Zdravím odborníky,
průběžné pokusy použít odkazy v HJT přes 360Total S., Ccleaner, Malware Hunter, Total AV, Eset online, Mc Afee i zapnutý Firewall v Defenderu atd. Se dříve popisovaná situace v NTB Lenovo G580 s Win. 8 na 10 nelepší. K tomu občas vystřelují samovolně brnkací okna (7 virů, 3x Trojan, Všechna data zašifrována) po kliku na ně oznamuji, že licence na Mc Afee vypršela, Norton- prodlužte oprávnění atd.
Prosím o kontrolu logu a jak si dále počínat.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:55:36, on 24.11.2025
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Users\vlad\Autodesk\Genuine Service\GenuineService.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\360\Total Security\safemon\PopWndLog.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\crashhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\vlad\Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKCU\..\Run: [VideoDownloadCapture] C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe /autoStart
O4 - HKCU\..\Run: [CCXProcess] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_392257826694F9B020490AE9C384473E] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [360DesktopLite] "C:\ProgramData\360TotalSecurity\DesktopPlus\DesktopPlus64.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: GenuineService.lnk = C:\Users\vlad\Autodesk\Genuine Service\GenuineService.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HD Writer.lnk = ?
O4 - Global Startup: SOLIDWORKS 2020 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files (x86)\Bricsys\Bricscad V12\BrxProtIE.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCleaner 7 (CCleaner7) - Gen Digital Inc. - C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
O23 - Service: @C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe,-100 (CIJSRegister) - CANON INC. - C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_932baf9 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\142.0.7444.176\elevation_service.exe
O23 - Service: Interní aktualizační služba Google (GoogleUpdaterInternalService143.0.7482.0) (GoogleUpdaterInternalService143.0.7482.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe
O23 - Service: Aktualizační služba Google (GoogleUpdaterService143.0.7482.0) (GoogleUpdaterService143.0.7482.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) MPI Library Hydra Process Manager (impi_hydra) - Intel Corporation - C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe
O23 - Service: Intel(R) SUR QC Software Asset Manager (Intel(R) SUR QC SAM) - Intel Corporation - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: MBVpnTunnelService - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
O23 - Service: McAfee WebAdvisor - McAfee, LLC - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service: MFLocalService - Unknown owner - C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR-Sound_Organizer - Sony Corporation - C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - Qihoo 360 Technology Co. Ltd. - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: QHProtected - Qihoo 360 Technology Co. Ltd. - C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2008 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SolidWorks Flexnet Server - Flexera Software LLC - C:\SolidWorks_Flexnet_Server\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SWVisualize2020.BoostService - Dassault Systemes - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe
O23 - Service: SWVisualize2020.Queue.Server - Dassault Systemes - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16102 bytes
infekce
Moderátoři: Mods_senior, Security team
Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Re: infekce
Taky zdravím!
Odinstaluj Mc Afee pomocí RevoUninstalleru , s funkcí hledat a odinstalovat všechny části , soubory a složky , ovladače ap.
Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/
https://www.majorgeeks.com/files/detail ... eaner.html
https://www.majorgeeks.com/mg/get/temp_ ... ner,1.html
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)
Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/
na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
(Po skončení scanu klikni na vidličku save result a vyber export to TXT. Po chvilce se objeví okno a uložíš si log v txt kam chceš. Pak ho zkopíruj a vlož sem).
Odinstaluj Mc Afee pomocí RevoUninstalleru , s funkcí hledat a odinstalovat všechny části , soubory a složky , ovladače ap.
Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/
https://www.majorgeeks.com/files/detail ... eaner.html
https://www.majorgeeks.com/mg/get/temp_ ... ner,1.html
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)
Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/
na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
(Po skončení scanu klikni na vidličku save result a vyber export to TXT. Po chvilce se objeví okno a uložíš si log v txt kam chceš. Pak ho zkopíruj a vlož sem).
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: infekce
Pokud jsem pokyny správně pocholil, vygenerovaly se tyto dva výpisy.
