|
Log-Analyse und Auswertung: PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.10.2019, 22:40 | #1 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht Liebe Helfer, nachdem ich eine PUP Fund mit adware gelöscht habe taucht er nach einiger Zeit wieder auf. Die Systemwiederherstellung funktioniert nicht mehr, DVDs werden nicht mehr gelesen. ESET, malwarebytes und antivir haben nichts gefunden. Das System ist auch langsamer geworden und die Festplatte wird immer wieder angesprochen. Auch merkt man immer wieder Datenverkehr im Hintergrund (DSL-Manager). Ich würde mich über Hile sehr freuen. Viele Grüße Euer sehr Grosserdummi. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2019 02 durchgeführt von ***** (Administrator) auf *****-PC (MEDIONPC MS-7708) (16-10-2019 22:31:03) Gestartet von C:\Users\Andi\Desktop Geladene Profile: ***** & Andi (Verfügbare Profile: ***** & Andi) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.RealTime.Client.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.RealTimeOptimizer.exe (CYBERGHOST S.A. -> CyberGhost S.A.) C:\Program Files\CyberGhost 7\CyberGhost.Service.exe (devolo AG -> devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe (N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe (N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpsec.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Protexis Inc. -> Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] C:\Program Files\DSL-Manager\DslMgrSvc.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation -> Intel Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267576 2019-05-07] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [227168 2019-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira System Speedup User Starter] => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331016 2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\Run: [] => [X] HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD) [Datei ist nicht signiert] HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-05] (Google Inc -> Google Inc.) HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{B4841AC3-BB3F-4bbf-8F90-E25B45EF4CB4}] -> C:\Windows\system32\NcpCredentialProvider.dll [2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0AA50FC8-7A78-4181-8C8D-879DAECB83E0} - System32\Tasks\ScanToPCActivationApp.exe_{7A2752E8-41BF-446B-BCC9-FAC7AE6D0787} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {1328E01E-02FE-4908-8A50-720DBC0F3042} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [3159368 2016-11-07] (N C P e GmbH Network Communications Products engineering -> ) Task: {218B5C72-8DC3-4312-ABB6-E2C833ABA9BD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [26062808 2019-10-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG ) Task: {2C44FCF8-BCF7-47C5-A256-3556C2FABD65} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331016 2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {2E30107C-3A9C-4B91-BD85-AADE9C3DE5F5} - System32\Tasks\FaxApplications.exe_{86438813-AECB-4D0A-AAD9-F0F8D1B66461} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\FaxApplications.exe [2863720 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {4512EB18-82C0-4B13-943F-B9AA5D048D89} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{1B78D916-9DF3-417A-918B-A94B46D1E6FA} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {46C9FC76-8D4E-4D48-A3F6-923D811E48FE} - System32\Tasks\ScanToPCActivationApp.exe_{67FA5A8A-DD4A-4BBE-9838-909C8530A603} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [2610696 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {485CCF89-70C9-410C-A5A0-267BE629806F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {4D7AC085-0160-481A-9529-DDEED6D899FE} - System32\Tasks\HPCustPartic.exe_{3A2C75DE-F318-4570-BB2A-675FD594725C} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {51BAA260-CDBA-4865-942A-03C2D2B61F13} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{FE492128-87C2-480B-A531-282CE465E9A0} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {6133947C-F64E-4C99-A644-3C4FB0D8CB44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {6234A8B6-0BF5-4932-82B2-661208127FA2} - System32\Tasks\Toolbox.exe_{25A8E04B-2A10-4028-BC46-55E049707F83} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\Toolbox.exe [4102152 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {680AC6D9-DE1C-4D25-93C6-8C210A5F3821} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [2167112 2016-11-07] (N C P e GmbH Network Communications Products engineering -> ) Task: {747DF87E-EDDD-4062-88DA-45693886C6A8} - System32\Tasks\FaxApplications.exe_{6BC6E2B3-116C-400A-9063-A759C08B555D} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\FaxApplications.exe [3835912 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {79323855-6713-41CE-B5D4-B11FA88F767C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.) Task: {79B47647-F66E-4D32-BB86-892229C4251C} - System32\Tasks\AdwCleaner_onReboot => C:\Dateien alter WindowsME PC\Hörl\Downloads Internet\Virusscanner\adware\adwcleaner_7.4.1.exe [7636680 2019-09-10] (Malwarebytes Inc -> Malwarebytes) Task: {7E0C4354-C1B7-4EBD-B126-6E97AFC19046} - System32\Tasks\HPCustPartic.exe_{6BAC4913-62D1-4175-B774-8F91CF35F276} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.) Task: {7F792889-A5B8-47BD-A14C-9417C9D917FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {84540620-3C0C-4881-A9DA-BF9FE69BEDE1} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.) Task: {8B03B8F6-548B-41FF-891E-0D0A25A86AF7} - System32\Tasks\FaxApplications.exe_{C40C909F-36AC-47DB-A108-025AF0D8DFE0} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\FaxApplications.exe [2863720 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {8D3AB6B2-743F-49D7-91A8-B6A88E427949} - System32\Tasks\Toolbox.exe_{508CE650-4627-49EF-90FE-40E1C5F169F1} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\Toolbox.exe [2903144 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {93080E14-9AA5-461A-9937-034B28E332A1} - System32\Tasks\{6BCFD55A-AA69-4B44-B289-410D926768AF} => E:\SETUP.EXE Task: {9705054C-B3F2-4FAE-8988-046A9879FF63} - System32\Tasks\HPCustPartic.exe_{AB82E144-D9AF-4416-94A0-87809A95B6EF} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.) Task: {995863CB-C2B0-4941-8E8E-E21E3B042035} - System32\Tasks\{3133D293-CE5A-4DBD-A784-304AA30B073E} => E:\Setup.exe Task: {9BBCF488-9DB2-4F3B-B740-795020380835} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{2DD55BA1-6B12-4297-8ECB-974022D20420} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {A700ED6E-7C85-4174-8908-8FDA97D2C242} - System32\Tasks\{469EEBD4-DEF3-4F8A-B87C-FC531AD88183} => E:\SETUP.EXE Task: {A81258D8-37B2-49BF-A1DE-D7E476CF502D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation) Task: {B213F190-DE0D-44A6-9317-78A02C5F728E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.) Task: {B21DB96B-1ACF-43F6-9284-37CC8C083468} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{E0B8F529-EFEB-42D7-9E37-9F8E37054E9D} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {CABE9DDA-96B9-44E0-82B7-4C213AB017E8} - System32\Tasks\HPCustPartic.exe_{A8CB3E2E-7110-4439-81C8-9E211A306D06} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {D3A19ABC-4CDF-4543-9FE2-4A1DE8015886} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.) Task: {DF850EF1-E84A-411E-A83F-D0ED30EC1064} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2759024 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {E2584395-4D90-498B-98E6-418CF59D4C04} - System32\Tasks\ScanToPCActivationApp.exe_{8E75C518-6072-4DDB-BBE8-06B3AB2E30D4} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {E8A1B084-D8DF-49C2-8F35-2C7A6BFF4F1B} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.) Task: {F3FFA226-9ACA-4950-A778-56FE47E9ED4A} - System32\Tasks\{7DF065F9-3712-42CF-9197-263042AA4568} => E:\SETUP.EXE Task: {F9789991-7F8C-4A28-A5E0-E823E240FBE6} - System32\Tasks\Toolbox.exe_{46E57D55-60CB-42D9-A115-8B107DD632D8} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\Toolbox.exe [2903144 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mg.mail.yahoo.com/neo/launch?.rand=ei7428lvqlr9r hxxp://www.freemail.de/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {1120228E-D747-4D08-A4B4-4B4D82EF12AD} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {4548E562-7A1E-4DB5-9F68-DF4F97394503} URL = hxxp://www.clipfish.de/suche/{searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {4A8CD86C-18D5-4073-8416-F68A43F52E87} URL = hxxp://suche.sueddeutsche.de/{searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {66C0BCA5-1BE9-4E26-89B2-51AE787EC92D} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {670BB114-C750-49E9-B008-7689F7FE314E} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {68E59624-F3B4-44BF-B1BC-B4ED45A03BE2} URL = hxxp://www.benefind.de/result.html?q={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {77ED0AA8-A539-45AE-A9FA-E9668CBEB5CE} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {7D91603D-30F7-4A9E-B440-EFC1DD739FBF} URL = hxxp://www.pressini.de/results.htm SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {81C14EE5-F013-49E8-8B98-C4902DCFC1E6} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {93B89ADF-09AF-48E7-A036-4C87EA38222A} URL = hxxp://www.ricardo.ch/search/search.asp?txtSearch={searchTerms}&Catg=1&InTitleAndDesc=1 SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {C84A2359-04D5-457E-9EE6-F8A6B83AED8C} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {CCCFB525-7E19-4B5B-AA48-A42A022AD63A} URL = hxxp://www.druckbesser.de/index.php?pg=drucksachen-profisuche&suchbegriff={searchTerms}#ergebnisse SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {DCF61ACB-0471-47B4-9C6B-691C3AF47874} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {E5DF8F95-23A0-48E1-BE5C-F7B9B11F0924} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {E903553E-CFE2-4E90-B3C0-D204F60459C5} URL = hxxp://www.fancity.eu/{searchTerms} SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {EBD97CF0-28E6-44C7-BA95-53C59781FB5A} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {F72B4A0F-F740-4E1C-842B-48145C388209} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {F7E29EF4-E9FD-40F1-923C-5C40A5A3F888} URL = hxxp://www.youtube.de/results?search_query={searchTerms} BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC -> DivX, LLC) BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) Toolbar: HKU\S-1-5-21-2637316431-523064892-2508072546-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) Toolbar: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.) DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 27w45164.default FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\27w45164.default [2019-10-12] FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\dvyugvfq.default-release [2019-10-12] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-30] [Legacy] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-10-25] [Legacy] [ist nicht signiert] FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: (Freemake Youtube Download Button) - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-10-25] [Legacy] [ist nicht signiert] FF HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter => nicht gefunden FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-18] (Adobe Systems Incorporated -> ) FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) [Datei ist nicht signiert] FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC -> DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-11-05] (Samsung Electronics CO., LTD. -> Samsung) FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npagee.dll [2015-07-08] Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-25] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareService.exe [542896 2019-02-13] (Adaware Software -> ) R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems) S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [401800 2013-10-11] (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert] R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1209328 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [483408 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [483408 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [500272 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [586176 2019-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989536 2019-08-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 CG7Service; C:\Program Files\CyberGhost 7\CyberGhost.Service.exe [93904 2019-08-21] (CYBERGHOST S.A. -> CyberGhost S.A.) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [4981936 2019-04-23] (devolo AG -> devolo AG) S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [Datei ist nicht signiert] S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG -> Nero AG) R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [768328 2016-11-07] (N C P e GmbH Network Communications Products engineering -> ) R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [2791240 2016-11-07] (N C P e GmbH Network Communications Products engineering -> ) R2 ncpsec; C:\Program Files\LANCOM\Advanced VPN Client\ncpsec.exe [461128 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH) S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-11-05] (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154760 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer -> TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5586432 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [209920 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [32064 2014-01-23] (MCCI Internal Testing Software -> Google Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG (kein ServiceDLL) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [87568 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [50728 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153280 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [171568 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36688 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60360 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [33280 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [43624 2017-03-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [261920 2015-07-09] (Citrix Systems, Inc. -> Citrix Systems, Inc.) R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH -> T-Systems Enterprise Services GmbH) S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [99432 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP Engineering GmbH) R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [99432 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP Engineering GmbH) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [36624 2019-04-23] (devolo AG -> Riverbed Technology, Inc.) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [181384 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [378336 2018-05-02] (Bitdefender SRL -> BitDefender S.R.L.) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech -> Logitech Inc.) S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech -> Logitech Inc.) S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech -> Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech -> Logitech Inc.) U3 aswbdisk; kein ImagePath S3 avfwim; system32\DRIVERS\avfwim.sys [X] S1 avfwot; system32\DRIVERS\avfwot.sys [X] S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X] <==== ACHTUNG S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2019-10-16 22:31 - 2019-10-16 22:33 - 000039662 _____ C:\Users\Andi\Desktop\FRST.txt 2019-10-16 22:00 - 2019-10-16 22:32 - 000000000 ____D C:\FRST 2019-10-16 21:59 - 2019-10-16 21:59 - 001452032 _____ (Farbar) C:\Users\Andi\Desktop\FRST.exe 2019-10-15 23:06 - 2019-10-16 20:39 - 000483629 _____ C:\Users\Andi\Desktop\C2 Verklaring vermissing reisdocument Huber.pdf 2019-10-15 16:16 - 2019-10-16 21:46 - 000003210 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot 2019-10-14 15:50 - 2019-10-14 15:50 - 000208014 _____ C:\Users\Andi\Documents\Wintergarten Bestellung.pdf 2019-10-12 16:35 - 2019-10-13 00:00 - 000001845 _____ C:\Users\*****\Desktop\ESET Online Scanner.lnk 2019-10-12 16:34 - 2019-10-12 16:35 - 008166712 _____ (ESET spol. s r.o.) C:\Users\Andi\Downloads\ESETOnlineScanner_DEU(1).exe 2019-10-12 12:59 - 2019-10-12 15:09 - 000000000 ____D C:\Users\*****\AppData\Local\CrashDumps 2019-10-12 12:35 - 2019-10-12 16:25 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla 2019-10-12 12:04 - 2019-10-12 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2019-10-12 11:59 - 2019-10-12 14:11 - 000000000 ____D C:\Windows\Downloaded Installations 2019-10-12 11:44 - 2019-10-12 11:44 - 000000000 ____D C:\Program Files\VulkanRT 2019-10-12 11:44 - 2018-03-24 01:05 - 000138120 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2019-10-12 11:44 - 2017-12-09 00:25 - 000798520 _____ C:\Windows\system32\vulkan-1.dll 2019-10-12 11:44 - 2017-12-09 00:25 - 000490808 _____ C:\Windows\system32\vulkaninfo.exe 2019-10-12 11:43 - 2018-03-24 00:57 - 003661704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2019-10-12 11:43 - 2018-03-24 00:57 - 002097120 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll 2019-10-12 11:43 - 2018-03-24 00:57 - 001767304 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2019-10-12 11:43 - 2018-03-24 00:56 - 000469392 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2019-10-12 11:43 - 2018-03-24 00:56 - 000430048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2019-10-12 11:43 - 2018-03-24 00:56 - 000110016 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2019-10-12 11:43 - 2018-03-24 00:56 - 000082560 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2019-10-12 11:43 - 2018-03-21 19:32 - 008114212 _____ C:\Windows\system32\nvcoproc.bin 2019-10-12 11:42 - 2019-10-16 21:48 - 000000000 ____D C:\ProgramData\NVIDIA 2019-10-12 11:42 - 2019-10-12 11:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-10-12 11:42 - 2018-04-13 01:11 - 000447928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2019-10-12 11:42 - 2018-03-24 01:50 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2019-10-12 11:39 - 2019-10-12 14:11 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2019-10-12 11:39 - 2019-10-12 14:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-10-12 00:58 - 2019-10-07 07:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2019-10-12 00:58 - 2019-10-06 05:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-10-12 00:58 - 2019-10-06 05:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2019-10-12 00:58 - 2019-10-06 05:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2019-10-12 00:58 - 2019-10-06 05:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-10-12 00:58 - 2019-10-06 05:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2019-10-12 00:58 - 2019-10-06 05:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2019-10-12 00:58 - 2019-10-06 05:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2019-10-12 00:58 - 2019-10-06 05:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2019-10-12 00:58 - 2019-10-06 05:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-10-12 00:58 - 2019-10-06 05:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2019-10-12 00:58 - 2019-10-06 05:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2019-10-12 00:58 - 2019-10-06 05:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2019-10-12 00:58 - 2019-10-06 05:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-10-12 00:58 - 2019-10-06 05:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2019-10-12 00:58 - 2019-10-06 05:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2019-10-12 00:58 - 2019-10-06 05:10 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2019-10-12 00:58 - 2019-10-06 05:06 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2019-10-12 00:58 - 2019-10-06 05:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2019-10-12 00:58 - 2019-10-06 05:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2019-10-12 00:58 - 2019-10-06 05:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2019-10-12 00:58 - 2019-10-06 04:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2019-10-12 00:58 - 2019-10-06 04:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2019-10-12 00:58 - 2019-10-06 04:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2019-10-12 00:58 - 2019-10-06 04:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2019-10-12 00:58 - 2019-10-06 04:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2019-10-12 00:58 - 2019-10-06 04:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-10-12 00:58 - 2019-10-06 04:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2019-10-12 00:58 - 2019-10-06 04:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-10-12 00:58 - 2019-10-06 04:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2019-10-12 00:58 - 2019-10-06 04:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2019-10-12 00:58 - 2019-10-06 04:48 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2019-10-12 00:58 - 2019-10-06 04:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-10-12 00:58 - 2019-10-06 04:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-10-12 00:58 - 2019-10-06 04:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-10-12 00:58 - 2019-10-06 04:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-10-12 00:58 - 2019-09-19 06:30 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll 2019-10-12 00:58 - 2019-09-17 04:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2019-10-12 00:58 - 2019-09-17 04:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-10-12 00:58 - 2019-09-17 04:32 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll 2019-10-12 00:58 - 2019-09-17 04:32 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2019-10-12 00:58 - 2019-09-17 04:32 - 000137952 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll 2019-10-12 00:58 - 2019-09-17 04:32 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2019-10-12 00:58 - 2019-09-17 04:32 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2019-10-12 00:58 - 2019-09-17 04:30 - 001315912 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 04:04 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2019-10-12 00:58 - 2019-09-17 04:04 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2019-10-12 00:58 - 2019-09-17 04:04 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2019-10-12 00:58 - 2019-09-17 04:04 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2019-10-12 00:58 - 2019-09-17 04:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2019-10-12 00:58 - 2019-09-17 04:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2019-10-12 00:58 - 2019-09-17 04:02 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2019-10-12 00:58 - 2019-09-17 04:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2019-10-12 00:58 - 2019-09-17 04:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2019-10-12 00:58 - 2019-09-17 03:59 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2019-10-12 00:58 - 2019-09-17 03:58 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2019-10-12 00:58 - 2019-09-17 03:58 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2019-10-12 00:58 - 2019-09-17 03:58 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2019-10-12 00:58 - 2019-09-17 03:58 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2019-10-12 00:58 - 2019-09-17 03:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2019-10-12 00:58 - 2019-09-17 03:57 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2019-10-12 00:58 - 2019-09-17 03:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys 2019-10-12 00:58 - 2019-09-17 03:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2019-10-12 00:58 - 2019-09-17 03:57 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2019-10-12 00:58 - 2019-09-17 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2019-10-12 00:58 - 2019-09-17 02:10 - 000407776 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2019-10-12 00:58 - 2019-09-11 06:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll 2019-10-12 00:58 - 2019-09-11 06:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll 2019-10-12 00:58 - 2019-09-10 04:27 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll 2019-10-12 00:58 - 2019-09-10 04:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2019-10-12 00:58 - 2019-09-10 04:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2019-10-12 00:58 - 2019-09-10 04:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll 2019-10-12 00:58 - 2019-09-10 04:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2019-10-12 00:58 - 2019-09-10 04:02 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2019-10-12 00:58 - 2019-09-10 04:00 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2019-10-12 00:58 - 2019-09-10 04:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2019-10-12 00:58 - 2019-09-10 04:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2019-10-12 00:58 - 2019-09-10 04:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll 2019-10-12 00:58 - 2019-09-10 04:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2019-10-12 00:58 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2019-10-12 00:58 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2019-10-12 00:58 - 2019-09-10 03:59 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys 2019-10-12 00:58 - 2019-09-10 03:56 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2019-10-10 23:00 - 2019-10-10 23:00 - 000000000 ____D C:\Users\*****\AppData\Local\mbam 2019-10-07 21:49 - 2019-10-07 21:49 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk 2019-10-07 21:49 - 2019-10-07 21:49 - 000001082 _____ C:\ProgramData\Desktop\Avira.lnk 2019-10-02 07:44 - 2019-09-12 05:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2019-10-02 07:44 - 2019-09-12 05:52 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2019-10-02 07:44 - 2019-09-12 05:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2019-10-02 07:44 - 2019-09-12 05:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2019-10-02 07:44 - 2019-09-12 05:32 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2019-10-02 07:43 - 2019-09-12 05:53 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2019-09-28 16:49 - 2019-09-28 16:49 - 000000000 ____D C:\Users\*****\AppData\Local\Avira ==================== Ein Monat (geänderte) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2019-10-16 21:56 - 2009-07-14 06:34 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-10-16 21:56 - 2009-07-14 06:34 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-10-16 21:54 - 2014-01-29 20:00 - 000002292 ____H C:\Users\Andi\Documents\Default.rdp 2019-10-16 21:49 - 2018-12-22 13:26 - 000000000 ____D C:\Users\Public\Speedup Sessions 2019-10-16 21:48 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-10-15 23:18 - 2013-12-19 01:25 - 000000000 ____D C:\Users\Andi\AppData\Local\CyberGhost 2019-10-15 16:00 - 2010-08-28 02:49 - 001620684 _____ C:\Windows\system32\PerfStringBackup.INI 2019-10-15 16:00 - 2010-05-12 15:13 - 000699432 _____ C:\Windows\system32\perfh007.dat 2019-10-15 16:00 - 2010-05-12 15:13 - 000149572 _____ C:\Windows\system32\perfc007.dat 2019-10-15 15:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf 2019-10-15 15:58 - 2019-09-13 09:11 - 000000000 ____D C:\Users\Andi\AppData\Local\CrashDumps 2019-10-15 08:06 - 2010-12-05 14:18 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-10-15 08:06 - 2010-12-05 14:18 - 000002125 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-10-15 08:06 - 2010-12-05 14:18 - 000002125 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-10-14 14:50 - 2014-12-24 11:32 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2019-10-14 14:50 - 2010-12-15 12:19 - 000000000 ____D C:\Users\Andi\AppData\Local\Adobe 2019-10-12 23:19 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache 2019-10-12 16:36 - 2017-05-25 10:41 - 000000000 ____D C:\Users\Andi\AppData\LocalLow\Mozilla 2019-10-12 14:30 - 2018-01-28 11:08 - 000003268 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray 2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration 2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions 2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\Help 2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-10-12 13:49 - 2018-01-28 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2019-10-12 13:49 - 2015-07-22 13:48 - 000000000 ____D C:\ProgramData\Package Cache 2019-10-12 12:43 - 2010-12-05 16:03 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2451C8A6-C0B1-40F0-AE59-6A188E718F2B} 2019-10-12 12:35 - 2015-07-08 20:07 - 000000000 ____D C:\Users\*****\AppData\Roaming\Mozilla 2019-10-12 11:59 - 2010-08-30 20:11 - 000000000 ____D C:\Program Files\Common Files\InstallShield 2019-10-12 11:52 - 2011-08-17 19:58 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Adobe 2019-10-12 09:37 - 2009-07-14 06:33 - 000427088 _____ C:\Windows\system32\FNTCACHE.DAT 2019-10-12 02:00 - 2010-12-05 14:21 - 000000000 ____D C:\Users\***** 2019-10-12 01:15 - 2013-08-13 23:33 - 000000000 ____D C:\Windows\system32\MRT 2019-10-12 01:06 - 2010-08-30 18:47 - 124046008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-10-09 08:08 - 2018-02-18 11:41 - 000003096 _____ C:\Windows\Sandboxie.ini 2019-10-08 08:40 - 2011-02-01 11:44 - 000000000 ___RD C:\Users\Andi\ONROP 2019-10-07 21:57 - 2010-12-05 14:17 - 000003534 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2019-10-07 21:57 - 2010-12-05 14:17 - 000003406 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2019-10-07 21:56 - 2010-12-05 14:17 - 000000000 ____D C:\Program Files\Google 2019-10-06 12:44 - 2019-09-10 11:19 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2019-10-03 13:29 - 2018-01-28 11:02 - 000003666 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate 2019-09-28 16:50 - 2011-04-01 10:43 - 000000000 ____D C:\Users\*****\AppData\Roaming\PetersSoftware 2019-09-28 16:41 - 2011-04-01 10:50 - 000000000 ____D C:\Users\Andi\AppData\Roaming\PetersSoftware 2019-09-28 15:42 - 2018-01-28 11:07 - 000171568 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2019-09-28 15:42 - 2018-01-28 11:07 - 000153280 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2019-09-24 21:11 - 2014-11-21 11:06 - 000000000 ____D C:\Program Files\PetersSoftware 2019-09-18 18:25 - 2011-04-25 08:41 - 000000000 ____D C:\Users\Andi\Documents\Outlook-Dateien ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ================ 2013-03-15 13:47 - 2015-03-27 19:52 - 000002912 _____ () C:\Users\*****\AppData\Roaming\Safer-Networking.log 2011-02-28 01:13 - 2011-02-28 01:13 - 000007597 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) LastRegBack: 2019-10-10 22:20 ==================== Ende von FRST.txt ============================ |
