Prosím o kontrolu logu, děkuji Vyřešeno

[Marťan]

Farbar recovery mi zas nejde stáhnout, zkusím ty programy co mi nešly stáhnout z netu, stáhnout na noťasu a hodit na flashku a nainstalovat z flashky.

[Reklama]

[Marťan]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-08-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-18-2025
# Duration: 00:00:27
# OS: Windows 7 Service Pack 1
# Scanned: 32098
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy ccjleegmemocfpghkhpjmiccjcacackp

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[jaro3]

Disky OK.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ do karantény“

Program provede opravu, po automatickém restartu klikni na Zobrazit logovací soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Teď ten malwarebytes.

Měl by si zapnout diagnostiku sítě, kvůli internetu.

[Marťan]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2025-03-10.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-18-2025
# Duration: 00:00:00
# OS: Windows 7 Service Pack 1
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted ccjleegmemocfpghkhpjmiccjcacackp

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1443 octets] - [18/03/2025 16:42:17]
AdwCleaner[S01].txt - [1504 octets] - [18/03/2025 17:52:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Marťan]

Program : RogueKillerSVC
Version : 3.1.1.0
x64 : Yes
Program Date : Mar 11 2025
Location : C:\Program Files\RogueKiller\RogueKillerSvc.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Martys
User is Admin : Yes
Date : 2025/03/18 17:04:11
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 20
Found items : 0
Total scanned : 1445
removed_count : 0
Signatures Version : 20250317_111654
Truesight Driver : Yes
Updates Count : 0

************************* Warnings *************************

************************* Updates *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

[Marťan]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Martys (Administrator) on Łt 18.03.2025 at 18:15:31,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\prefs.js
user_pref(browser.uiCustomization.state, {\placements\:{\widget-overflow-fixed-list\:[],\unified-extensions-area\:[\nortonhomepage_symantec_com-browser-action\,\no
user_pref(extensions.webextensions.uuids, {\screenshots@mozilla.org\:\aaae70e9-3b23-4d45-a8e2-a91b76bbcbd5\,\formautofill@mozilla.org\:\78e1e123-5067-4776-b8c9-efcf3



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 18.03.2025 at 18:18:35,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Marťan]

Teď zkusím ten Malwarebytes, mám i pokračovat co mi nešlo, ten Security Check a ještě FarbarRecovery?
Jinak jsem zapl Google prohlížeč a PC help stránky mi to načítalo minutu.

