-6292-4524-8B2A-1E3AEDB9B009}C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\world of tanks\eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{30BB6EA8-C045-41FA-8EC6-648C14567767}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{73343FDB-800F-4C6A-B8CB-0678E861B833}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{DA522197-941E-48BA-AF25-65BE99B54E68}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{A3B81E93-FD18-4296-82EA-AE37DB1B95CB}C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\users\tkkro\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{E1EC91E5-C175-4F41-AB71-C75CF93EFC7E}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{2214E935-0E25-4C84-884C-C0C88DF333E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8DE9377A-A66D-4E04-8001-0324C2850CCF}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{36112FFC-BCEC-4E9A-8105-C65A3B57EB42}C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe] => (Allow) C:\users\tkkro\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.61-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{3568E8D6-1E5E-4C79-BEBC-7BAF85E8F018}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{CD559E2A-B1C1-406B-9951-CA248D97AA6C}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
FirewallRules: [TCP Query User{C4FBDEAA-DCF8-4747-AC9D-58814D641F13}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{750A8C26-561A-489F-9E63-1285F41A08F3}C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tkkro\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [{3CE1FCA6-EB80-43B1-B632-BFC91C2FD3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{413EBFEB-0A85-4C16-9785-F048973970E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{5A64C604-2C70-42E4-9AA5-313C5643FD6F}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{55C5CE38-7997-4DAC-A1FE-B839DE5A3279}C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tkkro\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{BD5EE8B0-8314-44BA-AE47-BFCB1EDC6889}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera GX\opera.exe => No File
FirewallRules: [TCP Query User{2DD23EE8-3668-4867-9466-F53A904E8249}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EEE95090-5266-47FF-AA44-DFE31CDC7EF4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7F0FE9B7-2FBF-426B-BE92-07BDC5793CE5}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CA7BAC75-F145-405C-BA44-AE1AB5B3ACAF}C:\programdata\wargaming.net\gamecenter for steam\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter for steam\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{1EFCE25B-3EEF-4E67-8FEF-F9212A618B22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90297FA-CF3B-4E5E-AFE4-D9357BBD05A5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25255.501.3956.3603_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A36BC844-44F1-4255-B065-8B28DFCBBFDC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1C4DFE8-3515-4806-A0C1-6C7C1FCDDD93}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BD47556-0562-48D6-8674-403F19515E3D}] => (Allow) C:\Users\tkkro\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{57E1C116-A915-4C5B-8540-91E4C97E00D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{821D0214-40E9-4A05-BE71-B25C13558722}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{0BE3DB2E-18FE-4168-A693-9E6C99FF7A64}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{1D81B1EA-B682-4C05-AA47-2D30943BC26A}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{4BFD4078-57D6-4A9F-BE49-9E1C3A78473B}] => (Block) C:\Users\tkkro\Desktop\overwolf\0.283.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{9E932D0C-33D4-4CC9-829C-401549ECBDE1}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9684FE81-BDF2-448A-B5E7-F4B3A25F289C}] => (Allow) C:\Users\tkkro\Desktop\overwolf\0.283.1.4\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6EE2C7BB-6A75-4859-A794-307F4ED73A10}] => (Allow) C:\Users\tkkro\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
==================== Restore Points =========================
20-10-2025 14:58:39 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/30/2025 08:06:11 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.
Error: (10/27/2025 04:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: javaw.exe, verzia: 21.0.7.0, časová značka: 0x1bc97390
Názov chybujúceho modulu: OpenAL.dll, verzia: 1.23.1.0, časová značka: 0x647635a1
Kód výnimky: 0xc0000409
Odstup chyby: 0x00000000000a2b05
Identifikácia chybujúceho procesu: 0x4780
Čas spustenia chybujúcej aplikácie: 0x01dc4742eadf0834
Cesta chybujúcej aplikácie: C:\Users\tkkro\AppData\Roaming\.minecraft\runtime\java-runtime-delta\windows\java-runtime-delta\bin\javaw.exe
Cesta chybujúceho modulu: C:\Users\tkkro\AppData\Roaming\.minecraft\versions\1.21.8\natives\OpenAL.dll
Identifikácia hlásenia: 72b7856b-12d1-416e-a831-d57dc7da956a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
Error: (10/26/2025 07:16:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8276. Message ID: [0x2509].
Error: (10/24/2025 01:54:56 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5444. Message ID: [0x2509].
Error: (10/22/2025 08:17:55 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 18136. Message ID: [0x2509].
Error: (10/22/2025 08:06:37 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 9208. Message ID: [0x2509].
Error: (10/21/2025 08:40:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 15832. Message ID: [0x2509].
Error: (10/16/2025 07:45:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 1768. Message ID: [0x2509].
System errors:
=============
Error: (10/30/2025 08:40:14 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 08:24:25 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 02:43:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/29/2025 07:12:41 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/28/2025 12:28:14 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/27/2025 08:44:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/27/2025 12:57:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
Error: (10/26/2025 06:32:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{212D4B5C-3843-4E57-9E43-E4EE35D8F237} because another computer on the network has the same name. The server could not start.
CodeIntegrity:
===============
Date: 2025-10-30 20:25:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-10-30 20:06:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\x64\PSINOAV.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A11 07/09/2015
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 12237.66 MB
Available physical RAM: 5857.8 MB
Total Virtual: 15565.66 MB
Available Virtual: 5004.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.06 GB) (Free:186.16 GB) (Model: Samsung SSD 870 EVO 500GB) NTFS
\\?\Volume{af14c36c-7ad2-4102-b034-4a9c639048cb}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{849eb65b-293c-4b14-9dbc-81d44162e426}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 199E659F)
Partition: GPT.
==================== End of Addition.txt =======================