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-22-2025
# Duration: 00:03:13
# OS: Windows 10 (Build 18362.592)
# Scanned: 32108
# Detected: 89
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
PUP.Optional.Legacy C:\ProgramData\SuperEasy Software
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.Seznam.cz C:\Users\vlad\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.ICLoader HKLM\Software\Wow6432Node\WIFIService
PUP.Adware.Heuristic HKCU\SOFTWARE\0813fcfaaa21119ce81fd4bcee1c051b
PUP.Adware.Heuristic HKCU\SOFTWARE\6C38ED07529A146BD8A6
PUP.Adware.Heuristic HKCU\SOFTWARE\D628EC005060303CE3D6
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.MyWebShield HKU\.DEFAULT\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.MyWebShield HKU\S-1-5-18\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.PCProtect HKU\.DEFAULT\Software\SSProtect
PUP.Optional.PCProtect HKU\S-1-5-18\Software\SSProtect
PUP.Optional.Seznam.cz HKCU\Software\Seznam.cz
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav
PUP.Optional.VLCStreamerDE HKLM\Software\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.VLCStreamerDE HKLM\Software\Wow6432Node\\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.YTDToolbar HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoPower2Go Folder C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Preinstalled.LenovoSolutionCenter Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\LENOVO SOLUTION CENTER
Preinstalled.LenovoYouCam Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\YOUCAM
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
PUP.Optional.Legacy C:\ProgramData\SuperEasy Software
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.Seznam.cz C:\Users\vlad\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.ICLoader HKLM\Software\Wow6432Node\WIFIService
PUP.Adware.Heuristic HKCU\SOFTWARE\0813fcfaaa21119ce81fd4bcee1c051b
PUP.Adware.Heuristic HKCU\SOFTWARE\6C38ED07529A146BD8A6
PUP.Adware.Heuristic HKCU\SOFTWARE\D628EC005060303CE3D6
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.MyWebShield HKU\.DEFAULT\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.MyWebShield HKU\S-1-5-18\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.PCProtect HKU\.DEFAULT\Software\SSProtect
PUP.Optional.PCProtect HKU\S-1-5-18\Software\SSProtect
PUP.Optional.Seznam.cz HKCU\Software\Seznam.cz
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav
PUP.Optional.VLCStreamerDE HKLM\Software\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.VLCStreamerDE HKLM\Software\Wow6432Node\\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.YTDToolbar HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoPower2Go Folder C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Preinstalled.LenovoSolutionCenter Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\LENOVO SOLUTION CENTER
Preinstalled.LenovoYouCam Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\YOUCAM
AdwCleaner[S00].txt - [10029 octets] - [22/11/2025 17:42:25]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-22-2025
# Duration: 00:03:13
# OS: Windows 10 (Build 18362.592)
# Scanned: 32108
# Detected: 89
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
PUP.Optional.Legacy C:\ProgramData\SuperEasy Software
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.Seznam.cz C:\Users\vlad\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.ICLoader HKLM\Software\Wow6432Node\WIFIService
PUP.Adware.Heuristic HKCU\SOFTWARE\0813fcfaaa21119ce81fd4bcee1c051b
PUP.Adware.Heuristic HKCU\SOFTWARE\6C38ED07529A146BD8A6
PUP.Adware.Heuristic HKCU\SOFTWARE\D628EC005060303CE3D6
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.MyWebShield HKU\.DEFAULT\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.MyWebShield HKU\S-1-5-18\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.PCProtect HKU\.DEFAULT\Software\SSProtect
PUP.Optional.PCProtect HKU\S-1-5-18\Software\SSProtect
PUP.Optional.Seznam.cz HKCU\Software\Seznam.cz
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav
PUP.Optional.VLCStreamerDE HKLM\Software\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.VLCStreamerDE HKLM\Software\Wow6432Node\\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.YTDToolbar HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoPower2Go Folder C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Preinstalled.LenovoSolutionCenter Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\LENOVO SOLUTION CENTER
Preinstalled.LenovoYouCam Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\YOUCAM
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\vlad\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
PUP.Optional.Legacy C:\ProgramData\SuperEasy Software
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.Seznam.cz C:\Users\vlad\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.ICLoader HKLM\Software\Wow6432Node\WIFIService
PUP.Adware.Heuristic HKCU\SOFTWARE\0813fcfaaa21119ce81fd4bcee1c051b
PUP.Adware.Heuristic HKCU\SOFTWARE\6C38ED07529A146BD8A6
PUP.Adware.Heuristic HKCU\SOFTWARE\D628EC005060303CE3D6
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\SuperEasy Software
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\NCTAudioCDGrabber2.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escorTlbr.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escort.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortApp.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\escortEng.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\esrv.EXE
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.MyWebShield HKU\.DEFAULT\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.MyWebShield HKU\S-1-5-18\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.PCProtect HKU\.DEFAULT\Software\SSProtect
PUP.Optional.PCProtect HKU\S-1-5-18\Software\SSProtect
PUP.Optional.Seznam.cz HKCU\Software\Seznam.cz
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav
PUP.Optional.VLCStreamerDE HKLM\Software\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.VLCStreamerDE HKLM\Software\Wow6432Node\\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}
PUP.Optional.YTDToolbar HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.LenovoPower2Go Folder C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Preinstalled.LenovoSolutionCenter Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\LENOVO SOLUTION CENTER
Preinstalled.LenovoYouCam Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\YOUCAM
AdwCleaner[S00].txt - [10029 octets] - [22/11/2025 17:42:25]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Re: infekce
A Malwarebytes' Anti-Malware log je kde?