[Marťan]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-03-2025
Ran by Martys (administrator) on MARTYS-PC (18-03-2025 18:35:03)
Running from C:\Users\Martys\Desktop\FRST64.exe
Loaded Profiles: Martys
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Norton\Suite\NortonSvc.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe ->) (Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\CCleaner\CCleaner64.exe
(NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <3>
(services.exe ->) (Acronis, Inc -> ) C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Guillemot Recherche et Développement, Inc -> Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(services.exe ->) (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\afwServ.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\AvDump.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\aswidsagent.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\wsc_proxy.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(services.exe ->) (Skype Software Sarl -> Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Ulead Systems, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(services.exe ->) (Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [457320 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-24] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\Run: [MultiScreen] => C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] () [File not signed]
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam1\steam.exe [4407392 2024-11-08] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [24349272 2024-08-21] (Urban Cyber Security Inc. -> )
HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MP270 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9X.DLL [28672 2010-04-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP270 series: C:\Windows\system32\CNMLM9X.DLL [336896 2010-04-24] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-06-20] (Hewlett-Packard Company -> Hewlett-Packard Company)
Startup: C:\Users\Martys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2011-01-02]
ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-03-08]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech -> Logitech, Inc.)
BootExecute: autocheck autochk * autopart.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5C920335-0E62-4A44-9514-F93B59EF6A08} - System32\Tasks\{02E7D422-0A7D-46A9-900C-BE172CFE1ADD} => H:\TRIPEAKS.EXE (No File)
Task: {E4DFB5F3-AFFB-4577-824A-D4CCCC8635A4} - System32\Tasks\{03076CF8-A72B-4A99-BB35-10ADFB71B3E9} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Martys\Desktop\XboxInstaller.exe -d C:\Users\Martys\Desktop
Task: {1C0D7379-486B-4699-9BCA-39E0194C260E} - System32\Tasks\{0D5AD854-6A76-4375-ADF2-3E85B88B73F3} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a H:\VAGCOM\KKL409.1.exe -d H:\VAGCOM
Task: {8AB15B42-CC78-4E33-A6C2-0A1285964BBB} - System32\Tasks\{18183E7D-7702-47B9-8544-5773EB6233BE} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a E:\monsetup.exe -d E:\
Task: {7EFB5A22-C172-4797-88E3-D0E2C10B94AE} - System32\Tasks\{1860A437-DC0A-4DF7-A62B-0E940CEF5768} => D:\Hry\South park\South Park The Stick of Truth\South Park - The Stick of Truth.exe [11033600 2014-03-04] (Obsidian Entertainment, Inc.) [File not signed]
Task: {378E8122-46B7-4FF3-B10C-1A9244A80021} - System32\Tasks\{1D4B9533-9B47-4633-ABF8-5913524D40A7} => H:\TRIPEAKS.EXE (No File)
Task: {C6C61DDB-75E5-4582-827B-48EC27633CDE} - System32\Tasks\{3BB29E29-89E2-4D7E-87D1-20C4E5C58DBA} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {A285EF4F-9AE9-433C-8D1C-2D29749577A5} - System32\Tasks\{3CC70417-BD38-4009-B990-9EFAA59B735F} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Martys\Downloads\CyberLink_PowerDVD_Downloader.exe -d C:\Users\Martys\Downloads
Task: {5931D626-571D-4369-A0F9-E4E77C09F4A3} - System32\Tasks\{4A39CFFF-9A7A-4FF4-BA48-B5245FAE3B81} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Xbox360\Xbox Backup Creator\missingfilesetup.exe" -d "D:\Xbox360\Xbox Backup Creator"
Task: {EB8DF3D8-C6A0-4444-B1BF-19F614F26B76} - System32\Tasks\{4CAFB5C0-B418-4450-92C7-D6B782105BBF} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a "D:\Dokumenty\Programy,instalačky\Video graber Ulead studio\Drivers\Setup.exe" -d "D:\Dokumenty\Programy,instalačky\Video graber Ulead studio\Drivers"
Task: {0EB99F56-CDFC-47F3-AD94-7C7A92612F7A} - System32\Tasks\{530CE87B-3538-4D62-B46B-91CAAB144F06} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Hry\Uninstaller.exe -d D:\Hry
Task: {283EA1A2-6DA1-45B2-81F8-9EDAEEC1EC6E} - System32\Tasks\{59E78EC6-2AD5-4DD5-BDAA-77EE738EF2FC} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a H:\NetFx20SP2_x86.exe -d H:\
Task: {F1EBD1ED-6BF3-447F-9FC6-1FBD665A8C7B} - System32\Tasks\{61AA5D65-951A-47A4-ACAC-43DFBA5AF182} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Martys\Downloads\XboxInstaller.exe -d C:\Users\Martys\Downloads
Task: {13A3936E-F466-4A8F-8AC2-16CFB6991172} - System32\Tasks\{63387DFF-E73D-4311-A874-D477A9DF6FFF} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a H:\NetFx20SP2_x64.exe -d H:\
Task: {29F45839-678C-45FF-A871-222FDE7B8B26} - System32\Tasks\{671DE18D-752E-4492-A3A2-5C82B5EB7600} => D:\Hry\South park\South Park The Stick of Truth\South Park - The Stick of Truth.exe [11033600 2014-03-04] (Obsidian Entertainment, Inc.) [File not signed]
Task: {7F7A154A-A664-4687-B613-CE242777D14C} - System32\Tasks\{7021D46B-A7A0-4450-9A63-04629FDB7890} => D:\Hry\Stronghold Crusader.exe (No File)