16.10.2019, 22:41 | #2 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 12-10-2019 02 durchgeführt von ***** (16-10-2019 22:33:40) Gestartet von C:\Users\Andi\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-12-05 12:21:31) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2637316431-523064892-2508072546-500 - Administrator - Disabled) Andi (S-1-5-21-2637316431-523064892-2508072546-1001 - Limited - Enabled) => C:\Users\Andi Gast (S-1-5-21-2637316431-523064892-2508072546-501 - Limited - Disabled) ***** (S-1-5-21-2637316431-523064892-2508072546-1000 - Administrator - Enabled) => C:\User\***** HomeGroupUser$ (S-1-5-21-2637316431-523064892-2508072546-1007 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 4Captains (HKLM\...\4Captains) (Version: - ) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) adaware antivirus (HKLM\...\{B629330D-7DD1-49D0-9270-70CB736693EE}_AdAwareUpdater) (Version: 12.6.1005.11662 - adaware) AdAwareInstaller (HKLM\...\{13B94BFA-D005-42D0-88A2-02E6C81BAF7A}) (Version: 12.6.1005.11662 - adaware) Hidden AdAwareUpdater (HKLM\...\{B629330D-7DD1-49D0-9270-70CB736693EE}) (Version: 12.6.1005.11662 - adaware) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) Aldi Süd Foto Service 4.6 (HKLM\...\Aldi Süd Foto Service) (Version: 4.6 - ORWO Net) ALDI SÜD Mah Jong (HKLM\...\ALDI SÜD Mah Jong) (Version: - ) ALDI Süd Online Druck Service 4.6 (HKLM\...\ALDI Süd Online Druck Service) (Version: 4.6 - ORWO Net) Aldi Sued Fotoservice 2.7 (HKLM\...\ALDI Sued Fotoservice_is1) (Version: - ) AllShare Framework DMS (HKLM\...\{FFCA6A43-2111-4DD0-9A26-D81F7DD20960}) (Version: 1.3.21 - Samsung) AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden Apple Application Support (32-Bit) (HKLM\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{CE84DF09-7A4C-45AC-BEAE-7313AE8FD18E}) (Version: 12.2.1.12 - Apple Inc.) Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.) Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Avira (HKLM\...\{e2be50eb-5ea7-469b-9805-e29b51000bb6}) (Version: 1.2.137.23068 - Avira Operations GmbH & Co. KG) Avira (HKLM\...\{F3986A03-518F-4860-B372-1ACD7773DD99}) (Version: 1.2.137.23068 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.1910.1604 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.2.1.10749 - Avira Operations GmbH & Co. KG) AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) ccc-core-static (HKLM\...\{D81845B4-5239-AD56-39A5-9FCFE528330F}) (Version: 2010.0527.1242.20909 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform) Cessna NAVIII G1000 Trainer v8.01 (HKLM\...\Cessna NAVIII G1000 Trainer v8.01) (Version: v8.01 - GARMIN) CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation) CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation) CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.) CyberGhost 7 (HKLM\...\CyberGhost 7) (Version: 7.1.2.4167 - CyberGhost S.A.) CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) devolo Cockpit (HKLM\...\dlancockpit) (Version: 5.0.4.0 - devolo AG) devolo dLAN-Konfigurationsassistent (HKLM\...\dlanconf) (Version: 20.0.0.0 - devolo AG) devolo Informer (HKLM\...\dslmon) (Version: 28.0.0.0 - devolo AG) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC) Drucken in PDF Annotator (novaPDF OEM 7.4 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: - Softland) DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) EXAM 11 (HKLM\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software) FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free Studio version 5.0.3 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.) Freemake Video Converter Version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation) Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.4 - Ellora Assets Corporation) Fresh 3.5.1 (HKLM\...\Fresh) (Version: 3.5.1 - GARMIN) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC) Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoPro App (HKLM\...\{FA856359-2B03-4ABC-AC82-E69AF9F405CE}) (Version: 5.6.509 - GoPro, Inc.) Hidden GoPro Studio 2.5.6 (HKLM\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.) HP Dropbox Plugin (HKLM\...\{C7C4E3CD-6C29-4FCD-9C92-73FB8CFA23E0}) (Version: 36.0.39.57346 - HP) HP Google Drive Plugin (HKLM\...\{D3AC873D-A142-4AF6-B2A4-F6B17BD5A340}) (Version: 36.0.39.57346 - HP) HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{674FD0B7-9641-4B07-906D-AB77A94C51B6}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6500 E710a-f Hilfe (HKLM\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard) HP OfficeJet Pro 8710 - Grundlegende Software für das Gerät (HKLM\...\{9427E29D-BB2B-4720-8F0F-D02ADEBDB4AD}) (Version: 38.1.1881.57490 - HP Inc.) HP OfficeJet Pro 8710 Hilfe (HKLM\...\{AC6E479B-DD73-4490-8B91-E497003E89AA}) (Version: 38.0.0 - HP) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Support Solutions Framework (HKLM\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM\...\{A95F74BA-8A42-4D24-AE9B-3AC2A1F95968}) (Version: 12.3.6.12 - HP) I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) iOpus Secure Email Attachments (SEA) (HKLM\...\iOpus Secure Email Attachments (SEA)) (Version: - ) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iTunes (HKLM\...\{3E78E23E-A9F3-41D1-9E98-2A2386D87101}) (Version: 12.9.5.7 - Apple Inc.) Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Kalender-Excel-8.12.1 (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Kalender-Excel-8.12.1_is1) (Version: 8.12.1 - MSDatec) Kalender-Excel-8.7.1 (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Kalender-Excel-8.7.1_is1) (Version: 8.7.1 - MSDatec) K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - ) LANCOM Advanced VPN Client (HKLM\...\{81C44F7F-5A1E-4FA9-ADE2-B84C866B8091}) (Version: 3.11.32792 - NCP engineering GmbH) Language Proficiency Trainer Version 1.3 (HKLM\...\{BEBC89AB-DDA6-4C52-9500-B2A8DA8098C7}_is1) (Version: 1.3 - R. Eisenschmidt GmbH) Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech) Malwarebytes Version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Marketsplash Schnellzugriffe (HKLM\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Medion Home Cinema (HKLM\...\{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Hidden Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Microsoft .NET Framework 4.8 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 69.0 (x86 de) (HKLM\...\Mozilla Firefox 69.0 (x86 de)) (Version: 69.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.0.7178 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON) Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA 3D Vision Treiber 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation) NVIDIA Grafiktreiber 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) PDF Annotator 3.0.0.336 (HKLM\...\PDFAnnotator_is1) (Version: 3.0.0.336 - GRAHL software design) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Samsung Link 1.7.0.1311052230 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1311052230 - Copyright 2013 SAMSUNG) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) Sandboxie 5.22 (32-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC) Schattensimulator Version 1.0 (HKLM\...\Schattensimulator_is1) (Version: - Warema) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Smart Switch (HKLM\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{2188C32A-AE04-4142-82AC-22803A5C5464}) (Version: 22.0.334.0 - Hewlett-Packard Co.) Studie zur Verbesserung von HP OfficeJet Pro 8710 (HKLM\...\{AE1A126D-651B-4240-A1E5-B91FCF17BFF7}) (Version: 38.1.1881.57490 - HP Inc.) supra IPCam (HKLM\...\{E7804B9B-8134-44DE-8FC7-9ACCE9611368}) (Version: 1.9.3.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH) swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.52465 - TeamViewer) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) USB Flash Security Ver.4.0.1 (HKLM\...\KASHU_UsbEnterVer.4.0.1) (Version: Ver.4.0.1 - KASHU SYSTEM DESIGN INC.) VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden VFR Sprechfunk Simulator 2 Version 2.1.4 (HKLM\...\{933D82F6-E423-4115-B440-4E0804BCBEBE}_is1) (Version: 2.1.4 - R. Eisenschmidt GmbH) VFW_Codec32 (HKLM\...\{AFEF72F3-EDEC-4B70-BB25-4CEA1FCBF425}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - ) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden webGAMET (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\webGAMET) (Version: - Deutscher Wetterdienst) WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.2 - WebM Project) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\*****\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1001_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Andi\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin () ContextMenuHandlers1: [1iOpusSEA] -> {E743A5D1-F6F0-11D6-963F-0002B3499E34} => C:\Windows\System32\iOpusSEA.dll [2003-03-05] () [Datei ist nicht signiert] ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareShellExtension.dll [2019-02-13] (Adaware Software -> ) ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareShellExtension.dll [2019-02-13] (Adaware Software -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-05-27] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Codecs (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [Datei ist nicht signiert] HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\system32\CFHD.dll [1490944 2015-07-02] (CineForm Inc.) [Datei ist nicht signiert] ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\Public\Desktop\MEDION Serviceportal.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> www.medionservice.de ShortcutWithArgument: C:\Users\Public\Desktop\MEDIONhome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> hxxp://www.medion.com/de ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2012-11-29 23:59 - 2012-11-29 23:59 - 000093696 _____ () [Datei ist nicht signiert] C:\Program Files\FileZilla FTP Client\fzshellext.dll 2010-08-30 20:04 - 2010-03-04 05:08 - 000058880 _____ () [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2019-05-18 14:55 - 2019-05-18 14:55 - 000170496 _____ () [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9109216ecdcf9ae71a57b08b84995d99\IsdiInterop.ni.dll 2011-08-27 16:34 - 2003-03-05 16:55 - 000077824 _____ () [Datei ist nicht signiert] C:\Windows\System32\iOpusSEA.dll 2011-03-27 18:57 - 2001-10-28 16:42 - 000116224 _____ () [Datei ist nicht signiert] C:\Windows\System32\pdfcmnnt.dll 2010-05-27 21:36 - 2010-05-27 21:36 - 000708608 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2010-05-27 21:35 - 2010-05-27 21:35 - 000003584 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamdeu.dll 2010-08-30 20:04 - 2010-03-04 05:10 - 000006656 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IAStorDataMgr.resources.dll 2010-08-30 20:04 - 2010-03-04 05:09 - 000032768 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IAStorIcon.resources.dll 2010-08-30 20:04 - 2010-03-04 05:09 - 000004608 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IntelVisualDesign.resources.dll 2010-08-30 20:04 - 2010-03-04 05:08 - 000163328 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll 2010-08-30 20:04 - 2010-03-04 05:08 - 001046528 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll 2010-08-30 20:04 - 2010-03-04 04:53 - 000280064 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI.dll 2019-05-18 14:55 - 2019-05-18 14:55 - 000176640 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\d56ef23c56dafafbd705bda28d96a1c3\IAStorDataMgr.ni.dll 2019-05-18 14:55 - 2019-05-18 14:55 - 000452608 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5c758e4d1dc449e6ad7cd1292aaf3bce\IAStorUtil.ni.dll 2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2011-06-17 15:11 - 2011-06-17 15:11 - 000225280 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll 2019-10-12 11:44 - 2018-03-24 01:05 - 000764640 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll 2019-10-12 11:44 - 2018-03-24 01:05 - 000320032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr.dll 2019-06-13 14:24 - 2019-04-23 12:14 - 000078336 _____ (Riverbed Technology, Inc.) [Datei ist nicht signiert] C:\Windows\system32\devolopacket.dll 2019-06-13 14:24 - 2019-04-23 12:14 - 000295936 _____ (Riverbed Technology, Inc.) [Datei ist nicht signiert] C:\Windows\system32\devolopcap.dll 2019-10-02 07:54 - 2019-10-02 07:54 - 000913920 _____ (ServiceStack) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\985cf3f73389cdf0d60e8a51854ccb86\ServiceStack.Text.ni.dll 2016-11-07 10:50 - 2016-11-07 10:50 - 001567744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\LANCOM\Advanced VPN Client\libeay32.dll 2011-01-12 13:04 - 2007-11-26 15:50 - 000167936 _____ (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] C:\Program Files\DSL-Manager\Deskband.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7548 mehr Seiten. IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7546 mehr Seiten. IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\nuernberger-land.de -> hxxp://nuernberger-land.de IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\t-online.de -> homepage.t-online.de IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\telekom.de -> hxxps://homepagecenter.telekom.de IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123simsen.com -> www.123simsen.com Da befinden sich 7548 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:04 - 2013-03-23 18:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\;C:\Program Files\Common Files\Apple\Mobile Device Support\;C:\Program Files\Common Files\Apple\Apple Application Support;C:\Program Files\Skype\Phone\;C:\Program Files\QuickTime\QTSystem\ HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt. MSCONFIG\Services: adawareantivirusservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AllShare Framework DMS => 2 MSCONFIG\Services: CG7Service => 2 MSCONFIG\Services: FreemakeVideoCapture => 2 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: nsverctl => 2 MSCONFIG\Services: Samsung Link Service => 2 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\startupfolder: C:^Users^Andi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareTray.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 7\CyberGhost.exe" /autostart /min MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: GoPro Studio Importer => C:\Program Files\GoPro\Tools\Importer\GoPro Importer.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{69DF5E11-1D09-4647-A612-953CE9724F7D}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EE0B8A16-832E-4DC3-B70E-34BEA741D52E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{498617AE-EAE7-4DD3-83E2-0D1C57164B89}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{18853FAF-EFD7-49BF-8704-F02239FAF29C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{E0E4EAC9-2DA5-4F53-8060-02456121F54C}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe Keine Datei FirewallRules: [UDP Query User{D57AD702-6DAC-41F1-AED1-3E4FEAD1276C}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe Keine Datei FirewallRules: [{EBF7597E-2CA6-4CE2-AA2D-DAABAA6939EC}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS57E5\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{A74DC7C6-79CA-45E0-BBE8-198E3C808573}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS57E5\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{081C0941-AC0A-43EC-A8CA-C8EEAE9C28C5}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS63E0\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{C939DB88-005F-491B-8760-20F89BFB9C1D}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS63E0\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{DCAC11FE-306A-451E-A906-50CFC99FD6C0}] => (Allow) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe Keine Datei FirewallRules: [{2A66FC9E-DAA9-4AE0-947E-2C6BBB3713F2}] => (Allow) C:\Program Files\Samsung\AllShare\AllShare.exe Keine Datei FirewallRules: [{87865B26-ED10-4416-9862-08C36F3E4D48}] => (Allow) C:\Program Files\Samsung\AllShare\AllShareAgent.exe Keine Datei FirewallRules: [{8501991C-4BE5-4BB3-A2C2-FBF484D2D377}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe Keine Datei FirewallRules: [{C6EED99B-B185-41F8-9DF2-7FB36D5C6454}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe Keine Datei FirewallRules: [{F032E0CC-5D9C-417F-9E6C-AE02EE6E2782}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe Keine Datei FirewallRules: [{CE20DC6D-F997-46F8-8107-6C1CE307BED7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe Keine Datei FirewallRules: [{6671E99B-2393-410B-98F7-26CB2BC81D20}] => (Allow) C:\Program Files\devolo\informer\devinf.exe (devolo AG -> devolo AG) FirewallRules: [{047807E6-D21A-451C-AFEC-74E77D789262}] => (Allow) C:\Program Files\devolo\informer\devinf.exe (devolo AG -> devolo AG) FirewallRules: [{DB969CA1-1C45-45AC-8D8B-91BA4ACEF2E5}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{87E3FCEC-30F7-4B04-BF1F-3D1660C39C27}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{AF6A00D7-4861-47DD-A3FB-646831DBD542}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{67E6EA45-6B2D-47DF-BA7B-C2CD679E7D27}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{E53D3C10-8A28-4536-A971-C4794AEC2F98}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{04A4DA75-B7F4-4711-ABB9-9F7218522370}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{CE1A85B6-D8F1-4AC3-8A51-2F205649D490}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert] FirewallRules: [{DADCF2A7-2669-4B67-B24F-6475D36279E9}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert] FirewallRules: [{18FDF0F3-2C4C-4DA3-B219-96096F5493C1}] => (Allow) LPort=8743 FirewallRules: [{CE363F0B-5DBA-43DB-9CF2-401E657AE458}] => (Allow) LPort=8643 FirewallRules: [{E264F72D-BFDB-4DE8-8FA7-61D67C9CB5DA}] => (Allow) LPort=7676 FirewallRules: [{2AE5E98B-D8CC-42BB-B57E-49F157FD9E7F}] => (Allow) LPort=7679 FirewallRules: [{CC864930-826E-45AB-9C69-713D5056A4F5}] => (Allow) LPort=24234 FirewallRules: [{672F950F-3979-420C-A5A3-20F752D2646C}] => (Allow) LPort=7900 FirewallRules: [{0964D9F9-5572-45CA-9F90-89F302111038}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{2E5DEC5A-6957-412F-B646-0A86A44E66C8}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{1F97DB57-3B81-4549-9E9F-9E86E27C99A3}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5BBA2234-E059-4277-BD14-C76EE881C8E8}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{1E97B52B-7524-4674-8F5F-D3493E29EF83}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{AFF42F24-54C1-402E-A565-CBDAF34BF291}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{43F208A5-18F5-4595-8236-3CE073A08EC3}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS35A0\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{9F5CDA78-22ED-49C2-80EC-D61CAD7A00C5}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS35A0\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{0A36E872-831D-4BC5-93FF-D30EB1B8C180}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3647\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{4DC06B68-C8F1-4A1C-BD86-EABCCE572A2F}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3647\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{482398DB-7734-4A36-8A7C-C87533CC080A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6360\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{8E154816-C6A0-46C9-85A5-1EDD3F60E358}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6360\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{F143B6F5-7B34-40AF-A149-5A20FC563A58}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS12A5\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{3ED9575B-BD6B-4EB8-AF06-48BFBC877F27}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS12A5\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{E148DE93-F439-4CF0-9832-16A71AB3B0C8}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3AF7\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{0FF28FFF-C279-4287-AC47-73D1C94710C2}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3AF7\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{C65576CE-E106-4706-8A71-D6B65DAE17ED}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6320\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{2EF966B5-7FCA-4306-8DB1-910752665D0A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6320\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{3118C1BC-B854-4D0F-90E1-826FE40C792A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS100D\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{9D31F803-EB30-46E7-BF84-2074F054E047}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS100D\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{368C1202-D331-4A37-89AE-2C6BFDC297E8}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{75F4ABE1-6EBD-4655-BA30-67839F9766B8}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{93CD8866-770B-4758-91CB-799A49E2D529}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{11414214-CDC4-47EE-B4C2-416F8DC0B5F0}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{9BA0055E-2DE1-45F7-AE7A-6EC9484DE364}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{6B3911F0-9077-4991-BD5F-11F0D05C9B44}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{93E2B080-A022-4BE7-9F02-4B54256D8893}] => (Allow) E:\fsetup.exe Keine Datei FirewallRules: [{507E50C2-EEEE-4C86-AB86-27D98B37B7D4}] => (Allow) E:\fsetup.exe Keine Datei FirewallRules: [{89924C91-46E7-4B1D-BEB8-E91DA03C541C}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS10F3\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{6368D6EC-BCCB-46E1-8FC9-1B1CAF7A22A9}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS10F3\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{8201659B-1033-4285-B217-AF8564AB5B20}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS117F\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{4596D4A6-BC0A-4B15-8D5D-D4C4EE8E931A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS117F\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{D17331A7-2311-4371-94FA-2D0D06625679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{63A02533-6B8E-47B7-BD1C-D778440D943F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D93D6C88-45B0-4C1A-B8EB-E473D68908E0}] => (Allow) C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe (Tino Marx -> Marx Softwareentwicklung - www.software4u.de) FirewallRules: [{642A2A54-43DD-4552-9CC1-1848FEE50432}] => (Allow) C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe (Tino Marx -> Marx Softwareentwicklung - www.software4u.de) FirewallRules: [{0A90640F-E2B2-4206-BBF0-C6EBF100EC3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8389D60F-F7F9-4261-A1D5-6094BE317DA1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{8B8A7D88-BC83-4FB3-BB84-4FDDA92BDA5E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{82934933-618F-486C-9A23-7A029CC2E09E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{54B8D8CB-4821-4B63-BEEA-AB4FE2AE2909}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [TCP Query User{31670968-C511-407C-9303-F96D90CD4765}C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe] => (Block) C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe (Garmin International -> ) [Datei ist nicht signiert] FirewallRules: [UDP Query User{CB5D6263-3BBA-47FD-9F8A-90678A2078CE}C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe] => (Block) C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe (Garmin International -> ) [Datei ist nicht signiert] FirewallRules: [TCP Query User{3775C1AE-A640-4AC0-B672-17F62CA23092}C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe Keine Datei FirewallRules: [UDP Query User{016C65BE-C024-491F-9A5C-D6FA60031D09}C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe Keine Datei FirewallRules: [TCP Query User{883D4F7E-3CB5-40FD-B699-6354C9C28A3F}C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe Keine Datei FirewallRules: [UDP Query User{4A841371-5351-41E5-84C5-66D84FA323D0}C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe Keine Datei FirewallRules: [TCP Query User{23385891-ABD0-4A2A-B886-E3A77D90D725}C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe Keine Datei FirewallRules: [UDP Query User{E544D31C-A9E3-434F-8248-D9D8A01FC793}C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe Keine Datei FirewallRules: [TCP Query User{CCDADC6B-4D07-4888-BA92-362936E8DA77}C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe Keine Datei FirewallRules: [UDP Query User{A7D45160-0BBF-4550-AA9D-B40FF9C4AC57}C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe Keine Datei FirewallRules: [{C0F179C6-9850-490C-B77A-C10523E1F5BE}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1A44\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{41F67C85-CF5B-4E77-A522-6879024F1AD8}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1A44\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{30CA3530-DA9F-4579-B38D-8A216024CF56}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1B59\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{D10B1123-8491-43E4-A805-513BCF565DEC}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1B59\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{84C77C70-0230-4038-A261-1901511BF812}] => (Allow) C:\Users\Andi\AppData\Local\Temp\7zS7CC7\HP.EasyStart.exe Keine Datei FirewallRules: [{52E996C8-07E8-4CD2-860C-90026001E438}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{75B8329C-2A74-490B-8FD7-F0067133EA45}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{17132420-02DC-4392-B23E-A22F141E1F0C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{71F6C09C-DE8C-4953-994B-116AB02FAE0D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{03BE2B7A-544D-49E1-98C0-47FC288ED2A1}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{CBBB3366-9502-47ED-9FA9-0C3EE23BDBA8}] => (Allow) LPort=5357 FirewallRules: [{40BEF000-6595-42C9-9A8A-3B21F9C88BD9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{E6DFD6C5-03AC-4D86-88FB-846E544061C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{89F0B9DB-21BD-4F60-A21A-AF0138A46776}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{05764678-211E-41CA-8AB4-2441D3ED7026}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe Keine Datei FirewallRules: [{610B0BA9-2482-4A53-985E-07FB7BAC4779}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe Keine Datei FirewallRules: [{9F89876B-C24E-444E-9FC1-69DD09ADFA99}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe Keine Datei FirewallRules: [{332F14E0-3E9D-44C6-B5B2-B50148470B5F}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe Keine Datei FirewallRules: [{424BE5F2-2CC0-44A1-9B27-DC9E6212C37B}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0F32\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [{B7FCB802-1BE7-4AF0-BCC9-C6E8BDD10E5F}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0F32\HPDiagnosticCoreUI.exe Keine Datei FirewallRules: [TCP Query User{F5D20907-46A9-4454-A151-9ABBE0FB9F26}C:\program files\devolo\informer\devinf.exe] => (Allow) C:\program files\devolo\informer\devinf.exe (devolo AG -> devolo AG) FirewallRules: [UDP Query User{FB5200AB-719B-4604-A2F1-FE88BC1C5284}C:\program files\devolo\informer\devinf.exe] => (Allow) C:\program files\devolo\informer\devinf.exe (devolo AG -> devolo AG) FirewallRules: [{8660E1D4-DB48-4CA8-A313-B45F06008190}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{96B42443-C2B5-4E83-A55A-A6228BDEE44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6CC9EE0F-EE83-48CF-BEB5-457B71DF3741}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{51C9714C-E1F7-48D3-B747-AC4C894802D0}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0D26\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP) FirewallRules: [{2C18C080-1DA5-42CD-8EC7-4ABBD0710FF3}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0D26\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP) FirewallRules: [{5B2CE1DF-4838-471B-BF3F-E52FD5E6BA77}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{557F83AB-E956-400A-8009-F3BDECC49EEF}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{BC27863E-99D3-4669-BAC8-CD7CE1419A3E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B7F750E3-2A86-40E7-ABF5-8EC3AAB6917B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Wiederherstellungspunkte ========================= 02-10-2019 07:44:27 Windows Update 04-10-2019 00:54:59 Windows Update 05-10-2019 17:44:01 Avira System Speedup Optimierung 12-10-2019 00:59:45 Windows Update 12-10-2019 12:00:58 Installiert ASUS GPU TweakII 12-10-2019 13:08:07 Wiederherstellungsvorgang ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: avfwot Description: avfwot Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avfwot Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (10/16/2019 10:23:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1524 Startzeit: 01d5845f6132f697 Endzeit: 761 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: c2421cbe-f052-11e9-8a1d-0200886cdc10 Error: (10/16/2019 10:22:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f90 Startzeit: 01d5845f31c9a5c0 Endzeit: 180 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 9b184f8d-f052-11e9-8a1d-0200886cdc10 Error: (10/16/2019 10:20:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a98 Startzeit: 01d5845efdc177f1 Endzeit: 840 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 66e5b666-f052-11e9-8a1d-0200886cdc10 Error: (10/16/2019 08:32:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.SystemSpeedup.Maintenance.exe, Version: 6.2.1.10749, Zeitstempel: 0x5d6fbf37 Name des fehlerhaften Moduls: clr.dll, Version: 4.8.4018.0, Zeitstempel: 0x5d4a64a8 Ausnahmecode: 0xc0000409 Fehleroffset: 0x0035a3f8 ID des fehlerhaften Prozesses: 0x8ec Startzeit der fehlerhaften Anwendung: 0x01d584500b68f568 Pfad der fehlerhaften Anwendung: C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Berichtskennung: 4c59516a-f043-11e9-8888-0200886cdc10 Error: (10/15/2019 11:35:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1, Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1, Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01d58388941a6d71 Pfad der fehlerhaften Anwendung: C:\Program Files\DSL-Manager\DslMgrSvc.exe Pfad des fehlerhaften Moduls: C:\Program Files\DSL-Manager\DslMgrSvc.exe Berichtskennung: bb463127-ef93-11e9-85e6-74f06d8d1620 Error: (10/15/2019 04:32:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.SystemSpeedup.Maintenance.exe, Version: 6.2.1.10749, Zeitstempel: 0x5d6fbf37 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000409 Fehleroffset: 0x040e6a68 ID des fehlerhaften Prozesses: 0x1020 Startzeit der fehlerhaften Anwendung: 0x01d583655a0426d4 Pfad der fehlerhaften Anwendung: C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 99cf6b73-ef58-11e9-85e6-74f06d8d1620 Error: (10/15/2019 03:58:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.23537, Zeitstempel: 0x57c44cc4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.24468, Zeitstempel: 0x5ce88549 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b150 ID des fehlerhaften Prozesses: 0xe20 Startzeit der fehlerhaften Anwendung: 0x01d5835b91d9ee29 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll Berichtskennung: e6995826-ef53-11e9-8b28-0200886cdc10 Error: (10/15/2019 03:58:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Explorer.EXE Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 7633B150 Stapel: Systemfehler: ============= Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 10:00:30 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 10:00:30 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 10:00:29 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} und APPID {56BE716B-2F76-4DFA-8702-67AE10044F0B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 09:50:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} und APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden. Error: (10/16/2019 09:50:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avfwot ==================== Memory info =========================== BIOS: American Megatrends Inc. A7708MLN.105 09/21/2010 Motherboard: MEDIONPC MS-7708 Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz Prozentuale Nutzung des RAM: 84% Installierter physikalischer RAM: 3063.11 MB Verfügbarer physikalischer RAM: 475.04 MB Summe virtueller Speicher: 6124.6 MB Verfügbarer virtueller Speicher: 2707.86 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:1356.17 GB) (Free:975.17 GB) NTFS Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.01 GB) NTFS Drive k: (USB DISK) (Removable) (Total:14.91 GB) (Free:11.11 GB) FAT32 \\?\Volume{ad4805e4-00b2-11e0-b7c3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1356.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C) ==================== Ende vom Addition.txt ============================ |