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ do karantény“
Program provede opravu, po automatickém restartu klikni na Zobrazit logovací soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Další zítra.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ do karantény“
Program provede opravu, po automatickém restartu klikni na Zobrazit logovací soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Další zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: infekce
Pardon, log-ů z nově staženého Anti Malwarebytes vzniklo po zadání SKEN více kvůli pokusům. Zde jsou dva počáteční.
Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
11/22/25 " 18:02:16.153" 91961015 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/22/25 " 18:02:16.222" 91961078 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/22/25 " 18:02:34.452" 91979312 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/22/25 " 18:02:34.472" 91979328 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
11/27/25 " 16:06:11.328" 74802593 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/27/25 " 16:06:11.406" 74802671 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/27/25 " 16:06:21.972" 74813234 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 191 "Found mbtun driver."
11/27/25 " 16:06:24.995" 74816265 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 200 "Removed mbtun driver."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
11/22/25 " 18:02:16.153" 91961015 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/22/25 " 18:02:16.222" 91961078 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/22/25 " 18:02:34.452" 91979312 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/22/25 " 18:02:34.472" 91979328 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
11/27/25 " 16:06:11.328" 74802593 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/27/25 " 16:06:11.406" 74802671 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/27/25 " 16:06:21.972" 74813234 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 191 "Found mbtun driver."
11/27/25 " 16:06:24.995" 74816265 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 200 "Removed mbtun driver."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
11/22/25 " 18:02:16.153" 91961015 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/22/25 " 18:02:16.222" 91961078 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/22/25 " 18:02:34.452" 91979312 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/22/25 " 18:02:34.472" 91979328 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
11/27/25 " 16:06:11.328" 74802593 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/27/25 " 16:06:11.406" 74802671 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/27/25 " 16:06:21.972" 74813234 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 191 "Found mbtun driver."
11/27/25 " 16:06:24.995" 74816265 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 200 "Removed mbtun driver."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
11/22/25 " 18:02:16.153" 91961015 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/22/25 " 18:02:16.222" 91961078 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/22/25 " 18:02:34.442" 91979296 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/22/25 " 18:02:34.452" 91979312 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/22/25 " 18:02:34.472" 91979328 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/22/25 " 18:02:39.818" 91984671 1b6c 1c9c INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"
11/27/25 " 16:06:11.328" 74802593 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 95 "RemoveDriver=1 ReinstallDriver=1 Version=2"
11/27/25 " 16:06:11.406" 74802671 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 136 "Driver package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun."
11/27/25 " 16:06:21.972" 74813234 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 191 "Found mbtun driver."
11/27/25 " 16:06:24.995" 74816265 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 200 "Removed mbtun driver."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 162 "mbtun driver not found."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 WARNING MBTunDriverInstaller UninstallMBTunHelper "customaction.cpp" 214 "Failed to remove C:\Program Files\Malwarebytes\Anti-Malware\mbtun, Errcode=2."
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 152 "MBTun uninstall returned 0x00000000"
11/27/25 " 16:06:25.026" 74816296 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 51 "Target package folder: C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 60 "OsVer: 12."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 98 "Extracting driver files, resrcName=mbtun_v2."
11/27/25 " 16:06:25.057" 74816328 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 108 "Extracted new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTunHelper "customaction.cpp" 119 "Installed new driver files."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBTunDriverInstaller InstallMBTun "customaction.cpp" 360 "Removing driver package folder."
11/27/25 " 16:06:26.576" 74817843 1ea0 2c20 INFO MBVpnTunnelService RunMBTunInstaller "MBTun.cpp" 158 "MBTun install returned 0x00000000"