Task: {7F6A7438-8F2D-482F-BB36-AEC4DB23F04D} - System32\Tasks\{741FC4DC-37F7-4AB2-B68F-6A84FF976976} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {900E7F2B-A887-4454-941A-9E0547F308C9} - System32\Tasks\{79899FCE-DB4E-4F27-8F2E-C70FE053AA25} => C:\Program Files (x86)\Pinnacle\Studio 17\programs\PinnacleStudio.EXE [192296 2013-11-07] (Corel Corporation -> Pinnacle)
Task: {73AE571F-BC46-409B-B6F6-A6684B15A651} - System32\Tasks\{79E5A4C2-617A-47E6-9E1D-40A01B2E34E6} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {2099636C-E9CC-4EF1-9AE9-740D899967A1} - System32\Tasks\{8365A4F8-C88F-4669-A52D-A1E85DE9AF22} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a "F:\OBDII On PC software\scantool_net113win\scantool_net113win.exe" -d "F:\OBDII On PC software\scantool_net113win"
Task: {EE5264F2-B73B-4624-AEA3-07744B6A318D} - System32\Tasks\{91873097-9570-4935-A5BD-A587293D815C} => D:\Hry\Stronghold Crusader.exe (No File)
Task: {D8CEF72E-9249-4C5A-8E83-D4273B097038} - System32\Tasks\{A2222AAB-28A5-4926-A207-781DB4573E71} => H:\TRIPEAKS.EXE (No File)
Task: {7702DA08-3D66-4576-8A93-B3C28B20C69C} - System32\Tasks\{BEE85EDE-72F1-479E-9520-9B460B819221} => H:\TRIPEAKS.EXE (No File)
Task: {10FEBC30-8818-4A65-8C07-F426B6B9AF86} - System32\Tasks\{CC1E3A4C-4674-4791-82ED-E0CC37CAE6F2} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {F1E94BB2-E773-4275-853F-EE11B268F220} - System32\Tasks\{CC39261F-A5FF-4DAF-A529-5FA5B3A9D27E} => H:\TRIPEAKS.EXE (No File)
Task: {EA10E55E-68D6-4C48-AEBD-89C6EE90C742} - System32\Tasks\{CF7222DB-83A4-4D01-A7CF-CA483951D7D5} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {E3A7D4C3-0038-4E3C-961D-93EAF04F2BE5} - System32\Tasks\{D6D98709-5979-4818-B7DF-7C5A0297ABCC} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {D62E688C-11DD-415C-B83C-54AB4BF7D0CE} - System32\Tasks\{DB89D46B-2FE5-4D7E-947A-AFD968C59458} => C:\Windows\System32\pcalua.exe [9728 2019-06-12] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe" -c -runfromtemp -l0x0409
Task: {2F04F5DC-C437-4455-9338-8775EEC471C9} - System32\Tasks\{EE360FCE-4198-4791-AE4F-741B2626D9E7} => D:\Hry\Mafia\Game.exe [2486272 2002-08-27] (Illusion Softworks) [File not signed]
Task: {250AECC2-1410-4D61-B8DF-4C3A998CFFB5} - System32\Tasks\{FF292F72-3998-413C-84E2-CFD64D2E1FED} => H:\TRIPEAKS.EXE (No File)
Task: {4685C9D6-2BF5-42FA-B7DC-81C1D210C938} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {ADC875BF-01E0-4635-8D49-0F62834724C7} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {183DF7BC-039F-4664-A1FD-31957C2E8C7D} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424 2012-03-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {BFF03A3B-6426-44B2-BFBE-A26EE14B881F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {D37A21BA-BBCC-4304-ABC7-2322914AAC74} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "57defbf6-70cd-4d12-a669-501b4e80a6a4" --version "6.33.0.11465" --silent
Task: {C72A5D8B-61A1-46C0-B3CA-C6373AE83855} - System32\Tasks\CCleanerSkipUAC - Martys => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {C95FE4DB-C48C-42BF-BDD3-E492195EDE2C} - System32\Tasks\elevator_146642f81f761f5155bd3862a8b79c2f => D:\Hry\RBRPro\RBRProManager.exe [1029120 2021-02-22] (TGD Simware) [File not signed]
Task: {89DD84E3-83CC-4C71-B99E-B1040505D7CB} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [132096 2024-07-08] (Softdeluxe) [File not signed]
Task: {F9C04323-6504-45FB-A0BA-C7FBF1EA1818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
Task: {33F92772-5A9F-4195-9F89-583C17EC9E23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
Task: {BFA30143-2CDC-42E1-ACFF-2C04F9D9D34D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {9057003C-7E97-4E53-A987-7EE575077315} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {7E4E05A7-ABC0-49C9-A04B-D02D283F0353} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2118144 2025-02-08] () [File not signed]
Task: {579256A2-B30F-436D-98B1-90CF3078BF25} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [684096 2025-03-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {78DD6804-7004-4363-9F96-5B12184EC326} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [725568 2025-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {93565479-7297-47CE-AC02-E93034BF76CB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [725568 2025-03-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {E8A6BC36-040D-42D7-BEB7-F58B75595487} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3227472 2013-08-20] (Nero AG -> Nero AG)
Task: {282DC89C-1417-4BE6-93EC-9610E7340876} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [8693352 2025-01-24] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {96BBBA5A-B59F-40B3-B1A1-0646B6A3D4F0} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [6077544 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid 84195f1c-cda2-410b-9eec-00cccc3ac0af
Task: {8C098234-CC0B-4CA3-824D-4404749F0BFC} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2566760 2025-01-02] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {510FA074-B29B-48CC-AF47-62053A5F92D4} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5279848 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7807FB52-31AD-4D76-B787-FC6CE19C599D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7807FB52-31AD-4D76-B787-FC6CE19C599D}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{89C42099-44F4-427E-84B1-184E648CF327}: [NameServer] 10.252.0.0
Tcpip\..\Interfaces\{AED2BC6C-DEC5-4B89-8442-888AAE89882F}: [NameServer] 10.9.0.1
Tcpip\..\Interfaces\{C6100843-7139-4411-A0D4-A8230BD04ECB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C6100843-7139-4411-A0D4-A8230BD04ECB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EFC0BC5C-2049-4DAA-8886-3F99972202E4}: [NameServer] 8.8.8.8