16.10.2019, 22:47 | #3 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtCode:
ATTFilter aner 7 . 4 . 1 launched 2019-09-10 09:30:30 : <INFO> [MBInstaller] Checking Iris 2019-09-10 09:30:30 : <INFO> [IRIS] Making request 2019-09-10 09:30:31 : <INFO> [AdwUpgrade] Checking application updates 2019-09-10 09:30:31 : <INFO> [Telemetry] Sending hello 2019-09-10 09:30:31 : <WARNING> Type conversion already registered from type QSharedPointer<QNetworkSession> to type QObject* 2019-09-10 09:30:31 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-10 09:30:31 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-10 09:30:31 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-10 09:30:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-10 09:30:31 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-10 09:30:31 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-10 09:30:31 : <INFO> [SslCert] ALPN: None 2019-09-10 09:30:31 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-10 09:30:31 : <INFO> [SslCert] KXE: "ECDH" 2019-09-10 09:30:31 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-10 09:30:31 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-10 09:30:31 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-10 09:30:31 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-10 09:30:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-10 09:30:31 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-10 09:30:31 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-10 09:30:31 : <INFO> [SslCert] ALPN: None 2019-09-10 09:30:31 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-10 09:30:31 : <INFO> [SslCert] KXE: "ECDH" 2019-09-10 09:30:31 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-10 09:30:31 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-10 09:30:31 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-10 09:30:31 : <INFO> [IRIS] Failed 2019-09-10 09:30:37 : <INFO> [Button clicked] EULA agreed 2019-09-10 09:30:45 : <INFO> [Button clicked] Dashboard menu item 2019-09-10 09:30:50 : <INFO> [Button clicked] Settings menu item 2019-09-10 09:31:03 : <INFO> [Button clicked] Dashboard menu item 2019-09-10 09:31:04 : <INFO> [Button clicked] Scan 2019-09-10 09:31:04 : <INFO> [Scan] Started 2019-09-10 09:31:05 : <INFO> [Database] Downloading database 2019-09-10 09:31:06 : <INFO> [Database] Checking integrity 2019-09-10 09:31:06 : <INFO> [Database] Found 2599 families 2019-09-10 09:31:06 : <INFO> [Database] Database v "2019-09-06.1" 2019-09-10 09:31:06 : <INFO> [Loading paths] Local paths loaded 2019-09-10 09:31:06 : <INFO> [Loading paths] Chrome paths loaded 2019-09-10 09:31:06 : <INFO> [Loading paths] User Keys loaded 2019-09-10 09:31:06 : <INFO> [Module initialized] "File" 2019-09-10 09:31:06 : <INFO> [Module initialized] "Folder" 2019-09-10 09:31:06 : <INFO> [Module initialized] "RegistryKey" 2019-09-10 09:31:06 : <INFO> [Module initialized] "RegistryValue" 2019-09-10 09:31:08 : <INFO> [Module initialized] "TaskName" 2019-09-10 09:31:08 : <INFO> [Module initialized] "Service" 2019-09-10 09:31:08 : <INFO> [Module initialized] "Winlogon" 2019-09-10 09:31:44 : <INFO> [Module initialized] "URL" 2019-09-10 09:31:44 : <INFO> [Module initialized] "RegAppInit" 2019-09-10 09:31:44 : <INFO> [Module initialized] "RegClasses" 2019-09-10 09:31:44 : <INFO> [Module initialized] "DNS" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegGuid" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegOther" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegProductID" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegSoftware" 2019-09-10 09:31:45 : <INFO> [Module initialized] "RegStartup" 2019-09-10 09:31:45 : <INFO> [Module initialized] "WMI" 2019-09-10 09:31:45 : <INFO> [Module initialized] "ChromiumExt" 2019-09-10 09:31:45 : <INFO> [Module initialized] "FirefoxExt" 2019-09-10 09:31:45 : <INFO> [Module initialize] Scan Browser 2019-09-10 09:31:47 : <INFO> [Module initialize] Scan Browser FF 2019-09-10 09:31:47 : <INFO> [Module initialize] FF start pages loaded 2019-09-10 09:31:47 : <INFO> [Module initialize] FF search providers loaded 2019-09-10 09:31:47 : <INFO> [Module initialize] FF plugin list loaded 2019-09-10 09:31:47 : <INFO> [Scan] Exclusions loaded 2019-09-10 09:32:31 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-10 09:32:31 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-10 09:32:31 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ] 2019-09-10 09:32:32 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Myfree Codec" [ "Registry" ] 2019-09-10 09:32:32 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ] 2019-09-10 09:32:32 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-10 09:32:37 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-10 09:32:38 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-10 09:32:43 : <INFO> [Scan] Item detected: "PUP.Optional.DownloadSponsor" , "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ] 2019-09-10 09:32:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-10 09:32:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-10 09:32:49 : <INFO> [Telemetry] Sending to Influx 2019-09-10 09:32:51 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-10 09:32:51 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-10 09:32:51 : <INFO> [SslCert] Locality Name () 2019-09-10 09:32:51 : <INFO> [SslCert] Organization () 2019-09-10 09:32:51 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-10 09:32:51 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-10 09:32:51 : <INFO> [SslCert] ALPN: Yes 2019-09-10 09:32:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-10 09:32:51 : <INFO> [SslCert] KXE: "ECDH" 2019-09-10 09:32:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-10 09:32:51 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-10 09:32:51 : <INFO> [Telemetry] Sending to DSE 2019-09-10 09:32:52 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-10 09:32:52 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-10 09:32:52 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-10 09:32:52 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-10 09:32:52 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-10 09:32:52 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-10 09:32:52 : <INFO> [SslCert] ALPN: Yes 2019-09-10 09:32:52 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-10 09:32:52 : <INFO> [SslCert] KXE: "ECDH" 2019-09-10 09:32:52 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-10 09:32:52 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-10 09:32:52 : <INFO> [Scan] Finished 2019-09-10 09:33:05 : <INFO> [Button clicked] Log files menu item 2019-09-10 09:33:18 : <INFO> [Button clicked] Dashboard menu item 2019-09-10 09:33:29 : <INFO> [Button clicked] Next 2019-09-10 09:34:42 : <INFO> [Button clicked] Bundleware found ok button 2019-09-10 09:34:49 : <INFO> [Button clicked] Previous 2019-09-10 09:35:25 : <INFO> [Button clicked] Next 2019-09-10 09:35:49 : <INFO> [Button clicked] Clean & repair 2019-09-10 09:35:59 : <INFO> [Button clicked] Dialog button clicked [ 5 ] 2019-09-10 09:36:03 : <INFO> [Button clicked] Previous 2019-09-10 09:36:14 : <INFO> [Button clicked] Next 2019-09-10 09:36:17 : <INFO> [Button clicked] Previous 2019-09-10 09:36:26 : <INFO> [Button clicked] Next 2019-09-10 09:37:01 : <INFO> [Button clicked] Previous 2019-09-10 09:37:06 : <INFO> [Button clicked] Log files menu item 2019-09-10 09:37:10 : <INFO> [Application] Closing AdwCleaner 2019-09-11 20:52:56 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-11 20:53:05 : <INFO> [MBInstaller] Checking Iris 2019-09-11 20:53:05 : <INFO> [IRIS] Making request 2019-09-11 20:53:06 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 20:53:06 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 20:53:06 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-11 20:53:06 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-11 20:53:06 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-11 20:53:06 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-11 20:53:06 : <INFO> [SslCert] ALPN: None 2019-09-11 20:53:06 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:53:06 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:53:06 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:53:07 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-11 20:53:07 : <INFO> [IRIS] Failed 2019-09-11 20:53:09 : <INFO> [Button clicked] Survey closed 2019-09-11 20:53:09 : <INFO> [Telemetry] Sending NPS Survey 2019-09-11 20:53:11 : <INFO> [AdwUpgrade] Checking application updates 2019-09-11 20:53:11 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 20:53:11 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 20:53:11 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-11 20:53:11 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-11 20:53:11 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-11 20:53:11 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-11 20:53:11 : <INFO> [SslCert] ALPN: None 2019-09-11 20:53:11 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:53:11 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:53:11 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:53:11 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-11 20:53:11 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-11 20:53:11 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-11 20:53:11 : <INFO> [SslCert] Locality Name () 2019-09-11 20:53:11 : <INFO> [SslCert] Organization () 2019-09-11 20:53:11 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-11 20:53:11 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-11 20:53:11 : <INFO> [SslCert] ALPN: Yes 2019-09-11 20:53:11 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:53:11 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:53:11 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:53:11 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-11 20:53:13 : <INFO> [Button clicked] Scan 2019-09-11 20:53:13 : <INFO> [Scan] Started 2019-09-11 20:53:13 : <INFO> [Database] Downloading database 2019-09-11 20:53:14 : <INFO> [Database] Checking integrity 2019-09-11 20:53:14 : <INFO> [Database] Found 2599 families 2019-09-11 20:53:14 : <INFO> [Database] Database v "2019-09-06.1" 2019-09-11 20:53:15 : <INFO> [Loading paths] Local paths loaded 2019-09-11 20:53:15 : <INFO> [Loading paths] Chrome paths loaded 2019-09-11 20:53:15 : <INFO> [Loading paths] User Keys loaded 2019-09-11 20:53:15 : <INFO> [Module initialized] "File" 2019-09-11 20:53:15 : <INFO> [Module initialized] "Folder" 2019-09-11 20:53:15 : <INFO> [Module initialized] "RegistryKey" 2019-09-11 20:53:15 : <INFO> [Module initialized] "RegistryValue" 2019-09-11 20:53:17 : <INFO> [Module initialized] "TaskName" 2019-09-11 20:53:17 : <INFO> [Module initialized] "Service" 2019-09-11 20:53:17 : <INFO> [Module initialized] "Winlogon" 2019-09-11 20:53:54 : <INFO> [Module initialized] "URL" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegAppInit" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegClasses" 2019-09-11 20:53:54 : <INFO> [Module initialized] "DNS" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegGuid" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegOther" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegProductID" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegSoftware" 2019-09-11 20:53:54 : <INFO> [Module initialized] "RegStartup" 2019-09-11 20:53:54 : <INFO> [Module initialized] "WMI" 2019-09-11 20:53:54 : <INFO> [Module initialized] "ChromiumExt" 2019-09-11 20:53:54 : <INFO> [Module initialized] "FirefoxExt" 2019-09-11 20:53:54 : <INFO> [Module initialize] Scan Browser 2019-09-11 20:53:56 : <INFO> [Module initialize] Scan Browser FF 2019-09-11 20:53:56 : <INFO> [Module initialize] FF start pages loaded 2019-09-11 20:53:56 : <INFO> [Module initialize] FF search providers loaded 2019-09-11 20:53:56 : <INFO> [Module initialize] FF plugin list loaded 2019-09-11 20:53:56 : <INFO> [Scan] Exclusions loaded 2019-09-11 20:54:37 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:54:37 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:54:37 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ] 2019-09-11 20:54:38 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKLM\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:54:38 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:54:38 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-11 20:54:43 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-11 20:54:44 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-11 20:54:48 : <INFO> [Scan] Item detected: "PUP.Optional.DownloadSponsor" , "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ] 2019-09-11 20:54:48 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-11 20:54:48 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-11 20:54:54 : <INFO> [Telemetry] Sending to Influx 2019-09-11 20:54:54 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-11 20:54:54 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-11 20:54:54 : <INFO> [SslCert] Locality Name () 2019-09-11 20:54:54 : <INFO> [SslCert] Organization () 2019-09-11 20:54:54 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-11 20:54:54 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-11 20:54:54 : <INFO> [SslCert] ALPN: Yes 2019-09-11 20:54:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:54:54 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:54:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:54:54 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-11 20:54:54 : <INFO> [Telemetry] Sending to DSE 2019-09-11 20:54:55 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 20:54:55 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 20:54:55 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-11 20:54:55 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-11 20:54:55 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-11 20:54:55 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-11 20:54:55 : <INFO> [SslCert] ALPN: Yes 2019-09-11 20:54:55 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:54:55 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:54:55 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:54:55 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-11 20:54:55 : <INFO> [Scan] Finished 2019-09-11 20:55:27 : <INFO> [Button clicked] Next 2019-09-11 20:55:32 : <INFO> [Button clicked] Previous 2019-09-11 20:55:38 : <INFO> [Button clicked] Next 2019-09-11 20:55:40 : <INFO> [Button clicked] Previous 2019-09-11 20:55:47 : <INFO> [Button clicked] Next 2019-09-11 20:55:49 : <INFO> [Button clicked] Previous 2019-09-11 20:55:50 : <INFO> [Button clicked] Next 2019-09-11 20:55:53 : <INFO> [Button clicked] Previous 2019-09-11 20:55:57 : <INFO> [Button clicked] Next 2019-09-11 20:56:00 : <INFO> [Button clicked] Clean & repair 2019-09-11 20:56:06 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-09-11 20:56:06 : <INFO> [Cleaning] Started 2019-09-11 20:56:06 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-09-11 20:56:06 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-09-11 20:56:07 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20190911.225607" 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKLM\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKLM\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.WebCompanion" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.WebCompanion" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.WebCompanion" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.WebCompanion" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ] 2019-09-11 20:56:07 : <INFO> [Cleaning] Processing: "PUP.Optional.WebCompanion" , "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:56:08 : <INFO> [Cleaning] Quarantined: "PUP.Optional.WebCompanion" , "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:56:08 : <INFO> [Cleaning] Processing: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:56:08 : <INFO> [Cleaning] Quarantined: "PUP.Optional.WebCompanion" , "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ] 2019-09-11 20:56:08 : <INFO> [Cleaning] Processing: "PUP.Optional.DownloadSponsor" , "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ] 2019-09-11 20:56:08 : <INFO> [Cleaning] Quarantined: "PUP.Optional.DownloadSponsor" , "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ] 2019-09-11 20:56:09 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-09-11 20:56:13 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-09-11 20:56:13 : <INFO> [Telemetry] Sending to Influx 2019-09-11 20:56:13 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-11 20:56:13 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-11 20:56:13 : <INFO> [SslCert] Locality Name () 2019-09-11 20:56:13 : <INFO> [SslCert] Organization () 2019-09-11 20:56:13 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-11 20:56:13 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-11 20:56:13 : <INFO> [SslCert] ALPN: Yes 2019-09-11 20:56:13 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:56:13 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:56:13 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:56:13 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-11 20:56:13 : <INFO> [Telemetry] Sending to DSE 2019-09-11 20:56:14 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 20:56:14 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 20:56:14 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-11 20:56:14 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-11 20:56:14 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-11 20:56:14 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-11 20:56:14 : <INFO> [SslCert] ALPN: Yes 2019-09-11 20:56:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 20:56:14 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 20:56:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 20:56:14 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-11 20:56:14 : <INFO> [Cleaning] Finished 2019-09-11 20:56:19 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-09-11 20:56:21 : <INFO> [Application] Closing AdwCleaner 2019-09-11 21:04:15 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-11 21:04:21 : <INFO> [MBInstaller] Checking Iris 2019-09-11 21:04:21 : <INFO> [IRIS] Making request 2019-09-11 21:04:22 : <INFO> [Telemetry] Sending hello ication updates 2019-09-11 21:04:22 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 21:04:22 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 21:04:22 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-11 21:04:22 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-11 21:04:22 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-11 21:04:22 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-11 21:04:22 : <INFO> [SslCert] ALPN: None 2019-09-11 21:04:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 21:04:22 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 21:04:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 21:04:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 21:04:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 21:04:23 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-11 21:04:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-11 21:04:23 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-11 21:04:23 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-11 21:04:23 : <INFO> [SslCert] ALPN: None 2019-09-11 21:04:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 21:04:23 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 21:04:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 21:04:23 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-11 21:04:23 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-11 21:04:23 : <INFO> [IRIS] Failed 2019-09-11 21:04:30 : <INFO> [Button clicked] Scan 2019-09-11 21:04:30 : <INFO> [Scan] Started 2019-09-11 21:04:30 : <INFO> [Database] Downloading database 2019-09-11 21:04:32 : <INFO> [Database] Checking integrity 2019-09-11 21:04:32 : <INFO> [Database] Found 2599 families 2019-09-11 21:04:32 : <INFO> [Database] Database v "2019-09-06.1" 2019-09-11 21:04:33 : <INFO> [Loading paths] Local paths loaded 2019-09-11 21:04:33 : <INFO> [Loading paths] Chrome paths loaded 2019-09-11 21:04:33 : <INFO> [Loading paths] User Keys loaded 2019-09-11 21:04:33 : <INFO> [Module initialized] "File" 2019-09-11 21:04:33 : <INFO> [Module initialized] "Folder" 2019-09-11 21:04:33 : <INFO> [Module initialized] "RegistryKey" 2019-09-11 21:04:33 : <INFO> [Module initialized] "RegistryValue" 2019-09-11 21:04:35 : <INFO> [Module initialized] "TaskName" 2019-09-11 21:04:35 : <INFO> [Module initialized] "Service" 2019-09-11 21:04:35 : <INFO> [Module initialized] "Winlogon" 2019-09-11 21:05:12 : <INFO> [Module initialized] "URL" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegAppInit" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegClasses" 2019-09-11 21:05:12 : <INFO> [Module initialized] "DNS" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegGuid" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegOther" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegProductID" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegSoftware" 2019-09-11 21:05:12 : <INFO> [Module initialized] "RegStartup" 2019-09-11 21:05:12 : <INFO> [Module initialized] "WMI" 2019-09-11 21:05:12 : <INFO> [Module initialized] "ChromiumExt" 2019-09-11 21:05:12 : <INFO> [Module initialized] "FirefoxExt" 2019-09-11 21:05:12 : <INFO> [Module initialize] Scan Browser 2019-09-11 21:05:13 : <INFO> [Module initialize] Scan Browser FF 2019-09-11 21:05:13 : <INFO> [Module initialize] FF start pages loaded 2019-09-11 21:05:13 : <INFO> [Module initialize] FF search providers loaded 2019-09-11 21:05:13 : <INFO> [Module initialize] FF plugin list loaded 2019-09-11 21:05:13 : <INFO> [Scan] Exclusions loaded 2019-09-11 21:06:02 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-11 21:06:02 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-11 21:06:02 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-11 21:06:03 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-11 21:06:07 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-11 21:06:07 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-11 21:06:13 : <INFO> [Telemetry] Sending to Influx 2019-09-11 21:06:14 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-11 21:06:14 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-11 21:06:14 : <INFO> [SslCert] Locality Name () 2019-09-11 21:06:14 : <INFO> [SslCert] Organization () 2019-09-11 21:06:14 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-11 21:06:14 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-11 21:06:14 : <INFO> [SslCert] ALPN: Yes 2019-09-11 21:06:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 21:06:14 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 21:06:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 21:06:14 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-11 21:06:14 : <INFO> [Telemetry] Sending to DSE 2019-09-11 21:06:15 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-11 21:06:15 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-11 21:06:15 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-11 21:06:15 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-11 21:06:15 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-11 21:06:15 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-11 21:06:15 : <INFO> [SslCert] ALPN: Yes 2019-09-11 21:06:15 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-11 21:06:15 : <INFO> [SslCert] KXE: "ECDH" 2019-09-11 21:06:15 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-11 21:06:15 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-11 21:06:15 : <INFO> [Scan] Finished 2019-09-11 21:06:29 : <INFO> [Checkbox clicked] No threats detected "Don't show again": "Unchecked" 2019-09-11 21:06:30 : <INFO> [Button clicked] No threats detected ok button 2019-09-11 21:06:45 : <INFO> [Button clicked] Quarantine menu item 2019-09-11 21:06:57 : <INFO> [Application] Closing AdwCleaner 2019-09-14 21:22:47 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-14 21:22:57 : <INFO> [MBInstaller] Checking Iris 2019-09-14 21:22:57 : <INFO> [IRIS] Making request 2019-09-14 21:22:58 : <INFO> [AdwUpgrade] Checking application updates 2019-09-14 21:22:58 : <INFO> [Telemetry] Sending hello 2019-09-14 21:22:58 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:22:58 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:22:58 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-14 21:22:58 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-14 21:22:58 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-14 21:22:58 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-14 21:22:58 : <INFO> [SslCert] ALPN: None 2019-09-14 21:22:58 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:22:58 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:22:58 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:22:58 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:22:58 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:22:58 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-14 21:22:58 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-14 21:22:58 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-14 21:22:58 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-14 21:22:58 : <INFO> [SslCert] ALPN: None 2019-09-14 21:22:58 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:22:58 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:22:58 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:22:58 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-14 21:22:58 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-14 21:22:58 : <INFO> [IRIS] Failed 2019-09-14 21:23:05 : <INFO> [Button clicked] Scan 