FireFox:
========
FF DefaultProfile: bbmxikm6.default-1500151254905
FF ProfilePath: C:\Users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 [2025-03-18]
FF Homepage: Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 -> moz-extension://16fe61a7-8a8a-46eb-b015-80d59906cdff/homePage.html
FF NewTab: Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905 -> Disabled: nortonsafesearch_ul_2@symantec.com
FF Extension: (Norton Home Page) - C:\Users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\Extensions\nortonhomepage@symantec.com.xpi [2024-12-23] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2024-12-23] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\Extensions\nortonsafeweb@symantec.com.xpi [2025-01-13]
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2019-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-27] (CANON INC.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG -> Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default [2025-03-18]
CHR Notifications: Default -> hxxps://36icufrredxfn6.enhanceconnection.co.in; hxxps://3coj5unzs4wjur.enhanceconnection.co.in; hxxps://5vmi4ssitorwnk.enhanceconnection.co.in; hxxps://bxqra9a1711pju.enhanceconnection.co.in; hxxps://club.autodoc.cz; hxxps://cuae64u071bc73c40vsg.protocolchainflow.com; hxxps://cuae7am071bc73c425h0.enhanceconnection.co.in; hxxps://cuae7g6071bc73c42ba0.protocolchainflow.com; hxxps://cub1bs6071bc73ckocag.enhanceconnection.co.in; hxxps://cub1kkm071bc73cl1amg.enhanceconnection.co.in; hxxps://cudqgdu071bc73euiuj0.enhanceconnection.co.in; hxxps://cudqghu071bc73euj2fg.protocolchainflow.com; hxxps://cudqigu071bc73eul9ig.enhanceconnection.co.in; hxxps://cudqilu071bc73eulf4g.protocolchainflow.com; hxxps://datanodes.to; hxxps://ixzc4t.cipaineutti.com; hxxps://r3e3ckp8an73yq.enhanceconnection.co.in; hxxps://vjr2ws.parthonylogles.com; hxxps://xfmvc6zgsv3gsl.enhanceconnection.co.in; hxxps://xys4dbprmekzdd.enhanceconnection.co.in; hxxps://ytb3qzyl3e9s5a.enhanceconnection.co.in
CHR HomePage: Default -> hxxp://seznam.cz/
CHR NewTab: Default -> Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://searchsafe.norton.com/search?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit= ... f&hl=cs&q={searchTerms}
CHR Extension: (Free Download Manager) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2025-02-13]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Omega Ad Blocker) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoognjkkhapcjkfnakpddcciddcfbjcd [2025-01-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adblock Bear - Blokujte invazivní reklamy) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiknemhndplpgnnnjjjhphhembfojec [2025-03-04]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-10]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-03-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Norton Home Page) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2024-08-30]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Norton Safe) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2024-10-22]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-05]hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Skype Software Sarl -> Microsoft Corporation)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] (Canon Inc. -> )
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 nllbIDSAgent; C:\Program Files\Norton\Suite\aswidsagent.exe [7758440 2025-02-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [807016 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Firewall; C:\Program Files\Norton\Suite\afwServ.exe [2431592 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1258600 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 nortonAvDumper64; C:\Program Files\Norton\Suite\AvDump.exe [3534440 2025-02-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [13031016 2025-02-18] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonWscReporter; C:\Program Files\Norton\Suite\wsc_proxy.exe [76552 2025-01-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-24] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] (Even Balance, Inc. -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15942192 2025-03-11] (ADLICE -> )
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [617160 2016-03-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co.,Ltd)
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-07-07] (Acronis, Inc -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13273104 2020-10-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [140056 2021-05-26] (Guillemot Recherche et Développement, Inc -> Thrustmaster®)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [450496 2024-08-21] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1022040 2024-08-21] (Urban Cyber Security Inc. -> Urban Security)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> )
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [138568 2012-08-20] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [416072 2012-08-20] (MCCI Corporation -> ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. -> )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2011-01-02] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVCIDrv64.sys [24672 2019-12-09] (GIGA-BYTE Technology Co., Ltd. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2021-01-21] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R0 nllArDisk; C:\Windows\System32\drivers\nllArDisk.sys [20536 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllArPot; C:\Windows\System32\drivers\nllArPot.sys [235064 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllbidsdriver; C:\Windows\System32\drivers\nllbidsdriver.sys [384080 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbidsh; C:\Windows\System32\drivers\nllbidsh.sys [295992 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbuniv; C:\Windows\System32\drivers\nllbuniv.sys [84536 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllKbd; C:\Windows\System32\drivers\nllKbd.sys [28728 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllMonFlt; C:\Windows\System32\drivers\nllMonFlt.sys [276536 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllNetHub; C:\Windows\System32\drivers\nllNetHub.sys [553016 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 nllNetNd6; C:\Windows\System32\DRIVERS\nllNetNd6.sys [23456 2025-01-02] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.)
R1 nllRdr; C:\Windows\System32\drivers\nllRdr2.sys [98360 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllRvrt; C:\Windows\System32\drivers\nllRvrt.sys [69712 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSnx; C:\Windows\System32\drivers\nllSnx.sys [956472 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSP; C:\Windows\System32\drivers\nllSP.sys [1425976 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 nllStm; C:\Windows\System32\drivers\nllStm.sys [206904 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllVmm; C:\Windows\System32\drivers\nllVmm.sys [383032 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 nllVpnRdr; C:\Windows\System32\drivers\nllVpnRdr.sys [85584 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifelock Inc.)
R3 nllWintun; C:\Windows\System32\DRIVERS\nllWintun.sys [40640 2025-01-02] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.)
R3 nllWireGuard; C:\Windows\System32\DRIVERS\nllWireguard.sys [174680 2025-01-02] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (SOMAGIC (HANGZHOU) TECHNOLOGY CO., LTD. -> Windows (R) Win 7 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2014-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30720 2019-10-31] (OpenVPN Inc. -> The OpenVPN Project)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [419096 2021-05-26] (Guillemot Recherche et Développement, Inc -> Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [45848 2021-05-26] (Guillemot Recherche et Développement, Inc -> © Guillemot R&D, 2021. All rights reserved.)
S3 tmwbulk; C:\Windows\System32\Drivers\tmwbulk.sys [290816 2019-10-22] (Guillemot Recherche et Développement, Inc -> © Guillemot R&D, 2018. All rights reserved.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Windows Central Build Account - X -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\WinSCP.lnk"
Error Reading file: "C:\ProgramData\Desktop\Winamp.lnk"
Error Reading file: "C:\ProgramData\Desktop\VLC media player.lnk"
Error Reading file: "C:\ProgramData\Desktop\Ulead VideoStudio SE DVD.lnk"
Error Reading file: "C:\ProgramData\Desktop\Total Commander.lnk"
Error Reading file: "C:\ProgramData\Desktop\Stronghold Crusader HD.lnk"
Error Reading file: "C:\ProgramData\Desktop\Stronghold Crusader Extreme HD.lnk"
Error Reading file: "C:\ProgramData\Desktop\Steam.lnk"
Error Reading file: "C:\ProgramData\Desktop\SD Card Formatter.lnk"
Error Reading file: "C:\ProgramData\Desktop\Registrace uživatele zařízení Canon MP270 series.LNK"
Error Reading file: "C:\ProgramData\Desktop\PotPlayer 64 bit.lnk"
Error Reading file: "C:\ProgramData\Desktop\Pandora Recovery.lnk"
Error Reading file: "C:\ProgramData\Desktop\Norton 360.lnk"
Error Reading file: "C:\ProgramData\Desktop\Nero 2014.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImgBurn.lnk"
Error Reading file: "C:\ProgramData\Desktop\Horizon.lnk"
Error Reading file: "C:\ProgramData\Desktop\Google Chrome.lnk"
Error Reading file: "C:\ProgramData\Desktop\Free Download Manager.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\DAEMON Tools Lite.lnk"
Error Reading file: "C:\ProgramData\Desktop\Canon Solution Menu.lnk"
Error Reading file: "C:\ProgramData\Desktop\Canon My Printer.lnk"
Error Reading file: "C:\ProgramData\Desktop\Canon MP270 series Příručka online.lnk"
Error Reading file: "C:\ProgramData\Desktop\Canon MP Navigator EX 3.0.lnk"
Error Reading file: "C:\ProgramData\Desktop\Canon Easy-PhotoPrint EX.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adlice Protect.lnk"
2025-03-18 18:35 - 2025-03-18 18:35 - 000040177 _____ C:\Users\Martys\Desktop\FRST.txt
2025-03-18 18:34 - 2025-03-18 18:35 - 000000000 ____D C:\FRST
2025-03-18 18:34 - 2025-03-18 18:34 - 002404352 _____ (Farbar) C:\Users\Martys\Desktop\FRST64.exe
2025-03-18 18:18 - 2025-03-18 18:18 - 000001020 _____ C:\Users\Martys\Desktop\JRT.txt
2025-03-18 17:55 - 2025-03-18 17:55 - 001790024 _____ (Malwarebytes) C:\Users\Martys\Desktop\JRT.exe
2025-03-18 17:45 - 2025-03-18 18:02 - 000000818 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-03-18 17:45 - 2025-03-18 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-03-18 17:45 - 2025-03-18 18:02 - 000000000 ____D C:\Program Files\RogueKiller
2025-03-18 17:45 - 2025-03-18 17:56 - 000000000 ____D C:\ProgramData\RogueKiller
2025-03-18 17:44 - 2025-03-18 16:44 - 051488976 _____ (Adlice Software ) C:\Users\Martys\Desktop\RogueKiller_setup.exe
2025-03-18 16:38 - 2025-03-18 17:52 - 000000000 ____D C:\AdwCleaner
2025-03-18 16:34 - 2025-03-18 16:32 - 002834160 _____ (Malwarebytes) C:\Users\Martys\Desktop\MBSetup.exe
2025-03-18 16:34 - 2025-03-18 16:20 - 008791352 _____ (Malwarebytes) C:\Users\Martys\Desktop\adwcleaner.exe
2025-03-18 16:34 - 2025-03-18 16:20 - 001904096 _____ ( ) C:\Users\Martys\Desktop\adwcleaner-8.4.0-installer_U-gGFm1.exe
2025-03-18 16:28 - 2025-03-18 16:28 - 001904096 _____ ( ) C:\Users\Martys\Desktop\adwcleaner-8.4.0-installer_u-VkCv1.exe
2025-03-18 16:25 - 2025-03-18 16:25 - 000001025 _____ C:\Users\Public\Desktop\WinSCP.lnk
2025-03-18 16:22 - 2025-03-18 16:22 - 000002026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2025-03-18 16:22 - 2025-03-18 16:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\UC.PIF
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\RAR.PIF
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\PKZIP.PIF
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\PKUNZIP.PIF
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\LHA.PIF
2025-03-18 16:21 - 2025-02-19 11:51 - 000000545 _____ C:\Windows\ARJ.PIF
2025-03-18 16:20 - 2025-03-18 16:20 - 000000943 _____ C:\Users\Public\Desktop\Winamp.lnk
2025-03-18 16:19 - 2025-03-18 16:19 - 000003242 _____ C:\Windows\system32\Tasks\klcp_update
2025-03-18 16:19 - 2025-03-18 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2025-03-18 16:19 - 2025-03-18 16:19 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2025-03-18 16:02 - 2025-03-18 16:03 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2025-03-18 16:02 - 2025-03-18 16:02 - 000001747 _____ C:\Users\Martys\Desktop\CrystalDiskInfo.lnk
2025-03-18 16:02 - 2025-03-18 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2025-03-14 16:02 - 2025-03-18 18:15 - 000003266 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-03-14 16:02 - 2025-03-18 18:15 - 000000670 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-03-12 17:15 - 2025-03-18 16:52 - 000000000 ____D C:\Users\Martys\AppData\Local\AVG
2025-03-11 18:32 - 2025-03-14 21:22 - 000000000 ____D C:\Users\Martys\AppData\Local\Adobe
2025-03-11 18:25 - 2025-03-11 18:25 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2025-03-08 21:06 - 2025-03-08 21:04 - 000388608 _____ (Trend Micro Inc.) C:\Users\Martys\Desktop\HijackThis.exe
2025-03-08 19:34 - 2025-03-08 20:07 - 000000000 ____D C:\Users\Martys\Documents\Xenia
2025-03-07 18:21 - 2025-03-07 18:22 - 000000000 ____D C:\Users\Martys\Desktop\Nová složka
2025-03-07 16:46 - 2025-03-11 17:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2025-02-21 16:49 - 2025-02-21 16:49 - 027373022 _____ C:\Users\Martys\Desktop\setup_game_276.zip
2025-02-21 16:49 - 2025-02-21 16:49 - 000000000 ____D C:\Users\Martys\AppData\Roaming\rhj_tool_alpha
2025-02-21 16:49 - 2025-02-21 16:49 - 000000000 ____D C:\Users\Martys\AppData\Roaming\RenPy