2019-09-14 21:23:05 : <INFO> [Scan] Started 2019-09-14 21:23:05 : <INFO> [Database] Downloading database 2019-09-14 21:23:06 : <INFO> [Database] Checking integrity 2019-09-14 21:23:06 : <INFO> [Database] Found 2599 families 2019-09-14 21:23:06 : <INFO> [Database] Database v "2019-09-13.1" 2019-09-14 21:23:07 : <INFO> [Loading paths] Local paths loaded 2019-09-14 21:23:07 : <INFO> [Loading paths] Chrome paths loaded 2019-09-14 21:23:07 : <INFO> [Loading paths] User Keys loaded 2019-09-14 21:23:07 : <INFO> [Module initialized] "File" 2019-09-14 21:23:07 : <INFO> [Module initialized] "Folder" 2019-09-14 21:23:07 : <INFO> [Module initialized] "RegistryKey" 2019-09-14 21:23:07 : <INFO> [Module initialized] "RegistryValue" 2019-09-14 21:23:09 : <INFO> [Module initialized] "TaskName" 2019-09-14 21:23:09 : <INFO> [Module initialized] "Service" 2019-09-14 21:23:09 : <INFO> [Module initialized] "Winlogon" 2019-09-14 21:23:47 : <INFO> [Module initialized] "URL" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegAppInit" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegClasses" 2019-09-14 21:23:47 : <INFO> [Module initialized] "DNS" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegGuid" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegOther" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegProductID" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegSoftware" 2019-09-14 21:23:47 : <INFO> [Module initialized] "RegStartup" 2019-09-14 21:23:48 : <INFO> [Module initialized] "WMI" 2019-09-14 21:23:48 : <INFO> [Module initialized] "ChromiumExt" 2019-09-14 21:23:48 : <INFO> [Module initialized] "FirefoxExt" 2019-09-14 21:23:48 : <INFO> [Module initialize] Scan Browser 2019-09-14 21:23:50 : <INFO> [Module initialize] Scan Browser FF 2019-09-14 21:23:50 : <INFO> [Module initialize] FF start pages loaded 2019-09-14 21:23:50 : <INFO> [Module initialize] FF search providers loaded 2019-09-14 21:23:50 : <INFO> [Module initialize] FF plugin list loaded 2019-09-14 21:23:50 : <INFO> [Scan] Exclusions loaded 2019-09-14 21:24:29 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-14 21:24:35 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-14 21:24:35 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-14 21:24:35 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-14 21:24:36 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-14 21:24:40 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-14 21:24:40 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-14 21:24:46 : <INFO> [Telemetry] Sending to Influx 2019-09-14 21:24:47 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-14 21:24:47 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-14 21:24:47 : <INFO> [SslCert] Locality Name () 2019-09-14 21:24:47 : <INFO> [SslCert] Organization () 2019-09-14 21:24:47 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-14 21:24:47 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-14 21:24:47 : <INFO> [SslCert] ALPN: Yes 2019-09-14 21:24:47 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:24:47 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:24:47 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:24:47 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-14 21:24:47 : <INFO> [Telemetry] Sending to DSE 2019-09-14 21:24:48 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:24:48 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:24:48 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-14 21:24:48 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-14 21:24:48 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-14 21:24:48 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-14 21:24:48 : <INFO> [SslCert] ALPN: Yes 2019-09-14 21:24:48 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:24:48 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:24:48 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:24:48 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-14 21:24:48 : <INFO> [Scan] Finished 2019-09-14 21:25:59 : <INFO> [Button clicked] Next 2019-09-14 21:26:03 : <INFO> [Button clicked] Clean & repair 2019-09-14 21:26:06 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-09-14 21:26:06 : <INFO> [Cleaning] Started 2019-09-14 21:26:06 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-09-14 21:26:06 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-09-14 21:26:07 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20190914.232607" 2019-09-14 21:26:07 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-14 21:26:07 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-14 21:26:07 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-09-14 21:26:09 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-09-14 21:26:09 : <INFO> [Telemetry] Sending to Influx 2019-09-14 21:26:09 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-14 21:26:09 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-14 21:26:09 : <INFO> [SslCert] Locality Name () 2019-09-14 21:26:09 : <INFO> [SslCert] Organization () 2019-09-14 21:26:09 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-14 21:26:09 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-14 21:26:09 : <INFO> [SslCert] ALPN: Yes 2019-09-14 21:26:09 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:26:09 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:26:09 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:26:09 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-14 21:26:09 : <INFO> [Telemetry] Sending to DSE 2019-09-14 21:26:10 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:26:10 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:26:10 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-14 21:26:10 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-14 21:26:10 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-14 21:26:10 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-14 21:26:10 : <INFO> [SslCert] ALPN: Yes 2019-09-14 21:26:10 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:26:10 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:26:10 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:26:10 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-14 21:26:10 : <INFO> [Cleaning] Finished 2019-09-14 21:26:13 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-09-14 21:26:14 : <INFO> [Application] Closing AdwCleaner 2019-09-14 21:30:27 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-14 21:31:02 : <INFO> [MBInstaller] Checking Iris 2019-09-14 21:31:02 : <INFO> [IRIS] Making request 2019-09-14 21:31:03 : <INFO> [Telemetry] Sending hello 2019-09-14 21:31:03 : <INFO> [AdwUpgrade] Checking application updates 2019-09-14 21:31:04 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:31:04 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:31:04 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-14 21:31:04 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-14 21:31:04 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-14 21:31:04 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-14 21:31:04 : <INFO> [SslCert] ALPN: None 2019-09-14 21:31:04 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:31:04 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:31:04 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:31:04 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:31:04 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:31:04 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-14 21:31:04 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-14 21:31:04 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-14 21:31:04 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-14 21:31:04 : <INFO> [SslCert] ALPN: None 2019-09-14 21:31:04 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:31:04 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:31:04 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:31:04 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-14 21:31:04 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-14 21:31:04 : <INFO> [IRIS] Failed 2019-09-14 21:31:13 : <INFO> [Button clicked] Scan 2019-09-14 21:31:13 : <INFO> [Scan] Started 2019-09-14 21:31:13 : <INFO> [Database] Downloading database 2019-09-14 21:31:14 : <INFO> [Database] Checking integrity 2019-09-14 21:31:14 : <INFO> [Database] Found 2599 families 2019-09-14 21:31:14 : <INFO> [Database] Database v "2019-09-13.1" 2019-09-14 21:31:16 : <INFO> [Loading paths] Local paths loaded 2019-09-14 21:31:16 : <INFO> [Loading paths] Chrome paths loaded 2019-09-14 21:31:16 : <INFO> [Loading paths] User Keys loaded 2019-09-14 21:31:16 : <INFO> [Module initialized] "File" 2019-09-14 21:31:16 : <INFO> [Module initialized] "Folder" 2019-09-14 21:31:16 : <INFO> [Module initialized] "RegistryKey" 2019-09-14 21:31:16 : <INFO> [Module initialized] "RegistryValue" 2019-09-14 21:31:19 : <INFO> [Module initialized] "TaskName" 2019-09-14 21:31:19 : <INFO> [Module initialized] "Service" 2019-09-14 21:31:19 : <INFO> [Module initialized] "Winlogon" 2019-09-14 21:31:59 : <INFO> [Module initialized] "URL" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegAppInit" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegClasses" 2019-09-14 21:31:59 : <INFO> [Module initialized] "DNS" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegGuid" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegOther" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegProductID" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegSoftware" 2019-09-14 21:31:59 : <INFO> [Module initialized] "RegStartup" 2019-09-14 21:31:59 : <INFO> [Module initialized] "WMI" 2019-09-14 21:31:59 : <INFO> [Module initialized] "ChromiumExt" 2019-09-14 21:31:59 : <INFO> [Module initialized] "FirefoxExt" 2019-09-14 21:31:59 : <INFO> [Module initialize] Scan Browser 2019-09-14 21:32:01 : <INFO> [Module initialize] Scan Browser FF 2019-09-14 21:32:01 : <INFO> [Module initialize] FF start pages loaded 2019-09-14 21:32:01 : <INFO> [Module initialize] FF search providers loaded 2019-09-14 21:32:01 : <INFO> [Module initialize] FF plugin list loaded 2019-09-14 21:32:01 : <INFO> [Scan] Exclusions loaded 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-14 21:32:53 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-14 21:32:57 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-14 21:32:57 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-14 21:33:03 : <INFO> [Telemetry] Sending to Influx 2019-09-14 21:33:07 : <INFO> [Telemetry] Sending to DSE 2019-09-14 21:33:09 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-14 21:33:09 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-14 21:33:09 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-14 21:33:09 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-14 21:33:09 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-14 21:33:09 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-14 21:33:09 : <INFO> [SslCert] ALPN: Yes 2019-09-14 21:33:09 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-14 21:33:09 : <INFO> [SslCert] KXE: "ECDH" 2019-09-14 21:33:09 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-14 21:33:09 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-14 21:33:09 : <INFO> [Scan] Finished 2019-09-14 21:33:16 : <INFO> [Button clicked] No threats detected ok button 2019-09-14 21:33:27 : <INFO> [Button clicked] Cancel 2019-09-14 21:33:30 : <INFO> [Button clicked] Quarantine menu item 2019-09-14 21:33:38 : <INFO> [Button clicked] Quarantine menu item 2019-09-14 21:33:49 : <INFO> [Application] Closing AdwCleaner 2019-09-24 22:35:31 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-24 22:36:32 : <INFO> [MBInstaller] Checking Iris 2019-09-24 22:36:32 : <INFO> [IRIS] Making request 2019-09-24 22:36:33 : <INFO> [AdwUpgrade] Checking application updates 2019-09-24 22:36:33 : <INFO> [Telemetry] Sending hello 2019-09-24 22:36:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-24 22:36:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-24 22:36:33 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-24 22:36:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-24 22:36:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-24 22:36:33 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-24 22:36:33 : <INFO> [SslCert] ALPN: None 2019-09-24 22:36:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:36:33 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:36:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:36:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-24 22:36:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-24 22:36:33 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-24 22:36:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-24 22:36:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-24 22:36:33 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-24 22:36:33 : <INFO> [SslCert] ALPN: None 2019-09-24 22:36:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:36:33 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:36:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:36:33 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-24 22:36:33 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-24 22:36:33 : <INFO> [IRIS] Failed 2019-09-24 22:36:36 : <INFO> [Button clicked] Scan 2019-09-24 22:36:36 : <INFO> [Scan] Started 2019-09-24 22:36:36 : <INFO> [Database] Downloading database 2019-09-24 22:36:37 : <INFO> [Database] Checking integrity 2019-09-24 22:36:37 : <INFO> [Database] Found 2600 families 2019-09-24 22:36:37 : <INFO> [Database] Database v "2019-09-23.1" 2019-09-24 22:36:38 : <INFO> [Loading paths] Local paths loaded 2019-09-24 22:36:39 : <INFO> [Loading paths] Chrome paths loaded 2019-09-24 22:36:39 : <INFO> [Loading paths] User Keys loaded 2019-09-24 22:36:39 : <INFO> [Module initialized] "File" 2019-09-24 22:36:39 : <INFO> [Module initialized] "Folder" 2019-09-24 22:36:39 : <INFO> [Module initialized] "RegistryKey" 2019-09-24 22:36:39 : <INFO> [Module initialized] "RegistryValue" 2019-09-24 22:36:40 : <INFO> [Module initialized] "TaskName" 2019-09-24 22:36:40 : <INFO> [Module initialized] "Service" 2019-09-24 22:36:40 : <INFO> [Module initialized] "Winlogon" 2019-09-24 22:37:14 : <INFO> [Module initialized] "URL" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegAppInit" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegClasses" 2019-09-24 22:37:14 : <INFO> [Module initialized] "DNS" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegGuid" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegOther" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegProductID" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegSoftware" 2019-09-24 22:37:14 : <INFO> [Module initialized] "RegStartup" 2019-09-24 22:37:14 : <INFO> [Module initialized] "WMI" 2019-09-24 22:37:14 : <INFO> [Module initialized] "ChromiumExt" 2019-09-24 22:37:14 : <INFO> [Module initialized] "FirefoxExt" 2019-09-24 22:37:14 : <INFO> [Module initialize] Scan Browser 2019-09-24 22:37:18 : <INFO> [Module initialize] Scan Browser FF 2019-09-24 22:37:18 : <INFO> [Module initialize] FF start pages loaded 2019-09-24 22:37:18 : <INFO> [Module initialize] FF search providers loaded 2019-09-24 22:37:18 : <INFO> [Module initialize] FF plugin list loaded 2019-09-24 22:37:18 : <INFO> [Scan] Exclusions loaded 2019-09-24 22:38:13 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ] 2019-09-24 22:38:13 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ] 2019-09-24 22:38:14 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-24 22:38:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-24 22:38:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-24 22:38:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-24 22:38:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-24 22:38:26 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-24 22:38:26 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-24 22:38:32 : <INFO> [Telemetry] Sending to Influx 2019-09-24 22:38:34 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-24 22:38:34 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-24 22:38:34 : <INFO> [SslCert] Locality Name () 2019-09-24 22:38:34 : <INFO> [SslCert] Organization () 2019-09-24 22:38:34 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-24 22:38:34 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-24 22:38:34 : <INFO> [SslCert] ALPN: Yes 2019-09-24 22:38:34 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:38:34 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:38:34 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:38:34 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-24 22:38:34 : <INFO> [Telemetry] Sending to DSE 2019-09-24 22:38:35 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-24 22:38:35 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-24 22:38:35 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-24 22:38:35 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-24 22:38:35 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-24 22:38:35 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-24 22:38:35 : <INFO> [SslCert] ALPN: Yes 2019-09-24 22:38:35 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:38:35 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:38:35 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:38:35 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-24 22:38:35 : <INFO> [Scan] Finished 2019-09-24 22:38:43 : <INFO> [Button clicked] Next 2019-09-24 22:38:45 : <INFO> [Button clicked] Previous 2019-09-24 22:38:53 : <INFO> [Button clicked] Next 2019-09-24 22:38:55 : <INFO> [Button clicked] Clean & repair 2019-09-24 22:39:01 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-09-24 22:39:01 : <INFO> [Cleaning] Started 2019-09-24 22:39:01 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-09-24 22:39:01 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-09-24 22:39:01 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20190925.003901" 2019-09-24 22:39:01 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-24 22:39:02 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-09-24 22:39:05 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-09-24 22:39:05 : <INFO> [Telemetry] Sending to Influx 2019-09-24 22:39:05 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-24 22:39:05 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-24 22:39:05 : <INFO> [SslCert] Locality Name () 2019-09-24 22:39:05 : <INFO> [SslCert] Organization () 2019-09-24 22:39:05 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-24 22:39:05 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-24 22:39:05 : <INFO> [SslCert] ALPN: Yes 2019-09-24 22:39:05 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:39:05 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:39:05 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:39:05 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-24 22:39:05 : <INFO> [Telemetry] Sending to DSE 2019-09-24 22:39:06 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-24 22:39:06 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-24 22:39:06 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-24 22:39:06 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-24 22:39:06 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-24 22:39:06 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-24 22:39:06 : <INFO> [SslCert] ALPN: Yes 2019-09-24 22:39:06 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-24 22:39:06 : <INFO> [SslCert] KXE: "ECDH" 2019-09-24 22:39:06 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-24 22:39:06 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-24 22:39:06 : <INFO> [Cleaning] Finished 2019-09-24 22:39:10 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-09-24 22:39:11 : <INFO> [Application] Closing AdwCleaner 2019-09-28 08:44:25 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-28 08:44:52 : <INFO> [MBInstaller] Checking Iris 2019-09-28 08:44:52 : <INFO> [IRIS] Making request 2019-09-28 08:44:52 : <INFO> [Telemetry] Sending hello 2019-09-28 08:44:52 : <INFO> [AdwUpgrade] Checking application updates 2019-09-28 08:44:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 08:44:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 08:44:54 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-28 08:44:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-28 08:44:54 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-28 08:44:54 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-28 08:44:54 : <INFO> [SslCert] ALPN: None 2019-09-28 08:44:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:44:54 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:44:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:44:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 08:44:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 08:44:54 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-28 08:44:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-28 08:44:54 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-28 08:44:54 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-28 08:44:54 : <INFO> [SslCert] ALPN: None 2019-09-28 08:44:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:44:54 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:44:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:44:54 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-28 08:44:54 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-28 08:44:54 : <INFO> [IRIS] Failed 2019-09-28 08:44:54 : <INFO> [Button clicked] Scan 2019-09-28 08:44:54 : <INFO> [Scan] Started 2019-09-28 08:44:55 : <INFO> [Database] Downloading database 2019-09-28 08:44:56 : <INFO> [Database] Checking integrity 2019-09-28 08:44:56 : <INFO> [Database] Found 2601 families 2019-09-28 08:44:56 : <INFO> [Database] Database v "2019-09-27.1" 2019-09-28 08:44:56 : <INFO> [Loading paths] Local paths loaded 2019-09-28 08:44:57 : <INFO> [Loading paths] Chrome paths loaded 2019-09-28 08:44:57 : <INFO> [Loading paths] User Keys loaded 2019-09-28 08:44:57 : <INFO> [Module initialized] "File" 2019-09-28 08:44:57 : <INFO> [Module initialized] "Folder" 2019-09-28 08:44:57 : <INFO> [Module initialized] "RegistryKey" 2019-09-28 08:44:57 : <INFO> [Module initialized] "RegistryValue" 2019-09-28 08:44:58 : <INFO> [Module initialized] "TaskName" 2019-09-28 08:44:58 : <INFO> [Module initialized] "Service" 2019-09-28 08:44:58 : <INFO> [Module initialized] "Winlogon" 2019-09-28 08:45:34 : <INFO> [Module initialized] "URL" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegAppInit" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegClasses" 2019-09-28 08:45:34 : <INFO> [Module initialized] "DNS" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegGuid" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-09-28 08:45:34 : <INFO> [Module initialized] "RegOther" 2019-09-28 08:45:35 : <INFO> [Module initialized] "RegProductID" 2019-09-28 08:45:35 : <INFO> [Module initialized] "RegSoftware" 2019-09-28 08:45:35 : <INFO> [Module initialized] "RegStartup" 2019-09-28 08:45:35 : <INFO> [Module initialized] "WMI" 2019-09-28 08:45:35 : <INFO> [Module initialized] "ChromiumExt" 2019-09-28 08:45:35 : <INFO> [Module initialized] "FirefoxExt" 2019-09-28 08:45:35 : <INFO> [Module initialize] Scan Browser 2019-09-28 08:45:36 : <INFO> [Module initialize] Scan Browser FF 2019-09-28 08:45:36 : <INFO> [Module initialize] FF start pages loaded 2019-09-28 08:45:36 : <INFO> [Module initialize] FF search providers loaded 2019-09-28 08:45:36 : <INFO> [Module initialize] FF plugin list loaded 2019-09-28 08:45:36 : <INFO> [Scan] Exclusions loaded 2019-09-28 08:46:11 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-28 08:46:17 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-09-28 08:46:17 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-28 08:46:17 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-09-28 08:46:18 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-09-28 08:46:21 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-09-28 08:46:21 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-09-28 08:46:27 : <INFO> [Telemetry] Sending to Influx 2019-09-28 08:46:29 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-28 08:46:29 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-28 08:46:29 : <INFO> [SslCert] Locality Name () 2019-09-28 08:46:29 : <INFO> [SslCert] Organization () 2019-09-28 08:46:29 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-28 08:46:29 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-28 08:46:29 : <INFO> [SslCert] ALPN: Yes 2019-09-28 08:46:29 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:46:29 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:46:29 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:46:29 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-28 08:46:29 : <INFO> [Telemetry] Sending to DSE 2019-09-28 08:46:30 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 08:46:30 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 08:46:30 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-28 08:46:30 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-28 08:46:30 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-28 08:46:30 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-28 08:46:30 : <INFO> [SslCert] ALPN: Yes 2019-09-28 08:46:30 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:46:30 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:46:30 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:46:30 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-28 08:46:30 : <INFO> [Scan] Finished 2019-09-28 08:46:51 : <INFO> [Button clicked] Next 2019-09-28 08:46:53 : <INFO> [Button clicked] Previous 2019-09-28 08:46:55 : <INFO> [Button clicked] Next 2019-09-28 08:46:57 : <INFO> [Button clicked] Clean & repair 2019-09-28 08:46:59 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-09-28 08:46:59 : <INFO> [Cleaning] Started 2019-09-28 08:46:59 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-09-28 08:46:59 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-09-28 08:46:59 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20190928.104659" 2019-09-28 08:46:59 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-28 08:46:59 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-09-28 08:46:59 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-09-28 08:47:05 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-09-28 08:47:05 : <INFO> [Telemetry] Sending to Influx 2019-09-28 08:47:06 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-09-28 08:47:06 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-09-28 08:47:06 : <INFO> [SslCert] Locality Name () 2019-09-28 08:47:06 : <INFO> [SslCert] Organization () 2019-09-28 08:47:06 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-09-28 08:47:06 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-09-28 08:47:06 : <INFO> [SslCert] ALPN: Yes 2019-09-28 08:47:06 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:47:06 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:47:06 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:47:06 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-09-28 08:47:06 : <INFO> [Telemetry] Sending to DSE 2019-09-28 08:47:07 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 08:47:07 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 08:47:07 : <INFO> [SslCert] Locality Name ("San Jose") 2019-09-28 08:47:07 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-09-28 08:47:07 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-09-28 08:47:07 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-09-28 08:47:07 : <INFO> [SslCert] ALPN: Yes 2019-09-28 08:47:07 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 08:47:07 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 08:47:07 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 08:47:07 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-09-28 08:47:07 : <INFO> [Cleaning] Finished 2019-09-28 08:47:09 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-09-28 08:47:10 : <INFO> [Application] Closing AdwCleaner 2019-09-28 14:48:29 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-09-28 14:49:13 : <INFO> [MBInstaller] Checking Iris 2019-09-28 14:49:13 : <INFO> [IRIS] Making request 2019-09-28 14:49:14 : <INFO> [MBBanner] Checking Iris 2019-09-28 14:49:14 : <INFO> [AdwUpgrade] Checking application updates 2019-09-28 14:49:14 : <INFO> [Telemetry] Sending hello 2019-09-28 14:49:14 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 14:49:14 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 14:49:14 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-28 14:49:14 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-28 14:49:14 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-28 14:49:14 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-28 14:49:14 : <INFO> [SslCert] ALPN: None 2019-09-28 14:49:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 14:49:14 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 14:49:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 14:49:14 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 14:49:14 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 14:49:14 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-28 14:49:14 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-28 14:49:14 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-28 14:49:14 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-28 14:49:14 : <INFO> [SslCert] ALPN: None 2019-09-28 14:49:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 14:49:14 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 14:49:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 14:49:15 