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-18 18:22 - 2014-05-03 01:11 - 000000000 ____D C:\Program Files (x86)\Google
2025-03-18 18:21 - 2009-07-14 05:45 - 000022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2025-03-18 18:21 - 2009-07-14 05:45 - 000022656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2025-03-18 18:20 - 2009-07-14 16:18 - 000672158 _____ C:\Windows\system32\perfh005.dat
2025-03-18 18:20 - 2009-07-14 16:18 - 000142754 _____ C:\Windows\system32\perfc005.dat
2025-03-18 18:20 - 2009-07-14 06:13 - 001593302 _____ C:\Windows\system32\PerfStringBackup.INI
2025-03-18 18:20 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2025-03-18 18:16 - 2014-05-03 01:18 - 000000000 ____D C:\ProgramData\NVIDIA
2025-03-18 18:15 - 2020-05-09 15:18 - 000000000 ____D C:\Program Files (x86)\Steam1
2025-03-18 18:14 - 2022-02-21 18:55 - 000000000 ____D C:\ProgramData\Norton
2025-03-18 18:14 - 2014-03-26 19:49 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-03-18 18:14 - 2014-03-06 00:09 - 000000000 ____D C:\Program Files\CCleaner
2025-03-18 18:12 - 2023-05-31 12:29 - 010485760 _____ C:\vgaexte.dat
2025-03-18 18:12 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-03-18 17:37 - 2016-06-15 14:18 - 000000000 ____D C:\ProgramData\Avg
2025-03-18 17:37 - 2014-03-13 17:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-18 16:52 - 2016-06-16 19:05 - 000000000 ____D C:\Users\Martys\AppData\Roaming\AVG
2025-03-18 16:29 - 2020-03-10 21:04 - 000000000 ____D C:\Users\Martys\AppData\Local\CrashDumps
2025-03-18 16:25 - 2021-05-27 11:20 - 000001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2025-03-18 16:25 - 2021-05-27 11:20 - 000000128 _____ C:\Users\Martys\AppData\Roaming\winscp.rnd
2025-03-18 16:25 - 2021-05-27 11:20 - 000000000 ____D C:\Program Files (x86)\WinSCP
2025-03-18 16:24 - 2016-12-21 21:00 - 000000000 ____D C:\Program Files\Java
2025-03-18 16:24 - 2014-06-16 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2025-03-18 16:22 - 2022-12-21 19:23 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-03-18 16:22 - 2014-03-13 17:47 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-18 16:22 - 2014-03-08 01:55 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2025-03-18 16:22 - 2014-03-06 00:14 - 000000000 ____D C:\Program Files\totalcmd
2025-03-18 16:21 - 2021-11-27 13:16 - 000000000 ____D C:\ProgramData\Package Cache
2025-03-18 16:20 - 2022-03-02 16:53 - 000000000 ____D C:\Users\Martys\AppData\Local\Norton
2025-03-18 16:20 - 2014-03-14 18:00 - 000000000 ____D C:\Program Files (x86)\Winamp
2025-03-14 16:30 - 2022-12-21 19:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-14 16:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2025-03-11 17:55 - 2022-10-13 18:13 - 000002019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2025-03-08 19:45 - 2014-03-07 00:43 - 000000000 ____D C:\Users\Martys\AppData\Roaming\vlc
2025-03-08 19:40 - 2019-08-04 18:54 - 000000000 ____D C:\Users\Martys\AppData\Roaming\Anvsoft
2025-03-04 17:32 - 2014-03-06 13:30 - 000000000 ____D C:\ProgramData\CanonIJPLM
2025-02-21 16:34 - 2019-11-07 23:29 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2025-02-18 11:46 - 2025-01-02 20:20 - 000055064 _____ (Gen Digital Inc.) C:\Windows\system32\icarus_rvrt.exe

==================== Files in the root of some directories ========

2021-03-18 15:01 - 2022-11-01 19:22 - 000000040 _____ () C:\Users\Martys\AppData\Roaming\cdr.ini
2019-07-10 21:41 - 2019-07-10 21:50 - 000011348 _____ () C:\Users\Martys\AppData\Roaming\downloads.json
2014-03-07 12:43 - 2021-03-02 20:02 - 000099384 _____ () C:\Users\Martys\AppData\Roaming\inst.exe
2002-08-29 16:33 - 2002-08-29 16:33 - 000319488 ____R () C:\Users\Martys\AppData\Roaming\MafiaSetup.exe
2014-03-07 12:43 - 2021-03-02 20:02 - 000007859 _____ () C:\Users\Martys\AppData\Roaming\pcouffin.cat
2014-03-07 12:43 - 2021-03-02 20:02 - 000001167 _____ () C:\Users\Martys\AppData\Roaming\pcouffin.inf
2014-03-07 12:43 - 2021-03-02 20:02 - 000082816 _____ (VSO Software) C:\Users\Martys\AppData\Roaming\pcouffin.sys
2014-03-07 12:44 - 2016-01-31 10:40 - 000000668 _____ () C:\Users\Martys\AppData\Roaming\vso_ts_preview.xml
2021-05-27 11:20 - 2025-03-18 16:25 - 000000128 _____ () C:\Users\Martys\AppData\Roaming\winscp.rnd
2014-04-04 22:14 - 2014-04-04 22:14 - 000003584 _____ () C:\Users\Martys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 09:58 - 2015-05-30 09:02 - 000149888 _____ () C:\Users\Martys\AppData\Local\MRDownloader.err
2014-05-28 23:28 - 2015-06-19 15:51 - 000001120 _____ () C:\Users\Martys\AppData\Local\MRDownloader.nast
2016-01-08 23:45 - 2025-01-04 22:38 - 000007666 _____ () C:\Users\Martys\AppData\Local\Resmon.ResmonCfg
2022-12-22 18:18 - 2022-12-22 18:18 - 000000000 _____ () C:\Users\Martys\AppData\Local\{D53D59BD-D5FE-41CB-99A4-85B7A10AB473}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2025-03-13 16:20
==================== End of FRST.txt ========================

[Marťan]

Addition log má 976 000 znaků, kolik se vejde do zprávy, 60 000?, to mám rozdělit?, to bude hodně zpráv

[jaro3]

Co ten malwarebytes?

AVG, Avast a další..Špatně odinstalováno!

Ten log addition.txt někam postni a vlož jen odkaz.

A tohle Ti něco říká:

CHR Notifications: Default -> hxxps://36icufrredxfn6.enhanceconnection.co.in; hxxps://3coj5unzs4wjur.enhanceconnection.co.in; hxxps://5vmi4ssitorwnk.enhanceconnection.co.in; hxxps://bxqra9a1711pju.enhanceconnection.co.in; hxxps://club.autodoc.cz; hxxps://cuae64u071bc73c40vsg.protocolchainflow.com; hxxps://cuae7am071bc73c425h0.enhanceconnection.co.in; hxxps://cuae7g6071bc73c42ba0.protocolchainflow.com; hxxps://cub1bs6071bc73ckocag.enhanceconnection.co.in; hxxps://cub1kkm071bc73cl1amg.enhanceconnection.co.in; hxxps://cudqgdu071bc73euiuj0.enhanceconnection.co.in; hxxps://cudqghu071bc73euj2fg.protocolchainflow.com; hxxps://cudqigu071bc73eul9ig.enhanceconnection.co.in; hxxps://cudqilu071bc73eulf4g.protocolchainflow.com; hxxps://datanodes.to; hxxps://ixzc4t.cipaineutti.com; hxxps://r3e3ckp8an73yq.enhanceconnection.co.in; hxxps://vjr2ws.parthonylogles.com; hxxps://xfmvc6zgsv3gsl.enhanceconnection.co.in; hxxps://xys4dbprmekzdd.enhanceconnection.co.in; hxxps://ytb3qzyl3e9s5a.enhanceconnection.co.in

:\Users\Martys\AppData\Roaming\rhj_tool_alpha

??

[Marťan]

Malwarebytes kliknu, čekám i 15minut a nespustí se, cos mi poslal tak mi nic neříka a log uložen zde https://webshare.cz/#/group/qjKD7MCcsy/

[jaro3]

Těch programů..