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-09-28 14:49:15 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-09-28 14:49:15 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-09-28 14:49:15 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-09-28 14:49:15 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-09-28 14:49:15 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-09-28 14:49:15 : <INFO> [SslCert] ALPN: None 2019-09-28 14:49:15 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-09-28 14:49:15 : <INFO> [SslCert] KXE: "ECDH" 2019-09-28 14:49:15 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-09-28 14:49:15 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-09-28 14:49:15 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-28 14:49:15 : <INFO> [IRIS] Failed 2019-09-28 14:49:15 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-09-28 14:49:15 : <INFO> [IRIS] Failed 2019-09-28 14:49:40 : <INFO> [Application] Closing AdwCleaner 2019-10-05 15:31:54 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-05 15:32:16 : <INFO> [MBInstaller] Checking Iris 2019-10-05 15:32:16 : <INFO> [IRIS] Making request 2019-10-05 15:32:16 : <INFO> [AdwUpgrade] Checking application updates 2019-10-05 15:32:18 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:32:18 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:32:18 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-05 15:32:18 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-05 15:32:18 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-05 15:32:18 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-05 15:32:18 : <INFO> [SslCert] ALPN: None 2019-10-05 15:32:18 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:32:18 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:32:18 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:32:19 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:32:19 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:32:19 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-05 15:32:19 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-05 15:32:19 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-05 15:32:19 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-05 15:32:19 : <INFO> [SslCert] ALPN: None 2019-10-05 15:32:19 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:32:19 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:32:19 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:32:19 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-05 15:32:19 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-05 15:32:19 : <INFO> [IRIS] Failed 2019-10-05 15:32:20 : <INFO> [Button clicked] Scan 2019-10-05 15:32:20 : <INFO> [Scan] Started 2019-10-05 15:32:20 : <INFO> [Database] Downloading database 2019-10-05 15:32:21 : <INFO> [Database] Checking integrity 2019-10-05 15:32:21 : <INFO> [Database] Found 2586 families 2019-10-05 15:32:21 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-05 15:32:23 : <INFO> [Loading paths] Local paths loaded 2019-10-05 15:32:23 : <INFO> [Loading paths] Chrome paths loaded 2019-10-05 15:32:23 : <INFO> [Loading paths] User Keys loaded 2019-10-05 15:32:23 : <INFO> [Module initialized] "File" 2019-10-05 15:32:23 : <INFO> [Module initialized] "Folder" 2019-10-05 15:32:23 : <INFO> [Module initialized] "RegistryKey" 2019-10-05 15:32:23 : <INFO> [Module initialized] "RegistryValue" 2019-10-05 15:32:25 : <INFO> [Module initialized] "TaskName" 2019-10-05 15:32:26 : <INFO> [Module initialized] "Service" 2019-10-05 15:32:26 : <INFO> [Module initialized] "Winlogon" 2019-10-05 15:33:21 : <INFO> [Module initialized] "URL" 2019-10-05 15:33:21 : <INFO> [Module initialized] "RegAppInit" 2019-10-05 15:33:21 : <INFO> [Module initialized] "RegClasses" 2019-10-05 15:33:21 : <INFO> [Module initialized] "DNS" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegGuid" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegOther" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegProductID" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegSoftware" 2019-10-05 15:33:22 : <INFO> [Module initialized] "RegStartup" 2019-10-05 15:33:22 : <INFO> [Module initialized] "WMI" 2019-10-05 15:33:22 : <INFO> [Module initialized] "ChromiumExt" 2019-10-05 15:33:22 : <INFO> [Module initialized] "FirefoxExt" 2019-10-05 15:33:23 : <INFO> [Module initialize] Scan Browser 2019-10-05 15:33:31 : <INFO> [Module initialize] Scan Browser FF 2019-10-05 15:33:31 : <INFO> [Module initialize] FF start pages loaded 2019-10-05 15:33:31 : <INFO> [Module initialize] FF search providers loaded 2019-10-05 15:33:31 : <INFO> [Module initialize] FF plugin list loaded 2019-10-05 15:33:31 : <INFO> [Scan] Exclusions loaded 2019-10-05 15:34:45 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-05 15:34:56 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-05 15:34:56 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-05 15:34:56 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-05 15:34:57 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-05 15:35:01 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-05 15:35:01 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-05 15:35:08 : <INFO> [Telemetry] Sending to Influx 2019-10-05 15:35:10 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-05 15:35:10 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-05 15:35:10 : <INFO> [SslCert] Locality Name () 2019-10-05 15:35:10 : <INFO> [SslCert] Organization () 2019-10-05 15:35:10 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-05 15:35:10 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-05 15:35:10 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:35:10 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:35:10 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:35:10 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:35:10 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-05 15:35:10 : <INFO> [Telemetry] Sending to DSE 2019-10-05 15:35:11 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:35:11 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:35:11 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-05 15:35:11 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-05 15:35:11 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-05 15:35:11 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-05 15:35:11 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:35:11 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:35:11 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:35:11 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:35:11 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-05 15:35:11 : <INFO> [Scan] Finished 2019-10-05 15:35:22 : <INFO> [Button clicked] Next 2019-10-05 15:35:24 : <INFO> [Button clicked] Previous 2019-10-05 15:35:25 : <INFO> [Button clicked] Next 2019-10-05 15:35:26 : <INFO> [Button clicked] Clean & repair 2019-10-05 15:35:28 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-05 15:35:28 : <INFO> [Cleaning] Started 2019-10-05 15:35:28 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-05 15:35:28 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-05 15:35:28 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191005.173528" 2019-10-05 15:35:28 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-05 15:35:28 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-05 15:35:29 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-05 15:35:35 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-05 15:35:35 : <INFO> [Telemetry] Sending to Influx 2019-10-05 15:35:35 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-05 15:35:35 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-05 15:35:35 : <INFO> [SslCert] Locality Name () 2019-10-05 15:35:35 : <INFO> [SslCert] Organization () 2019-10-05 15:35:35 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-05 15:35:35 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-05 15:35:35 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:35:35 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:35:35 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:35:35 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:35:35 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-05 15:35:35 : <INFO> [Telemetry] Sending to DSE 2019-10-05 15:35:36 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:35:36 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:35:36 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-05 15:35:36 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-05 15:35:36 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-05 15:35:36 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-05 15:35:36 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:35:36 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:35:36 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:35:36 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:35:36 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-05 15:35:36 : <INFO> [Cleaning] Finished 2019-10-05 15:35:39 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-05 15:35:41 : <INFO> [Application] Closing AdwCleaner 2019-10-05 15:40:44 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-05 15:40:53 : <INFO> [MBInstaller] Checking Iris 2019-10-05 15:40:53 : <INFO> [IRIS] Making request 2019-10-05 15:40:54 : <INFO> [AdwUpgrade] Checking application updates 2019-10-05 15:40:54 : <INFO> [Telemetry] Sending hello 2019-10-05 15:40:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:40:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:40:54 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-05 15:40:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-05 15:40:54 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-05 15:40:54 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-05 15:40:54 : <INFO> [SslCert] ALPN: None 2019-10-05 15:40:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:40:54 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:40:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:40:55 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:40:55 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:40:55 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-05 15:40:55 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-05 15:40:55 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-05 15:40:55 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-05 15:40:55 : <INFO> [SslCert] ALPN: None 2019-10-05 15:40:55 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:40:55 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:40:55 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:40:55 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-05 15:40:55 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-05 15:40:55 : <INFO> [IRIS] Failed 2019-10-05 15:40:57 : <INFO> [Button clicked] Scan 2019-10-05 15:40:57 : <INFO> [Scan] Started 2019-10-05 15:40:58 : <INFO> [Database] Downloading database 2019-10-05 15:40:58 : <INFO> [Database] Checking integrity 2019-10-05 15:40:58 : <INFO> [Database] Found 2586 families 2019-10-05 15:40:58 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-05 15:41:00 : <INFO> [Loading paths] Local paths loaded 2019-10-05 15:41:00 : <INFO> [Loading paths] Chrome paths loaded 2019-10-05 15:41:00 : <INFO> [Loading paths] User Keys loaded 2019-10-05 15:41:00 : <INFO> [Module initialized] "File" 2019-10-05 15:41:00 : <INFO> [Module initialized] "Folder" 2019-10-05 15:41:00 : <INFO> [Module initialized] "RegistryKey" 2019-10-05 15:41:00 : <INFO> [Module initialized] "RegistryValue" 2019-10-05 15:41:01 : <INFO> [Module initialized] "TaskName" 2019-10-05 15:41:01 : <INFO> [Module initialized] "Service" 2019-10-05 15:41:01 : <INFO> [Module initialized] "Winlogon" 2019-10-05 15:41:40 : <INFO> [Module initialized] "URL" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegAppInit" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegClasses" 2019-10-05 15:41:40 : <INFO> [Module initialized] "DNS" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegGuid" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegOther" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegProductID" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegSoftware" 2019-10-05 15:41:40 : <INFO> [Module initialized] "RegStartup" 2019-10-05 15:41:40 : <INFO> [Module initialized] "WMI" 2019-10-05 15:41:40 : <INFO> [Module initialized] "ChromiumExt" 2019-10-05 15:41:40 : <INFO> [Module initialized] "FirefoxExt" 2019-10-05 15:41:40 : <INFO> [Module initialize] Scan Browser 2019-10-05 15:41:44 : <INFO> [Module initialize] Scan Browser FF 2019-10-05 15:41:44 : <INFO> [Module initialize] FF start pages loaded 2019-10-05 15:41:44 : <INFO> [Module initialize] FF search providers loaded 2019-10-05 15:41:44 : <INFO> [Module initialize] FF plugin list loaded 2019-10-05 15:41:44 : <INFO> [Scan] Exclusions loaded 2019-10-05 15:42:48 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-05 15:42:48 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-05 15:42:48 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:42:49 : <INFO> Geändert von Grosserdummi (16.10.2019 um 22:53 Uhr) |
16.10.2019, 22:56 | #4 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtCode:
ATTFilter [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-05 15:42:49 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-05 15:42:52 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-05 15:42:52 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-05 15:42:59 : <INFO> [Telemetry] Sending to Influx 2019-10-05 15:43:00 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-05 15:43:00 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-05 15:43:00 : <INFO> [SslCert] Locality Name () 2019-10-05 15:43:00 : <INFO> [SslCert] Organization () 2019-10-05 15:43:00 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-05 15:43:00 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-05 15:43:00 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:43:00 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:43:00 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:43:00 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:43:00 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-05 15:43:00 : <INFO> [Telemetry] Sending to DSE 2019-10-05 15:43:01 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-05 15:43:01 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-05 15:43:01 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-05 15:43:01 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-05 15:43:01 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-05 15:43:01 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-05 15:43:01 : <INFO> [SslCert] ALPN: Yes 2019-10-05 15:43:01 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-05 15:43:01 : <INFO> [SslCert] KXE: "ECDH" 2019-10-05 15:43:01 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-05 15:43:01 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-05 15:43:01 : <INFO> [Scan] Finished 2019-10-05 15:43:28 : <INFO> [Application] Closing AdwCleaner 2019-10-06 08:13:19 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-06 08:13:27 : <INFO> [MBInstaller] Checking Iris 2019-10-06 08:13:27 : <INFO> [IRIS] Making request 2019-10-06 08:13:27 : <INFO> [AdwUpgrade] Checking application updates 2019-10-06 08:13:27 : <INFO> [Telemetry] Sending hello 2019-10-06 08:13:28 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 08:13:28 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 08:13:28 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-06 08:13:28 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-06 08:13:28 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-06 08:13:28 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-06 08:13:28 : <INFO> [SslCert] ALPN: None 2019-10-06 08:13:28 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 08:13:28 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 08:13:28 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 08:13:28 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 08:13:28 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 08:13:28 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-06 08:13:28 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-06 08:13:28 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-06 08:13:28 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-06 08:13:28 : <INFO> [SslCert] ALPN: None 2019-10-06 08:13:28 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 08:13:28 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 08:13:28 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 08:13:28 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-06 08:13:28 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-06 08:13:28 : <INFO> [IRIS] Failed 2019-10-06 08:13:34 : <INFO> [Button clicked] Scan 2019-10-06 08:13:34 : <INFO> [Scan] Started 2019-10-06 08:13:34 : <INFO> [Database] Downloading database 2019-10-06 08:13:35 : <INFO> [Database] Checking integrity 2019-10-06 08:13:35 : <INFO> [Database] Found 2586 families 2019-10-06 08:13:35 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-06 08:13:36 : <INFO> [Loading paths] Local paths loaded 2019-10-06 08:13:36 : <INFO> [Loading paths] Chrome paths loaded 2019-10-06 08:13:36 : <INFO> [Loading paths] User Keys loaded 2019-10-06 08:13:36 : <INFO> [Module initialized] "File" 2019-10-06 08:13:36 : <INFO> [Module initialized] "Folder" 2019-10-06 08:13:36 : <INFO> [Module initialized] "RegistryKey" 2019-10-06 08:13:36 : <INFO> [Module initialized] "RegistryValue" 2019-10-06 08:13:37 : <INFO> [Module initialized] "TaskName" 2019-10-06 08:13:37 : <INFO> [Module initialized] "Service" 2019-10-06 08:13:37 : <INFO> [Module initialized] "Winlogon" 2019-10-06 08:14:26 : <INFO> [Module initialized] "URL" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegAppInit" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegClasses" 2019-10-06 08:14:26 : <INFO> [Module initialized] "DNS" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegGuid" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegOther" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegProductID" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegSoftware" 2019-10-06 08:14:26 : <INFO> [Module initialized] "RegStartup" 2019-10-06 08:14:26 : <INFO> [Module initialized] "WMI" 2019-10-06 08:14:26 : <INFO> [Module initialized] "ChromiumExt" 2019-10-06 08:14:26 : <INFO> [Module initialized] "FirefoxExt" 2019-10-06 08:14:26 : <INFO> [Module initialize] Scan Browser 2019-10-06 08:14:28 : <INFO> [Module initialize] Scan Browser FF 2019-10-06 08:14:28 : <INFO> [Module initialize] FF start pages loaded 2019-10-06 08:14:28 : <INFO> [Module initialize] FF search providers loaded 2019-10-06 08:14:28 : <INFO> [Module initialize] FF plugin list loaded 2019-10-06 08:14:28 : <INFO> [Scan] Exclusions loaded 2019-10-06 08:15:15 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-06 08:15:15 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-06 08:15:15 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-06 08:15:16 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-06 08:15:19 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-06 08:15:19 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-06 08:15:25 : <INFO> [Telemetry] Sending to Influx 2019-10-06 08:15:27 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-06 08:15:27 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-06 08:15:27 : <INFO> [SslCert] Locality Name () 2019-10-06 08:15:27 : <INFO> [SslCert] Organization () 2019-10-06 08:15:27 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-06 08:15:27 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-06 08:15:27 : <INFO> [SslCert] ALPN: Yes 2019-10-06 08:15:27 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 08:15:27 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 08:15:27 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 08:15:27 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-06 08:15:27 : <INFO> [Telemetry] Sending to DSE 2019-10-06 08:15:28 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 08:15:28 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 08:15:28 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-06 08:15:28 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-06 08:15:28 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-06 08:15:28 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-06 08:15:28 : <INFO> [SslCert] ALPN: Yes 2019-10-06 08:15:28 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 08:15:28 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 08:15:28 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 08:15:28 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-06 08:15:28 : <INFO> [Scan] Finished 2019-10-06 08:15:47 : <INFO> [Button clicked] Cancel 2019-10-06 08:15:55 : <INFO> [Button clicked] Quarantine menu item 2019-10-06 08:16:35 : <INFO> [Application] Closing AdwCleaner 2019-10-06 09:34:24 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-06 09:34:32 : <INFO> [MBInstaller] Checking Iris 2019-10-06 09:34:32 : <INFO> [IRIS] Making request 2019-10-06 09:34:32 : <INFO> [AdwUpgrade] Checking application updates 2019-10-06 09:34:32 : <INFO> [Telemetry] Sending hello 2019-10-06 09:34:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 09:34:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 09:34:33 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-06 09:34:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-06 09:34:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-06 09:34:33 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-06 09:34:33 : <INFO> [SslCert] ALPN: None 2019-10-06 09:34:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 09:34:33 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 09:34:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 09:34:33 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 09:34:33 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 09:34:33 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-06 09:34:33 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-06 09:34:33 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-06 09:34:33 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-06 09:34:33 : <INFO> [SslCert] ALPN: None 2019-10-06 09:34:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 09:34:33 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 09:34:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 09:34:33 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-06 09:34:33 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-06 09:34:33 : <INFO> [IRIS] Failed 2019-10-06 09:34:39 : <INFO> [Button clicked] Scan 2019-10-06 09:34:39 : <INFO> [Scan] Started 2019-10-06 09:34:40 : <INFO> [Database] Downloading database 2019-10-06 09:34:40 : <INFO> [Database] Checking integrity 2019-10-06 09:34:40 : <INFO> [Database] Found 2586 families 2019-10-06 09:34:40 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-06 09:34:41 : <INFO> [Loading paths] Local paths loaded 2019-10-06 09:34:41 : <INFO> [Loading paths] Chrome paths loaded 2019-10-06 09:34:41 : <INFO> [Loading paths] User Keys loaded 2019-10-06 09:34:41 : <INFO> [Module initialized] "File" 2019-10-06 09:34:41 : <INFO> [Module initialized] "Folder" 2019-10-06 09:34:41 : <INFO> [Module initialized] "RegistryKey" 2019-10-06 09:34:41 : <INFO> [Module initialized] "RegistryValue" 2019-10-06 09:34:43 : <INFO> [Module initialized] "TaskName" 2019-10-06 09:34:43 : <INFO> [Module initialized] "Service" 2019-10-06 09:34:43 : <INFO> [Module initialized] "Winlogon" 2019-10-06 09:35:26 : <INFO> [Module initialized] "URL" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegAppInit" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegClasses" 2019-10-06 09:35:26 : <INFO> [Module initialized] "DNS" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegGuid" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegOther" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegProductID" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegSoftware" 2019-10-06 09:35:26 : <INFO> [Module initialized] "RegStartup" 2019-10-06 09:35:26 : <INFO> [Module initialized] "WMI" 2019-10-06 09:35:26 : <INFO> [Module initialized] "ChromiumExt" 2019-10-06 09:35:26 : <INFO> [Module initialized] "FirefoxExt" 2019-10-06 09:35:26 : <INFO> [Module initialize] Scan Browser 2019-10-06 09:35:27 : <INFO> [Module initialize] Scan Browser FF 2019-10-06 09:35:27 : <INFO> [Module initialize] FF start pages loaded 2019-10-06 09:35:27 : <INFO> [Module initialize] FF search providers loaded 2019-10-06 09:35:27 : <INFO> [Module initialize] FF plugin list loaded 2019-10-06 09:35:27 : <INFO> [Scan] Exclusions loaded 2019-10-06 09:36:10 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-06 09:36:10 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-06 09:36:10 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-06 09:36:11 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-06 09:36:15 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-06 09:36:15 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-06 09:36:20 : <INFO> [Telemetry] Sending to Influx 2019-10-06 09:36:22 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-06 09:36:22 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-06 09:36:22 : <INFO> [SslCert] Locality Name () 2019-10-06 09:36:22 : <INFO> [SslCert] Organization () 2019-10-06 09:36:22 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-06 09:36:22 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-06 09:36:22 : <INFO> [SslCert] ALPN: Yes 2019-10-06 09:36:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 09:36:22 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 09:36:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 09:36:22 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-06 09:36:22 : <INFO> [Telemetry] Sending to DSE 2019-10-06 09:36:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-06 09:36:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-06 09:36:23 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-06 09:36:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-06 09:36:23 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-06 09:36:23 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-06 09:36:23 : <INFO> [SslCert] ALPN: Yes 2019-10-06 09:36:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-06 09:36:23 : <INFO> [SslCert] KXE: "ECDH" 2019-10-06 09:36:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-06 09:36:23 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-06 09:36:23 : <INFO> [Scan] Finished 2019-10-06 09:36:26 : <INFO> [Application] Closing AdwCleaner 2019-10-10 20:51:05 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-10 20:51:12 : <INFO> [MBInstaller] Checking Iris 2019-10-10 20:51:12 : <INFO> [IRIS] Making request 2019-10-10 20:51:13 : <INFO> [AdwUpgrade] Checking application updates 2019-10-10 20:51:13 : <INFO> [Telemetry] Sending hello 2019-10-10 20:51:14 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:51:14 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:51:14 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:51:14 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:51:14 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:51:14 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:51:14 : <INFO> [SslCert] ALPN: None 2019-10-10 20:51:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:51:14 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:51:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:51:14 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:51:14 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:51:14 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:51:14 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:51:14 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:51:14 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:51:14 : <INFO> [SslCert] ALPN: None 2019-10-10 20:51:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:51:14 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:51:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:51:14 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-10 20:51:14 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-10 20:51:14 : <INFO> [IRIS] Failed 2019-10-10 20:51:16 : <INFO> [Button clicked] Scan 2019-10-10 20:51:16 : <INFO> [Scan] Started 2019-10-10 20:51:16 : <INFO> [Database] Downloading database 2019-10-10 20:51:17 : <INFO> [Database] Checking integrity 2019-10-10 20:51:17 : <INFO> [Database] Found 2586 families 2019-10-10 20:51:17 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-10 20:51:18 : <INFO> [Loading paths] Local paths loaded 2019-10-10 20:51:18 : <INFO> [Loading paths] Chrome paths loaded 2019-10-10 20:51:18 : <INFO> [Loading paths] User Keys loaded 2019-10-10 20:51:18 : <INFO> [Module initialized] "File" 2019-10-10 20:51:18 : <INFO> [Module initialized] "Folder" 2019-10-10 20:51:18 : <INFO> [Module initialized] "RegistryKey" 2019-10-10 20:51:18 : <INFO> [Module initialized] "RegistryValue" 2019-10-10 20:51:19 : <INFO> [Module initialized] "TaskName" 2019-10-10 20:51:19 : <INFO> [Module initialized] "Service" 2019-10-10 20:51:19 : <INFO> [Module initialized] "Winlogon" 2019-10-10 20:51:53 : <INFO> [Module initialized] "URL" 2019-10-10 20:51:53 : <INFO> [Module initialized] "RegAppInit" 2019-10-10 20:51:53 : <INFO> [Module initialized] "RegClasses" 2019-10-10 20:51:53 : <INFO> [Module initialized] "DNS" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegGuid" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegOther" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegProductID" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegSoftware" 2019-10-10 20:51:54 : <INFO> [Module initialized] "RegStartup" 2019-10-10 20:51:54 : <INFO> [Module initialized] "WMI" 2019-10-10 20:51:54 : <INFO> [Module initialized] "ChromiumExt" 2019-10-10 20:51:54 : <INFO> [Module initialized] "FirefoxExt" 2019-10-10 20:51:54 : <INFO> [Module initialize] Scan Browser 2019-10-10 20:51:56 : <INFO> [Module initialize] Scan Browser FF 2019-10-10 20:51:56 : <INFO> [Module initialize] FF start pages loaded 2019-10-10 20:51:56 : <INFO> [Module initialize] FF search providers loaded 2019-10-10 20:51:56 : <INFO> [Module initialize] FF plugin list loaded 2019-10-10 20:51:56 : <INFO> [Scan] Exclusions loaded 2019-10-10 20:52:33 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-10 20:52:38 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-10 20:52:38 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:52:38 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> Code:
ATTFilter [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-10 20:52:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-10 20:52:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-10 20:52:48 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:52:50 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:52:50 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:52:50 : <INFO> [SslCert] Locality Name () 2019-10-10 20:52:50 : <INFO> [SslCert] Organization () 2019-10-10 20:52:50 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:52:50 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:52:50 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:52:50 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:52:50 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:52:50 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:52:50 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:52:50 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:52:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:52:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:52:51 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:52:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:52:51 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:52:51 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:52:51 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:52:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:52:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:52:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:52:51 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:52:51 : <INFO> [Scan] Finished 2019-10-10 20:53:04 : <INFO> [Button clicked] Next 2019-10-10 20:53:07 : <INFO> [Button clicked] Previous 2019-10-10 20:53:14 : <INFO> [Button clicked] Next 2019-10-10 20:53:16 : <INFO> [Button clicked] Clean & repair 2019-10-10 20:53:19 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-10 20:53:19 : <INFO> [Cleaning] Started 2019-10-10 20:53:19 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-10 20:53:19 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-10 20:53:19 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191010.225319" 2019-10-10 20:53:19 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-10 20:53:19 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-10 20:53:19 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-10 20:53:22 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-10 20:53:22 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:53:22 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:53:22 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:53:22 : <INFO> [SslCert] Locality Name () 2019-10-10 20:53:22 : <INFO> [SslCert] Organization () 2019-10-10 20:53:22 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:53:22 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:53:22 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:53:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:53:22 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:53:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:53:22 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:53:22 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:53:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:53:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:53:23 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:53:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:53:23 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:53:23 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:53:23 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:53:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:53:23 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:53:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:53:23 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:53:23 : <INFO> [Cleaning] Finished 2019-10-10 20:53:26 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-10 20:53:27 : <INFO> [Application] Closing AdwCleaner 2019-10-10 20:57:46 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-10 20:57:54 : <INFO> [MBInstaller] Checking Iris 2019-10-10 20:57:54 : <INFO> [IRIS] Making request 2019-10-10 20:57:55 : <INFO> [Telemetry] Sending hello 2019-10-10 20:57:55 : <INFO> [AdwUpgrade] Checking application updates 2019-10-10 20:57:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:57:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:57:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:57:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] ALPN: None 2019-10-10 20:57:56 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:57:56 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:57:56 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:57:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:57:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:57:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:57:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] ALPN: None 2019-10-10 20:57:56 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:57:56 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:57:56 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:57:56 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-10 20:57:56 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-10 20:57:56 : <INFO> [IRIS] Failed 2019-10-10 20:58:04 : <INFO> [Button clicked] Scan 2019-10-10 20:58:04 : <INFO> [Scan] Started 2019-10-10 20:58:04 : <INFO> [Database] Downloading database 2019-10-10 20:58:05 : <INFO> [Database] Checking integrity 2019-10-10 20:58:05 : <INFO> [Database] Found 2586 families 2019-10-10 20:58:05 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-10 20:58:06 : <INFO> [Loading paths] Local paths loaded 2019-10-10 20:58:07 : <INFO> [Loading paths] Chrome paths loaded 2019-10-10 20:58:07 : <INFO> [Loading paths] User Keys loaded 2019-10-10 20:58:07 : <INFO> [Module initialized] "File" 2019-10-10 20:58:07 : <INFO> [Module initialized] "Folder" 2019-10-10 20:58:07 : <INFO> [Module initialized] "RegistryKey" 2019-10-10 20:58:07 : <INFO> [Module initialized] "RegistryValue" 2019-10-10 20:58:08 : <INFO> [Module initialized] "TaskName" 2019-10-10 20:58:08 : <INFO> [Module initialized] "Service" 2019-10-10 20:58:08 : <INFO> [Module initialized] "Winlogon" 2019-10-10 20:58:49 : <INFO> [Module initialized] "URL" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegAppInit" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegClasses" 2019-10-10 20:58:49 : <INFO> [Module initialized] "DNS" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegGuid" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegOther" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegProductID" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegSoftware" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegStartup" 2019-10-10 20:58:49 : <INFO> [Module initialized] "WMI" 2019-10-10 20:58:49 : <INFO> [Module initialized] "ChromiumExt" 2019-10-10 20:58:49 : <INFO> [Module initialized] "FirefoxExt" 2019-10-10 20:58:49 : <INFO> [Module initialize] Scan Browser 2019-10-10 20:58:50 : <INFO> [Module initialize] Scan Browser FF 2019-10-10 20:58:50 : <INFO> [Module initialize] FF start pages loaded 2019-10-10 20:58:50 : <INFO> [Module initialize] FF search providers loaded 2019-10-10 20:58:50 : <INFO> [Module initialize] FF plugin list loaded 2019-10-10 20:58:50 : <INFO> [Scan] Exclusions loaded 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-10 20:59:46 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-10 20:59:46 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-10 20:59:52 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:59:53 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:59:53 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:59:53 : <INFO> [SslCert] Locality Name () 2019-10-10 20:59:53 : <INFO> [SslCert] Organization () 2019-10-10 20:59:53 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:59:53 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:59:53 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:59:53 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:59:53 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:59:53 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:59:53 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:59:53 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:59:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:59:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:59:54 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:59:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:59:54 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:59:54 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:59:54 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:59:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:59:54 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:59:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:59:54 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:59:54 : <INFO> [Scan] Finished 2019-10-10 20:59:59 : <INFO> [Button clicked] Open MB 2019-10-10 21:00:19 : <INFO> [Button clicked] Open MB 2019-10-10 21:01:08 : <INFO> [Application] Closing AdwCleaner 2019-10-11 06:32:34 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-11 06:32:43 : <INFO> [MBInstaller] Checking Iris 2019-10-11 06:32:43 : <INFO> [IRIS] Making request 2019-10-11 06:32:43 : <INFO> [Telemetry] Sending hello ication updates 2019-10-11 06:32:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:32:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:32:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-11 06:32:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] ALPN: None 2019-10-11 06:32:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:32:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:32:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:32:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:32:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:32:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-11 06:32:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] ALPN: None 2019-10-11 06:32:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:32:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:32:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:32:44 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-11 06:32:44 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-11 06:32:44 : <INFO> [IRIS] Failed 2019-10-11 06:32:45 : <INFO> [Button clicked] Scan 2019-10-11 06:32:45 : <INFO> [Scan] Started 2019-10-11 06:32:45 : <INFO> [Database] Downloading database 2019-10-11 06:32:47 : <INFO> [Database] Checking integrity 2019-10-11 06:32:47 : <INFO> [Database] Found 2586 families 2019-10-11 06:32:47 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-11 06:32:47 : <INFO> [Loading paths] Local paths loaded 2019-10-11 06:32:48 : <INFO> [Loading paths] Chrome paths loaded 2019-10-11 06:32:48 : <INFO> [Loading paths] User Keys loaded 2019-10-11 06:32:48 : <INFO> [Module initialized] "File" 2019-10-11 06:32:48 : <INFO> [Module initialized] "Folder" 2019-10-11 06:32:48 : <INFO> [Module initialized] "RegistryKey" 2019-10-11 06:32:48 : <INFO> [Module initialized] "RegistryValue" 2019-10-11 06:32:49 : <INFO> [Module initialized] "TaskName" 2019-10-11 06:32:49 : <INFO> [Module initialized] "Service" 2019-10-11 06:32:49 : <INFO> [Module initialized] "Winlogon" 2019-10-11 06:33:36 : <INFO> [Module initialized] "URL" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegAppInit" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegClasses" 2019-10-11 06:33:36 : <INFO> [Module initialized] "DNS" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegGuid" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegOther" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegProductID" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegSoftware" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegStartup" 2019-10-11 06:33:37 : <INFO> [Module initialized] "WMI" 2019-10-11 06:33:37 : <INFO> [Module initialized] "ChromiumExt" 2019-10-11 06:33:37 : <INFO> [Module initialized] "FirefoxExt" 2019-10-11 06:33:37 : <INFO> [Module initialize] Scan Browser 2019-10-11 06:33:38 : <INFO> [Module initialize] Scan Browser FF 2019-10-11 06:33:38 : <INFO> [Module initialize] FF start pages loaded 2019-10-11 06:33:38 : <INFO> [Module initialize] FF search providers loaded 2019-10-11 06:33:38 : <INFO> [Module initialize] FF plugin list loaded 2019-10-11 06:33:38 : <INFO> [Scan] Exclusions loaded 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-11 06:34:25 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-11 06:34:25 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-11 06:34:32 : <INFO> [Telemetry] Sending to Influx 2019-10-11 06:34:33 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-11 06:34:33 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-11 06:34:33 : <INFO> [SslCert] Locality Name () 2019-10-11 06:34:33 : <INFO> [SslCert] Organization () 2019-10-11 06:34:33 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-11 06:34:33 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-11 06:34:33 : <INFO> [SslCert] ALPN: Yes 2019-10-11 06:34:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:34:33 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:34:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:34:33 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-11 06:34:33 : <INFO> [Telemetry] Sending to DSE 2019-10-11 06:34:34 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:34:34 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:34:34 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-11 06:34:34 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-11 06:34:34 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-11 06:34:34 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-11 06:34:34 : <INFO> [SslCert] ALPN: Yes 2019-10-11 06:34:34 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:34:34 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:34:34 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:34:34 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-11 06:34:34 : <INFO> [Scan] Finished 2019-10-11 06:34:38 : <INFO> [Application] Closing AdwCleaner 2019-10-12 08:47:32 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-12 08:47:41 : <INFO> [MBInstaller] Checking Iris 2019-10-12 08:47:41 : <INFO> [IRIS] Making request 2019-10-12 08:47:42 : <INFO> [AdwUpgrade] Checking application updates 2019-10-12 08:47:42 : <INFO> [Telemetry] Sending hello 2019-10-12 08:47:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:47:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:47:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 08:47:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] ALPN: None 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:47:44 : <INFO> [SslCert] ALPN: None 2019-10-12 08:47:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:47:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:47:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:47:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:47:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:47:44 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-12 08:47:44 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 08:47:44 : <INFO> [IRIS] Failed 2019-10-12 08:47:46 : <INFO> [Button clicked] Scan 2019-10-12 08:47:46 : <INFO> [Scan] Started 2019-10-12 08:47:46 : <INFO> [Database] Downloading database 2019-10-12 08:47:47 : <INFO> [Database] Checking integrity 2019-10-12 08:47:47 : <INFO> [Database] Found 2586 families 2019-10-12 08:47:47 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-12 08:47:48 : <INFO> [Loading paths] Local paths loaded 2019-10-12 08:47:48 : <INFO> [Loading paths] Chrome paths loaded 2019-10-12 08:47:48 : <INFO> [Loading paths] User Keys loaded 2019-10-12 08:47:48 : <INFO> [Module initialized] "File" 2019-10-12 08:47:48 : <INFO> [Module initialized] "Folder" 2019-10-12 08:47:48 : <INFO> [Module initialized] "RegistryKey" 2019-10-12 08:47:48 : <INFO> [Module initialized] "RegistryValue" 2019-10-12 08:47:49 : <INFO> [Module initialized] "TaskName" 2019-10-12 08:47:49 : <INFO> [Module initialized] "Service" 2019-10-12 08:47:49 : <INFO> [Module initialized] "Winlogon" 2019-10-12 08:48:25 : <INFO> [Module initialized] "URL" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegAppInit" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegClasses" 2019-10-12 08:48:25 : <INFO> [Module initialized] "DNS" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegGuid" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegOther" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegProductID" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegSoftware" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegStartup" 2019-10-12 08:48:25 : <INFO> [Module initialized] "WMI" 2019-10-12 08:48:25 : <INFO> [Module initialized] "ChromiumExt" 2019-10-12 08:48:25 : <INFO> [Module initialized] "FirefoxExt" 2019-10-12 08:48:25 : <INFO> [Module initialize] Scan Browser 2019-10-12 08:48:27 : <INFO> [Module initialize] Scan Browser FF 2019-10-12 08:48:27 : <INFO> [Module initialize] FF start pages loaded 2019-10-12 08:48:27 : <INFO> [Module initialize] FF search providers loaded 2019-10-12 08:48:27 : <INFO> [Module initialize] FF plugin list loaded 2019-10-12 08:48:27 : <INFO> [Scan] Exclusions loaded 2019-10-12 08:49:03 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-12 08:49:13 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-12 08:49:13 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-12 08:49:20 : <INFO> [Telemetry] Sending to Influx 2019-10-12 08:49:22 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-12 08:49:22 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-12 08:49:22 : <INFO> [SslCert] Locality Name () 2019-10-12 08:49:22 : <INFO> [SslCert] Organization () 2019-10-12 08:49:22 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-12 08:49:22 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-12 08:49:22 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:22 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:22 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-12 08:49:22 : <INFO> [Telemetry] Sending to DSE 2019-10-12 08:49:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:49:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:49:23 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-12 08:49:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-12 08:49:23 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-12 08:49:23 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-12 08:49:23 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:23 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:23 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-12 08:49:23 : <INFO> [Scan] Finished 2019-10-12 08:49:31 : <INFO> [Button clicked] Next 2019-10-12 08:49:32 : <INFO> [Button clicked] Clean & repair 2019-10-12 08:49:35 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-12 08:49:35 : <INFO> [Cleaning] Started 2019-10-12 08:49:35 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-12 08:49:35 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-12 08:49:35 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191012.104935" 2019-10-12 08:49:35 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:35 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:35 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-12 08:49:38 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-12 08:49:38 : <INFO> [Telemetry] Sending to Influx 2019-10-12 08:49:38 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-12 08:49:38 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-12 08:49:38 : <INFO> [SslCert] Locality Name () 2019-10-12 08:49:38 : <INFO> [SslCert] Organization () 2019-10-12 08:49:38 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-12 08:49:38 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-12 08:49:38 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:38 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:38 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:38 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:38 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-12 08:49:38 : <INFO> [Telemetry] Sending to DSE 2019-10-12 08:49:39 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:49:39 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:49:39 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-12 08:49:39 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-12 08:49:39 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-12 08:49:39 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-12 08:49:39 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:39 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:39 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:39 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:39 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-12 08:49:39 : <INFO> [Cleaning] Finished 2019-10-12 08:49:43 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-12 08:49:44 : <INFO> [Application] Closing AdwCleaner 2019-10-12 10:29:40 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-12 10:29:53 : <INFO> [MBInstaller] Checking Iris 2019-10-12 10:29:53 : <INFO> [IRIS] Making request 2019-10-12 10:29:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:55 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:55 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 10:29:55 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 10:29:55 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:55 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 10:29:55 : <INFO> [SslCert] ALPN: None 2019-10-12 10:29:55 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:55 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 10:29:55 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:55 : <INFO> [MBBanner] Checking Iris 2019-10-12 10:29:55 : <INFO> [IRIS] Making request 2019-10-12 10:29:55 : <INFO> [AdwUpgrade] Checking application updates 2019-10-12 10:29:55 : <INFO> [Telemetry] Sending hello 2019-10-12 10:29:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:56 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 10:29:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 10:29:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 10:29:56 : <INFO> [SslCert] Locality Name ("Santa Clara") o Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") kt 6 12:00:00 2020 GMT" 2019-10-12 10:29:56 : <INFO> [SslCert] ALPN: None EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:57 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 10:29:57 : <INFO> [SslCert] ALPN: None 2019-10-12 10:29:57 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:57 : <INFO> [SslCert] KXE: "ECDH" HE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:57 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:57 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-12 10:29:57 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:57 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 10:29:57 : <INFO> [IRIS] Failed 2019-10-12 10:30:11 : <INFO> [Application] Closing AdwCleaner 2019-10-15 14:12:52 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 14:13:03 : <INFO> [MBInstaller] Checking Iris 2019-10-15 14:13:03 : <INFO> [IRIS] Making request 2019-10-15 14:13:04 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 14:13:04 : <INFO> [Telemetry] Sending hello 2019-10-15 14:13:05 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:13:05 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:13:05 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 14:13:05 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] ALPN: None 2019-10-15 14:13:05 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:13:05 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:13:05 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:13:05 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:13:05 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:13:05 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 14:13:05 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] ALPN: None 2019-10-15 14:13:05 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:13:05 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:13:05 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:13:05 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 14:13:05 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 14:13:05 : <INFO> [IRIS] Failed 2019-10-15 14:13:07 : <INFO> [Button clicked] Scan 2019-10-15 14:13:07 : <INFO> [Scan] Started 2019-10-15 14:13:07 : <INFO> [Database] Downloading database 2019-10-15 14:13:08 : <INFO> [Database] Checking integrity 2019-10-15 14:13:08 : <INFO> [Database] Found 2586 families 2019-10-15 14:13:08 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 14:13:10 : <INFO> [Loading paths] Local paths loaded 2019-10-15 14:13:10 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 14:13:10 : <INFO> [Loading paths] User Keys loaded 2019-10-15 14:13:10 : <INFO> [Module initialized] "File" 2019-10-15 14:13:10 : <INFO> [Module initialized] "Folder" 2019-10-15 14:13:10 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 14:13:10 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 14:13:11 : <INFO> [Module initialized] "TaskName" 2019-10-15 14:13:12 : <INFO> [Module initialized] "Service" 2019-10-15 14:13:12 : <INFO> [Module initialized] "Winlogon" 2019-10-15 14:14:33 : <INFO> [Module initialized] "URL" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegClasses" 2019-10-15 14:14:33 : <INFO> [Module initialized] "DNS" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegGuid" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegOther" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegProductID" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegStartup" 2019-10-15 14:14:34 : <INFO> [Module initialized] "WMI" 2019-10-15 14:14:34 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 14:14:34 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 14:14:34 : <INFO> [Module initialize] Scan Browser 2019-10-15 14:14:41 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 14:14:41 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 14:14:41 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 14:14:41 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 14:14:41 : <INFO> [Scan] Exclusions loaded 2019-10-15 14:15:53 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 14:16:05 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 14:16:05 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 14:16:11 : <INFO> [Telemetry] Sending to Influx 2019-10-15 14:16:14 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 14:16:14 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 14:16:14 : <INFO> [SslCert] Locality Name () 2019-10-15 14:16:14 : <INFO> [SslCert] Organization () 2019-10-15 14:16:14 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 14:16:14 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 14:16:14 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:14 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:14 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 14:16:14 : <INFO> [Telemetry] Sending to DSE 2019-10-15 14:16:15 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:16:15 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:16:15 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 14:16:15 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 14:16:15 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 14:16:15 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 14:16:15 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:15 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:15 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:15 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:15 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 14:16:15 : <INFO> [Scan] Finished 2019-10-15 14:16:23 : <INFO> [Button clicked] Log files menu item 2019-10-15 14:16:35 : <INFO> [Button clicked] Dashboard menu item 2019-10-15 14:16:38 : <INFO> [Button clicked] Next 2019-10-15 14:16:40 : <INFO> [Button clicked] Clean & repair 2019-10-15 14:16:42 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-15 14:16:42 : <INFO> [Cleaning] Started 2019-10-15 14:16:42 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-15 14:16:42 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-15 14:16:42 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191015.161642" 2019-10-15 14:16:42 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:42 