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5C920335-0E62-4A44-9514-F93B59EF6A08} - System32\Tasks\{02E7D422-0A7D-46A9-900C-BE172CFE1ADD} => H:\TRIPEAKS.EXE (No File)
Task: {378E8122-46B7-4FF3-B10C-1A9244A80021} - System32\Tasks\{1D4B9533-9B47-4633-ABF8-5913524D40A7} => H:\TRIPEAKS.EXE (No File)
Task: {C6C61DDB-75E5-4582-827B-48EC27633CDE} - System32\Tasks\{3BB29E29-89E2-4D7E-87D1-20C4E5C58DBA} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {7F7A154A-A664-4687-B613-CE242777D14C} - System32\Tasks\{7021D46B-A7A0-4450-9A63-04629FDB7890} => D:\Hry\Stronghold Crusader.exe (No File)
Task: {7F6A7438-8F2D-482F-BB36-AEC4DB23F04D} - System32\Tasks\{741FC4DC-37F7-4AB2-B68F-6A84FF976976} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {73AE571F-BC46-409B-B6F6-A6684B15A651} - System32\Tasks\{79E5A4C2-617A-47E6-9E1D-40A01B2E34E6} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {EE5264F2-B73B-4624-AEA3-07744B6A318D} - System32\Tasks\{91873097-9570-4935-A5BD-A587293D815C} => D:\Hry\Stronghold Crusader.exe (No File)
Task: {D8CEF72E-9249-4C5A-8E83-D4273B097038} - System32\Tasks\{A2222AAB-28A5-4926-A207-781DB4573E71} => H:\TRIPEAKS.EXE (No File)
Task: {7702DA08-3D66-4576-8A93-B3C28B20C69C} - System32\Tasks\{BEE85EDE-72F1-479E-9520-9B460B819221} => H:\TRIPEAKS.EXE (No File)
Task: {10FEBC30-8818-4A65-8C07-F426B6B9AF86} - System32\Tasks\{CC1E3A4C-4674-4791-82ED-E0CC37CAE6F2} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {F1E94BB2-E773-4275-853F-EE11B268F220} - System32\Tasks\{CC39261F-A5FF-4DAF-A529-5FA5B3A9D27E} => H:\TRIPEAKS.EXE (No File)
Task: {EA10E55E-68D6-4C48-AEBD-89C6EE90C742} - System32\Tasks\{CF7222DB-83A4-4D01-A7CF-CA483951D7D5} => D:\Hry\Grand Theft Auto IV\GTAIV.exe (No File)
Task: {E3A7D4C3-0038-4E3C-961D-93EAF04F2BE5} - System32\Tasks\{D6D98709-5979-4818-B7DF-7C5A0297ABCC} => D:\Hry\Stronghold\Stronghold.exe (No File)
Task: {250AECC2-1410-4D61-B8DF-4C3A998CFFB5} - System32\Tasks\{FF292F72-3998-413C-84E2-CFD64D2E1FED} => H:\TRIPEAKS.EXE (No File)
Task: {F9C04323-6504-45FB-A0BA-C7FBF1EA1818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
Task: {33F92772-5A9F-4195-9F89-583C17EC9E23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc -> Google Inc.)
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\Users\Martys\AppData\Local\AVG
C:\Program Files (x86)\AVAST Software
C:\Users\Martys\AppData\Roaming\AVG
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
Toolbar: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> http://www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> http://www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> http://www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> http://www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> http://www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> http://www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> http://www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> http://www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> http://www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> http://www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> http://www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> http://www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> http://www.1importantiamreal.com
Virustotal: C:\Windows\system32\icarus_rvrt.exe
There are 7844 more sites.

IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\123topsearch.com -> http://www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\125sms.co.uk -> http://www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\125sms.com -> http://www.125sms.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\132.com -> http://www.132.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1337-crew.to -> http://www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1337crew.info -> http://www.1337crew.info
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\150freesms.de -> http://www.150freesms.de
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\17concepts.info -> http://www.17concepts.info
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1800searchonline.com -> http://www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\180searchassistant.com -> http://www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1987324.com -> http://www.1987324.com
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1ghporn.info -> http://www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2131128835-2277457285-3308782453-1000\...\1importantiamreal.com -> http://www.1importantiamreal.com
There are 7842 more sites.

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Tohle znáš:

CHR Notifications: Default -> hxxps://36icufrredxfn6.enhanceconnection.co.in; hxxps://3coj5unzs4wjur.enhanceconnection.co.in; hxxps://5vmi4ssitorwnk.enhanceconnection.co.in; hxxps://bxqra9a1711pju.enhanceconnection.co.in; hxxps://club.autodoc.cz; hxxps://cuae64u071bc73c40vsg.protocolchainflow.com; hxxps://cuae7am071bc73c425h0.enhanceconnection.co.in; hxxps://cuae7g6071bc73c42ba0.protocolchainflow.com; hxxps://cub1bs6071bc73ckocag.enhanceconnection.co.in; hxxps://cub1kkm071bc73cl1amg.enhanceconnection.co.in; hxxps://cudqgdu071bc73euiuj0.enhanceconnection.co.in; hxxps://cudqghu071bc73euj2fg.protocolchainflow.com; hxxps://cudqigu071bc73eul9ig.enhanceconnection.co.in; hxxps://cudqilu071bc73eulf4g.protocolchainflow.com; hxxps://datanodes.to; hxxps://ixzc4t.cipaineutti.com; hxxps://r3e3ckp8an73yq.enhanceconnection.co.in; hxxps://vjr2ws.parthonylogles.com; hxxps://xfmvc6zgsv3gsl.enhanceconnection.co.in; hxxps://xys4dbprmekzdd.enhanceconnection.co.in; hxxps://ytb3qzyl3e9s5a.enhanceconnection.co.in

?