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:42 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-15 14:16:52 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-15 14:16:52 : <INFO> [Telemetry] Sending to Influx 2019-10-15 14:16:52 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 14:16:52 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 14:16:52 : <INFO> [SslCert] Locality Name () 2019-10-15 14:16:52 : <INFO> [SslCert] Organization () 2019-10-15 14:16:52 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 14:16:52 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 14:16:52 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:52 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:52 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:52 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:52 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 14:16:52 : <INFO> [Telemetry] Sending to DSE 2019-10-15 14:16:53 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:16:53 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:16:53 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 14:16:53 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 14:16:53 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 14:16:53 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 14:16:53 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:53 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:53 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:53 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:53 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 14:16:53 : <INFO> [Cleaning] Finished 2019-10-15 14:17:00 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-15 14:17:02 : <INFO> [Application] Closing AdwCleaner 2019-10-15 21:37:05 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 21:37:15 : <INFO> [MBInstaller] Checking Iris 2019-10-15 21:37:15 : <INFO> [IRIS] Making request 2019-10-15 21:37:16 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 21:37:16 : <INFO> [Telemetry] Sending hello 2019-10-15 21:37:17 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:37:17 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:37:17 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:37:17 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] ALPN: None 2019-10-15 21:37:17 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:37:17 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:37:17 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:37:17 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:37:17 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:37:17 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:37:17 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] ALPN: None 2019-10-15 21:37:17 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:37:17 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:37:17 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:37:17 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 21:37:17 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 21:37:17 : <INFO> [IRIS] Failed 2019-10-15 21:37:18 : <INFO> [Button clicked] Scan 2019-10-15 21:37:18 : <INFO> [Scan] Started 2019-10-15 21:37:18 : <INFO> [Database] Downloading database 2019-10-15 21:37:19 : <INFO> [Database] Checking integrity 2019-10-15 21:37:19 : <INFO> [Database] Found 2586 families 2019-10-15 21:37:19 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 21:37:21 : <INFO> [Loading paths] Local paths loaded 2019-10-15 21:37:21 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 21:37:21 : <INFO> [Loading paths] User Keys loaded 2019-10-15 21:37:21 : <INFO> [Module initialized] "File" 2019-10-15 21:37:21 : <INFO> [Module initialized] "Folder" 2019-10-15 21:37:21 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 21:37:21 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 21:37:22 : <INFO> [Module initialized] "TaskName" 2019-10-15 21:37:23 : <INFO> [Module initialized] "Service" 2019-10-15 21:37:23 : <INFO> [Module initialized] "Winlogon" 2019-10-15 21:38:14 : <INFO> [Module initialized] "URL" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegClasses" 2019-10-15 21:38:14 : <INFO> [Module initialized] "DNS" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegGuid" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegOther" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegProductID" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegStartup" 2019-10-15 21:38:14 : <INFO> [Module initialized] "WMI" 2019-10-15 21:38:14 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 21:38:14 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 21:38:14 : <INFO> [Module initialize] Scan Browser 2019-10-15 21:38:17 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 21:38:17 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 21:38:17 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 21:38:17 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 21:38:17 : <INFO> [Scan] Exclusions loaded 2019-10-15 21:38:58 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 21:39:09 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 21:39:09 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 21:39:16 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:39:18 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:39:18 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:39:18 : <INFO> [SslCert] Locality Name () 2019-10-15 21:39:18 : <INFO> [SslCert] Organization () 2019-10-15 21:39:18 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:39:18 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:39:18 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:18 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:18 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:18 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:18 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:39:18 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:39:19 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:39:19 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:39:19 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:39:19 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:39:19 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:39:19 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:39:19 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:19 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:19 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:19 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:19 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 21:39:19 : <INFO> [Scan] Finished 2019-10-15 21:39:24 : <INFO> [Button clicked] Next 2019-10-15 21:39:26 : <INFO> [Button clicked] Clean & repair 2019-10-15 21:39:28 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-15 21:39:28 : <INFO> [Cleaning] Started 2019-10-15 21:39:28 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-15 21:39:28 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-15 21:39:28 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191015.233928" 2019-10-15 21:39:28 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:28 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:28 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-15 21:39:36 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-15 21:39:36 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:39:36 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:39:36 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:39:36 : <INFO> [SslCert] Locality Name () 2019-10-15 21:39:36 : <INFO> [SslCert] Organization () 2019-10-15 21:39:36 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:39:36 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:39:36 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:36 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:36 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:36 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:36 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:39:36 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:39:37 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:39:37 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:39:37 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:39:37 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:39:37 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:39:37 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:39:37 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:37 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:37 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:37 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:37 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 21:39:37 : <INFO> [Cleaning] Finished 2019-10-15 21:39:45 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-15 21:39:47 : <INFO> [Application] Closing AdwCleaner 2019-10-15 21:43:41 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 21:43:49 : <INFO> [MBInstaller] Checking Iris 2019-10-15 21:43:49 : <INFO> [IRIS] Making request 2019-10-15 21:43:50 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 21:43:50 : <INFO> [Telemetry] Sending hello 2019-10-15 21:43:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:43:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:43:51 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:43:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:43:51 : <INFO> [SslCert] ALPN: None 2019-10-15 21:43:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:43:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:43:51 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:43:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:43:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:43:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] ALPN: None 2019-10-15 21:43:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:43:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:43:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:43:51 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 21:43:51 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 21:43:51 : <INFO> [IRIS] Failed 2019-10-15 21:43:52 : <INFO> [Button clicked] Scan 2019-10-15 21:43:52 : <INFO> [Scan] Started 2019-10-15 21:43:52 : <INFO> [Database] Downloading database 2019-10-15 21:43:53 : <INFO> [Database] Checking integrity 2019-10-15 21:43:53 : <INFO> [Database] Found 2586 families 2019-10-15 21:43:53 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 21:43:54 : <INFO> [Loading paths] Local paths loaded 2019-10-15 21:43:54 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 21:43:54 : <INFO> [Loading paths] User Keys loaded 2019-10-15 21:43:54 : <INFO> [Module initialized] "File" 2019-10-15 21:43:54 : <INFO> [Module initialized] "Folder" 2019-10-15 21:43:54 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 21:43:54 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 21:43:55 : <INFO> [Module initialized] "TaskName" 2019-10-15 21:43:56 : <INFO> [Module initialized] "Service" 2019-10-15 21:43:56 : <INFO> [Module initialized] "Winlogon" 2019-10-15 21:44:37 : <INFO> [Module initialized] "URL" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegClasses" 2019-10-15 21:44:37 : <INFO> [Module initialized] "DNS" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegGuid" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegOther" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegProductID" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegStartup" 2019-10-15 21:44:37 : <INFO> [Module initialized] "WMI" 2019-10-15 21:44:37 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 21:44:37 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 21:44:37 : <INFO> [Module initialize] Scan Browser 2019-10-15 21:44:39 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 21:44:39 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 21:44:39 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 21:44:39 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 21:44:39 : <INFO> [Scan] Exclusions loaded 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 21:45:35 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 21:45:35 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 21:45:41 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:45:43 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:45:43 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:45:43 : <INFO> [SslCert] Locality Name () 2019-10-15 21:45:43 : <INFO> [SslCert] Organization () 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:45:43 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:45:43 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:45:43 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:45:43 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:45:43 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:45:43 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:45:43 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:45:43 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:45:43 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:45:43 : <INFO> |
16.10.2019, 22:58 | #5 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtCode:
ATTFilter [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:52:39 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-10 20:52:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-10 20:52:43 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-10 20:52:48 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:52:50 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:52:50 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:52:50 : <INFO> [SslCert] Locality Name () 2019-10-10 20:52:50 : <INFO> [SslCert] Organization () 2019-10-10 20:52:50 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:52:50 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:52:50 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:52:50 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:52:50 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:52:50 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:52:50 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:52:50 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:52:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:52:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:52:51 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:52:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:52:51 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:52:51 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:52:51 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:52:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:52:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:52:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:52:51 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:52:51 : <INFO> [Scan] Finished 2019-10-10 20:53:04 : <INFO> [Button clicked] Next 2019-10-10 20:53:07 : <INFO> [Button clicked] Previous 2019-10-10 20:53:14 : <INFO> [Button clicked] Next 2019-10-10 20:53:16 : <INFO> [Button clicked] Clean & repair 2019-10-10 20:53:19 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-10 20:53:19 : <INFO> [Cleaning] Started 2019-10-10 20:53:19 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-10 20:53:19 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-10 20:53:19 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191010.225319" 2019-10-10 20:53:19 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-10 20:53:19 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-10 20:53:19 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-10 20:53:22 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-10 20:53:22 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:53:22 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:53:22 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:53:22 : <INFO> [SslCert] Locality Name () 2019-10-10 20:53:22 : <INFO> [SslCert] Organization () 2019-10-10 20:53:22 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:53:22 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:53:22 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:53:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:53:22 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:53:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:53:22 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:53:22 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:53:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:53:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:53:23 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:53:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:53:23 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:53:23 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:53:23 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:53:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:53:23 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:53:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:53:23 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:53:23 : <INFO> [Cleaning] Finished 2019-10-10 20:53:26 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-10 20:53:27 : <INFO> [Application] Closing AdwCleaner 2019-10-10 20:57:46 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-10 20:57:54 : <INFO> [MBInstaller] Checking Iris 2019-10-10 20:57:54 : <INFO> [IRIS] Making request 2019-10-10 20:57:55 : <INFO> [Telemetry] Sending hello 2019-10-10 20:57:55 : <INFO> [AdwUpgrade] Checking application updates 2019-10-10 20:57:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:57:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:57:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:57:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] ALPN: None 2019-10-10 20:57:56 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:57:56 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:57:56 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:57:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:57:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:57:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-10 20:57:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-10 20:57:56 : <INFO> [SslCert] ALPN: None 2019-10-10 20:57:56 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:57:56 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:57:56 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:57:56 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-10 20:57:56 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-10 20:57:56 : <INFO> [IRIS] Failed 2019-10-10 20:58:04 : <INFO> [Button clicked] Scan 2019-10-10 20:58:04 : <INFO> [Scan] Started 2019-10-10 20:58:04 : <INFO> [Database] Downloading database 2019-10-10 20:58:05 : <INFO> [Database] Checking integrity 2019-10-10 20:58:05 : <INFO> [Database] Found 2586 families 2019-10-10 20:58:05 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-10 20:58:06 : <INFO> [Loading paths] Local paths loaded 2019-10-10 20:58:07 : <INFO> [Loading paths] Chrome paths loaded 2019-10-10 20:58:07 : <INFO> [Loading paths] User Keys loaded 2019-10-10 20:58:07 : <INFO> [Module initialized] "File" 2019-10-10 20:58:07 : <INFO> [Module initialized] "Folder" 2019-10-10 20:58:07 : <INFO> [Module initialized] "RegistryKey" 2019-10-10 20:58:07 : <INFO> [Module initialized] "RegistryValue" 2019-10-10 20:58:08 : <INFO> [Module initialized] "TaskName" 2019-10-10 20:58:08 : <INFO> [Module initialized] "Service" 2019-10-10 20:58:08 : <INFO> [Module initialized] "Winlogon" 2019-10-10 20:58:49 : <INFO> [Module initialized] "URL" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegAppInit" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegClasses" 2019-10-10 20:58:49 : <INFO> [Module initialized] "DNS" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegGuid" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegOther" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegProductID" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegSoftware" 2019-10-10 20:58:49 : <INFO> [Module initialized] "RegStartup" 2019-10-10 20:58:49 : <INFO> [Module initialized] "WMI" 2019-10-10 20:58:49 : <INFO> [Module initialized] "ChromiumExt" 2019-10-10 20:58:49 : <INFO> [Module initialized] "FirefoxExt" 2019-10-10 20:58:49 : <INFO> [Module initialize] Scan Browser 2019-10-10 20:58:50 : <INFO> [Module initialize] Scan Browser FF 2019-10-10 20:58:50 : <INFO> [Module initialize] FF start pages loaded 2019-10-10 20:58:50 : <INFO> [Module initialize] FF search providers loaded 2019-10-10 20:58:50 : <INFO> [Module initialize] FF plugin list loaded 2019-10-10 20:58:50 : <INFO> [Scan] Exclusions loaded 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:59:41 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-10 20:59:42 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-10 20:59:46 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-10 20:59:46 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-10 20:59:52 : <INFO> [Telemetry] Sending to Influx 2019-10-10 20:59:53 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-10 20:59:53 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-10 20:59:53 : <INFO> [SslCert] Locality Name () 2019-10-10 20:59:53 : <INFO> [SslCert] Organization () 2019-10-10 20:59:53 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-10 20:59:53 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-10 20:59:53 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:59:53 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:59:53 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:59:53 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:59:53 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-10 20:59:53 : <INFO> [Telemetry] Sending to DSE 2019-10-10 20:59:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-10 20:59:54 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-10 20:59:54 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-10 20:59:54 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-10 20:59:54 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-10 20:59:54 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-10 20:59:54 : <INFO> [SslCert] ALPN: Yes 2019-10-10 20:59:54 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-10 20:59:54 : <INFO> [SslCert] KXE: "ECDH" 2019-10-10 20:59:54 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-10 20:59:54 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-10 20:59:54 : <INFO> [Scan] Finished 2019-10-10 20:59:59 : <INFO> [Button clicked] Open MB 2019-10-10 21:00:19 : <INFO> [Button clicked] Open MB 2019-10-10 21:01:08 : <INFO> [Application] Closing AdwCleaner 2019-10-11 06:32:34 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-11 06:32:43 : <INFO> [MBInstaller] Checking Iris 2019-10-11 06:32:43 : <INFO> [IRIS] Making request 2019-10-11 06:32:43 : <INFO> [Telemetry] Sending hello ication updates 2019-10-11 06:32:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:32:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:32:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-11 06:32:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] ALPN: None 2019-10-11 06:32:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:32:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:32:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:32:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:32:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:32:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-11 06:32:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-11 06:32:44 : <INFO> [SslCert] ALPN: None 2019-10-11 06:32:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:32:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:32:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:32:44 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-11 06:32:44 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-11 06:32:44 : <INFO> [IRIS] Failed 2019-10-11 06:32:45 : <INFO> [Button clicked] Scan 2019-10-11 06:32:45 : <INFO> [Scan] Started 2019-10-11 06:32:45 : <INFO> [Database] Downloading database 2019-10-11 06:32:47 : <INFO> [Database] Checking integrity 2019-10-11 06:32:47 : <INFO> [Database] Found 2586 families 2019-10-11 06:32:47 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-11 06:32:47 : <INFO> [Loading paths] Local paths loaded 2019-10-11 06:32:48 : <INFO> [Loading paths] Chrome paths loaded 2019-10-11 06:32:48 : <INFO> [Loading paths] User Keys loaded 2019-10-11 06:32:48 : <INFO> [Module initialized] "File" 2019-10-11 06:32:48 : <INFO> [Module initialized] "Folder" 2019-10-11 06:32:48 : <INFO> [Module initialized] "RegistryKey" 2019-10-11 06:32:48 : <INFO> [Module initialized] "RegistryValue" 2019-10-11 06:32:49 : <INFO> [Module initialized] "TaskName" 2019-10-11 06:32:49 : <INFO> [Module initialized] "Service" 2019-10-11 06:32:49 : <INFO> [Module initialized] "Winlogon" 2019-10-11 06:33:36 : <INFO> [Module initialized] "URL" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegAppInit" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegClasses" 2019-10-11 06:33:36 : <INFO> [Module initialized] "DNS" 2019-10-11 06:33:36 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegGuid" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegOther" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegProductID" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegSoftware" 2019-10-11 06:33:37 : <INFO> [Module initialized] "RegStartup" 2019-10-11 06:33:37 : <INFO> [Module initialized] "WMI" 2019-10-11 06:33:37 : <INFO> [Module initialized] "ChromiumExt" 2019-10-11 06:33:37 : <INFO> [Module initialized] "FirefoxExt" 2019-10-11 06:33:37 : <INFO> [Module initialize] Scan Browser 2019-10-11 06:33:38 : <INFO> [Module initialize] Scan Browser FF 2019-10-11 06:33:38 : <INFO> [Module initialize] FF start pages loaded 2019-10-11 06:33:38 : <INFO> [Module initialize] FF search providers loaded 2019-10-11 06:33:38 : <INFO> [Module initialize] FF plugin list loaded 2019-10-11 06:33:38 : <INFO> [Scan] Exclusions loaded 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-11 06:34:21 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-11 06:34:22 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-11 06:34:25 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-11 06:34:25 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-11 06:34:32 : <INFO> [Telemetry] Sending to Influx 2019-10-11 06:34:33 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-11 06:34:33 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-11 06:34:33 : <INFO> [SslCert] Locality Name () 2019-10-11 06:34:33 : <INFO> [SslCert] Organization () 2019-10-11 06:34:33 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-11 06:34:33 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-11 06:34:33 : <INFO> [SslCert] ALPN: Yes 2019-10-11 06:34:33 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:34:33 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:34:33 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:34:33 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-11 06:34:33 : <INFO> [Telemetry] Sending to DSE 2019-10-11 06:34:34 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-11 06:34:34 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-11 06:34:34 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-11 06:34:34 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-11 06:34:34 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-11 06:34:34 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-11 06:34:34 : <INFO> [SslCert] ALPN: Yes 2019-10-11 06:34:34 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-11 06:34:34 : <INFO> [SslCert] KXE: "ECDH" 2019-10-11 06:34:34 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-11 06:34:34 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-11 06:34:34 : <INFO> [Scan] Finished 2019-10-11 06:34:38 : <INFO> [Application] Closing AdwCleaner 2019-10-12 08:47:32 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-12 08:47:41 : <INFO> [MBInstaller] Checking Iris 2019-10-12 08:47:41 : <INFO> [IRIS] Making request 2019-10-12 08:47:42 : <INFO> [AdwUpgrade] Checking application updates 2019-10-12 08:47:42 : <INFO> [Telemetry] Sending hello 2019-10-12 08:47:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:47:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 08:47:44 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:47:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 08:47:44 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] ALPN: None 2019-10-12 08:47:44 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 08:47:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:47:44 : <INFO> [SslCert] ALPN: None 2019-10-12 08:47:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:47:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:47:44 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:47:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:47:44 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:47:44 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-12 08:47:44 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 08:47:44 : <INFO> [IRIS] Failed 2019-10-12 08:47:46 : <INFO> [Button clicked] Scan 2019-10-12 08:47:46 : <INFO> [Scan] Started 2019-10-12 08:47:46 : <INFO> [Database] Downloading database 2019-10-12 08:47:47 : <INFO> [Database] Checking integrity 2019-10-12 08:47:47 : <INFO> [Database] Found 2586 families 2019-10-12 08:47:47 : <INFO> [Database] Database v "2019-10-03.2" 2019-10-12 08:47:48 : <INFO> [Loading paths] Local paths loaded 2019-10-12 08:47:48 : <INFO> [Loading paths] Chrome paths loaded 2019-10-12 08:47:48 : <INFO> [Loading paths] User Keys loaded 2019-10-12 08:47:48 : <INFO> [Module initialized] "File" 2019-10-12 08:47:48 : <INFO> [Module initialized] "Folder" 2019-10-12 08:47:48 : <INFO> [Module initialized] "RegistryKey" 2019-10-12 08:47:48 : <INFO> [Module initialized] "RegistryValue" 2019-10-12 08:47:49 : <INFO> [Module initialized] "TaskName" 2019-10-12 08:47:49 : <INFO> [Module initialized] "Service" 2019-10-12 08:47:49 : <INFO> [Module initialized] "Winlogon" 2019-10-12 08:48:25 : <INFO> [Module initialized] "URL" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegAppInit" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegClasses" 2019-10-12 08:48:25 : <INFO> [Module initialized] "DNS" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegGuid" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegOther" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegProductID" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegSoftware" 2019-10-12 08:48:25 : <INFO> [Module initialized] "RegStartup" 2019-10-12 08:48:25 : <INFO> [Module initialized] "WMI" 2019-10-12 08:48:25 : <INFO> [Module initialized] "ChromiumExt" 2019-10-12 08:48:25 : <INFO> [Module initialized] "FirefoxExt" 2019-10-12 08:48:25 : <INFO> [Module initialize] Scan Browser 2019-10-12 08:48:27 : <INFO> [Module initialize] Scan Browser FF 2019-10-12 08:48:27 : <INFO> [Module initialize] FF start pages loaded 2019-10-12 08:48:27 : <INFO> [Module initialize] FF search providers loaded 2019-10-12 08:48:27 : <INFO> [Module initialize] FF plugin list loaded 2019-10-12 08:48:27 : <INFO> [Scan] Exclusions loaded 2019-10-12 08:49:03 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-12 08:49:09 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-12 08:49:10 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-12 08:49:13 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-12 08:49:13 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-12 08:49:20 : <INFO> [Telemetry] Sending to Influx 2019-10-12 08:49:22 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-12 08:49:22 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-12 08:49:22 : <INFO> [SslCert] Locality Name () 2019-10-12 08:49:22 : <INFO> [SslCert] Organization () 2019-10-12 08:49:22 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-12 08:49:22 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-12 08:49:22 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:22 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:22 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:22 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:22 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-12 08:49:22 : <INFO> [Telemetry] Sending to DSE 2019-10-12 08:49:23 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:49:23 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:49:23 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-12 08:49:23 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-12 08:49:23 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-12 08:49:23 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-12 08:49:23 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:23 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:23 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:23 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:23 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-12 08:49:23 : <INFO> [Scan] Finished 2019-10-12 08:49:31 : <INFO> [Button clicked] Next 2019-10-12 08:49:32 : <INFO> [Button clicked] Clean & repair 2019-10-12 08:49:35 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-12 08:49:35 : <INFO> [Cleaning] Started 2019-10-12 08:49:35 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-12 08:49:35 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-12 08:49:35 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191012.104935" 2019-10-12 08:49:35 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:35 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-12 08:49:35 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-12 08:49:38 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-12 08:49:38 : <INFO> [Telemetry] Sending to Influx 2019-10-12 08:49:38 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-12 08:49:38 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-12 08:49:38 : <INFO> [SslCert] Locality Name () 2019-10-12 08:49:38 : <INFO> [SslCert] Organization () 2019-10-12 08:49:38 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-12 08:49:38 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-12 08:49:38 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:38 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:38 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:38 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:38 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-12 08:49:38 : <INFO> [Telemetry] Sending to DSE 2019-10-12 08:49:39 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 08:49:39 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 08:49:39 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-12 08:49:39 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-12 08:49:39 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-12 08:49:39 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-12 08:49:39 : <INFO> [SslCert] ALPN: Yes 2019-10-12 08:49:39 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 08:49:39 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 08:49:39 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 08:49:39 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-12 08:49:39 : <INFO> [Cleaning] Finished 2019-10-12 08:49:43 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-12 08:49:44 : <INFO> [Application] Closing AdwCleaner 2019-10-12 10:29:40 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-12 10:29:53 : <INFO> [MBInstaller] Checking Iris 2019-10-12 10:29:53 : <INFO> [IRIS] Making request 2019-10-12 10:29:54 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:55 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:55 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 10:29:55 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 10:29:55 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:55 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 10:29:55 : <INFO> [SslCert] ALPN: None 2019-10-12 10:29:55 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:55 : <INFO> [SslCert] KXE: "ECDH" 2019-10-12 10:29:55 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:55 : <INFO> [MBBanner] Checking Iris 2019-10-12 10:29:55 : <INFO> [IRIS] Making request 2019-10-12 10:29:55 : <INFO> [AdwUpgrade] Checking application updates 2019-10-12 10:29:55 : <INFO> [Telemetry] Sending hello 2019-10-12 10:29:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:56 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-12 10:29:56 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 10:29:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:56 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-12 10:29:56 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-12 10:29:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-12 10:29:56 : <INFO> [SslCert] Locality Name ("Santa Clara") o Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:56 : <INFO> [SslCert] Organization ("Malwarebytes Inc") kt 6 12:00:00 2020 GMT" 2019-10-12 10:29:56 : <INFO> [SslCert] ALPN: None EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-12 10:29:57 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-12 10:29:57 : <INFO> [SslCert] ALPN: None 2019-10-12 10:29:57 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:57 : <INFO> [SslCert] KXE: "ECDH" HE-RSA-AES256-GCM-SHA384" 2019-10-12 10:29:57 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:57 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-12 10:29:57 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-12 10:29:57 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-12 10:29:57 : <INFO> [IRIS] Failed 2019-10-12 10:30:11 : <INFO> [Application] Closing AdwCleaner 2019-10-15 14:12:52 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 14:13:03 : <INFO> [MBInstaller] Checking Iris 2019-10-15 14:13:03 : <INFO> [IRIS] Making request 2019-10-15 14:13:04 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 14:13:04 : <INFO> [Telemetry] Sending hello 2019-10-15 14:13:05 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:13:05 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:13:05 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 14:13:05 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] ALPN: None 2019-10-15 14:13:05 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:13:05 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:13:05 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:13:05 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:13:05 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:13:05 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 14:13:05 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 14:13:05 : <INFO> [SslCert] ALPN: None 2019-10-15 14:13:05 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:13:05 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:13:05 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:13:05 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 14:13:05 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 14:13:05 : <INFO> [IRIS] Failed 2019-10-15 14:13:07 : <INFO> [Button clicked] Scan 2019-10-15 14:13:07 : <INFO> [Scan] Started 2019-10-15 14:13:07 : <INFO> [Database] Downloading database 2019-10-15 14:13:08 : <INFO> [Database] Checking integrity 2019-10-15 14:13:08 : <INFO> [Database] Found 2586 families 2019-10-15 14:13:08 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 14:13:10 : <INFO> [Loading paths] Local paths loaded 2019-10-15 14:13:10 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 14:13:10 : <INFO> [Loading paths] User Keys loaded 2019-10-15 14:13:10 : <INFO> [Module initialized] "File" 2019-10-15 14:13:10 : <INFO> [Module initialized] "Folder" 2019-10-15 14:13:10 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 14:13:10 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 14:13:11 : <INFO> [Module initialized] "TaskName" 2019-10-15 14:13:12 : <INFO> [Module initialized] "Service" 2019-10-15 14:13:12 : <INFO> [Module initialized] "Winlogon" 2019-10-15 14:14:33 : <INFO> [Module initialized] "URL" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegClasses" 2019-10-15 14:14:33 : <INFO> [Module initialized] "DNS" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegGuid" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegOther" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegProductID" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 14:14:33 : <INFO> [Module initialized] "RegStartup" 2019-10-15 14:14:34 : <INFO> [Module initialized] "WMI" 2019-10-15 14:14:34 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 14:14:34 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 14:14:34 : <INFO> [Module initialize] Scan Browser 2019-10-15 14:14:41 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 14:14:41 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 14:14:41 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 14:14:41 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 14:14:41 : <INFO> [Scan] Exclusions loaded 2019-10-15 14:15:53 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 14:16:00 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 14:16:01 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 14:16:05 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 14:16:05 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 14:16:11 : <INFO> [Telemetry] Sending to Influx 2019-10-15 14:16:14 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 14:16:14 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 14:16:14 : <INFO> [SslCert] Locality Name () 2019-10-15 14:16:14 : <INFO> [SslCert] Organization () 2019-10-15 14:16:14 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 14:16:14 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 14:16:14 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:14 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:14 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:14 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:14 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 14:16:14 : <INFO> [Telemetry] Sending to DSE 2019-10-15 14:16:15 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:16:15 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:16:15 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 14:16:15 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 14:16:15 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 14:16:15 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 14:16:15 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:15 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:15 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:15 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:15 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 14:16:15 : <INFO> [Scan] Finished 2019-10-15 14:16:23 : <INFO> [Button clicked] Log files menu item 2019-10-15 14:16:35 : <INFO> [Button clicked] Dashboard menu item 2019-10-15 14:16:38 : <INFO> [Button clicked] Next 2019-10-15 14:16:40 : <INFO> [Button clicked] Clean & repair 2019-10-15 14:16:42 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-15 14:16:42 : <INFO> [Cleaning] Started 2019-10-15 14:16:42 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-15 14:16:42 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-15 14:16:42 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191015.161642" 2019-10-15 14:16:42 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:42 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 14:16:42 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-15 14:16:52 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-15 14:16:52 : <INFO> [Telemetry] Sending to Influx 2019-10-15 14:16:52 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 14:16:52 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 14:16:52 : <INFO> [SslCert] Locality Name () 2019-10-15 14:16:52 : <INFO> [SslCert] Organization () 2019-10-15 14:16:52 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 14:16:52 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 14:16:52 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:52 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:52 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:52 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:52 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 14:16:52 : <INFO> [Telemetry] Sending to DSE 2019-10-15 14:16:53 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 14:16:53 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 14:16:53 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 14:16:53 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 14:16:53 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 14:16:53 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 14:16:53 : <INFO> [SslCert] ALPN: Yes 2019-10-15 14:16:53 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 14:16:53 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 14:16:53 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 14:16:53 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 14:16:53 : <INFO> [Cleaning] Finished 2019-10-15 14:17:00 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-15 14:17:02 : <INFO> [Application] Closing AdwCleaner 2019-10-15 21:37:05 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 21:37:15 : <INFO> [MBInstaller] Checking Iris 2019-10-15 21:37:15 : <INFO> [IRIS] Making request 2019-10-15 21:37:16 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 21:37:16 : <INFO> [Telemetry] Sending hello 2019-10-15 21:37:17 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:37:17 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:37:17 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:37:17 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] ALPN: None 2019-10-15 21:37:17 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:37:17 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:37:17 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:37:17 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:37:17 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:37:17 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:37:17 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:37:17 : <INFO> [SslCert] ALPN: None 2019-10-15 21:37:17 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:37:17 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:37:17 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:37:17 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 21:37:17 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 21:37:17 : <INFO> [IRIS] Failed 2019-10-15 21:37:18 : <INFO> [Button clicked] Scan 2019-10-15 21:37:18 : <INFO> [Scan] Started 2019-10-15 21:37:18 : <INFO> [Database] Downloading database 2019-10-15 21:37:19 : <INFO> [Database] Checking integrity 2019-10-15 21:37:19 : <INFO> [Database] Found 2586 families 2019-10-15 21:37:19 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 21:37:21 : <INFO> [Loading paths] Local paths loaded 2019-10-15 21:37:21 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 21:37:21 : <INFO> [Loading paths] User Keys loaded 2019-10-15 21:37:21 : <INFO> [Module initialized] "File" 2019-10-15 21:37:21 : <INFO> [Module initialized] "Folder" 2019-10-15 21:37:21 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 21:37:21 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 21:37:22 : <INFO> [Module initialized] "TaskName" 2019-10-15 21:37:23 : <INFO> [Module initialized] "Service" 2019-10-15 21:37:23 : <INFO> [Module initialized] "Winlogon" 2019-10-15 21:38:14 : <INFO> [Module initialized] "URL" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegClasses" 2019-10-15 21:38:14 : <INFO> [Module initialized] "DNS" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegGuid" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegOther" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegProductID" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 21:38:14 : <INFO> [Module initialized] "RegStartup" 2019-10-15 21:38:14 : <INFO> [Module initialized] "WMI" 2019-10-15 21:38:14 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 21:38:14 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 21:38:14 : <INFO> [Module initialize] Scan Browser 2019-10-15 21:38:17 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 21:38:17 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 21:38:17 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 21:38:17 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 21:38:17 : <INFO> [Scan] Exclusions loaded 2019-10-15 21:38:58 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:39:04 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:39:05 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 21:39:09 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 21:39:09 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 21:39:16 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:39:18 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:39:18 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:39:18 : <INFO> [SslCert] Locality Name () 2019-10-15 21:39:18 : <INFO> [SslCert] Organization () 2019-10-15 21:39:18 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:39:18 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:39:18 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:18 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:18 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:18 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:18 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:39:18 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:39:19 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:39:19 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:39:19 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:39:19 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:39:19 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:39:19 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:39:19 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:19 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:19 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:19 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:19 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 21:39:19 : <INFO> [Scan] Finished 2019-10-15 21:39:24 : <INFO> [Button clicked] Next 2019-10-15 21:39:26 : <INFO> [Button clicked] Clean & repair 2019-10-15 21:39:28 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-15 21:39:28 : <INFO> [Cleaning] Started 2019-10-15 21:39:28 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-15 21:39:28 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-15 21:39:28 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191015.233928" 2019-10-15 21:39:28 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:28 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-15 21:39:28 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-15 21:39:36 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-15 21:39:36 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:39:36 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:39:36 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:39:36 : <INFO> [SslCert] Locality Name () 2019-10-15 21:39:36 : <INFO> [SslCert] Organization () 2019-10-15 21:39:36 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:39:36 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:39:36 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:36 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:36 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:36 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:36 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:39:36 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:39:37 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:39:37 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:39:37 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:39:37 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:39:37 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:39:37 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:39:37 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:39:37 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:39:37 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:39:37 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:39:37 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 21:39:37 : <INFO> [Cleaning] Finished 2019-10-15 21:39:45 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-15 21:39:47 : <INFO> [Application] Closing AdwCleaner 2019-10-15 21:43:41 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-15 21:43:49 : <INFO> [MBInstaller] Checking Iris 2019-10-15 21:43:49 : <INFO> [IRIS] Making request 2019-10-15 21:43:50 : <INFO> [AdwUpgrade] Checking application updates 2019-10-15 21:43:50 : <INFO> [Telemetry] Sending hello 2019-10-15 21:43:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:43:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:43:51 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:43:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:43:51 : <INFO> [SslCert] ALPN: None 2019-10-15 21:43:51 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:43:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:43:51 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-15 21:43:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:43:51 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-15 21:43:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-15 21:43:51 : <INFO> [SslCert] ALPN: None 2019-10-15 21:43:51 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:43:51 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:43:51 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:43:51 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-15 21:43:51 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-15 21:43:51 : <INFO> [IRIS] Failed 2019-10-15 21:43:52 : <INFO> [Button clicked] Scan 2019-10-15 21:43:52 : <INFO> [Scan] Started 2019-10-15 21:43:52 : <INFO> [Database] Downloading database 2019-10-15 21:43:53 : <INFO> [Database] Checking integrity 2019-10-15 21:43:53 : <INFO> [Database] Found 2586 families 2019-10-15 21:43:53 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-15 21:43:54 : <INFO> [Loading paths] Local paths loaded 2019-10-15 21:43:54 : <INFO> [Loading paths] Chrome paths loaded 2019-10-15 21:43:54 : <INFO> [Loading paths] User Keys loaded 2019-10-15 21:43:54 : <INFO> [Module initialized] "File" 2019-10-15 21:43:54 : <INFO> [Module initialized] "Folder" 2019-10-15 21:43:54 : <INFO> [Module initialized] "RegistryKey" 2019-10-15 21:43:54 : <INFO> [Module initialized] "RegistryValue" 2019-10-15 21:43:55 : <INFO> [Module initialized] "TaskName" 2019-10-15 21:43:56 : <INFO> [Module initialized] "Service" 2019-10-15 21:43:56 : <INFO> [Module initialized] "Winlogon" 2019-10-15 21:44:37 : <INFO> [Module initialized] "URL" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegAppInit" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegClasses" 2019-10-15 21:44:37 : <INFO> [Module initialized] "DNS" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegGuid" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegOther" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegProductID" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegSoftware" 2019-10-15 21:44:37 : <INFO> [Module initialized] "RegStartup" 2019-10-15 21:44:37 : <INFO> [Module initialized] "WMI" 2019-10-15 21:44:37 : <INFO> [Module initialized] "ChromiumExt" 2019-10-15 21:44:37 : <INFO> [Module initialized] "FirefoxExt" 2019-10-15 21:44:37 : <INFO> [Module initialize] Scan Browser 2019-10-15 21:44:39 : <INFO> [Module initialize] Scan Browser FF 2019-10-15 21:44:39 : <INFO> [Module initialize] FF start pages loaded 2019-10-15 21:44:39 : <INFO> [Module initialize] FF search providers loaded 2019-10-15 21:44:39 : <INFO> [Module initialize] FF plugin list loaded 2019-10-15 21:44:39 : <INFO> [Scan] Exclusions loaded 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:45:31 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-15 21:45:32 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-15 21:45:35 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-15 21:45:35 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-15 21:45:41 : <INFO> [Telemetry] Sending to Influx 2019-10-15 21:45:43 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-15 21:45:43 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-15 21:45:43 : <INFO> [SslCert] Locality Name () 2019-10-15 21:45:43 : <INFO> [SslCert] Organization () 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:45:43 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:45:43 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:45:43 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:45:43 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-15 21:45:43 : <INFO> [Telemetry] Sending to DSE 2019-10-15 21:45:43 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-15 21:45:43 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-15 21:45:43 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-15 21:45:43 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-15 21:45:43 : <INFO> [SslCert] ALPN: Yes 2019-10-15 21:45:43 : <INFO> Code:
ATTFilter [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-15 21:45:43 : <INFO> [SslCert] KXE: "ECDH" 2019-10-15 21:45:43 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-15 21:45:43 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-15 21:45:43 : <INFO> [Scan] Finished 2019-10-15 21:45:57 : <INFO> [Application] Closing AdwCleaner 2019-10-16 18:39:56 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-16 18:40:06 : <INFO> [MBInstaller] Checking Iris 2019-10-16 18:40:06 : <INFO> [IRIS] Making request 2019-10-16 18:40:07 : <INFO> [AdwUpgrade] Checking application updates 2019-10-16 18:40:07 : <INFO> [Telemetry] Sending hello 2019-10-16 18:40:08 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-16 18:40:08 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-16 18:40:08 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-16 18:40:08 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-16 18:40:08 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-16 18:40:08 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-16 18:40:08 : <INFO> [SslCert] ALPN: None 2019-10-16 18:40:08 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 18:40:08 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 18:40:08 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 18:40:08 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-16 18:40:08 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-16 18:40:08 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-16 18:40:08 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-16 18:40:08 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-16 18:40:08 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-16 18:40:08 : <INFO> [SslCert] ALPN: None 2019-10-16 18:40:08 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 18:40:08 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 18:40:08 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 18:40:08 : <INFO> [Telemetry] Status code: QVariant(int, 200) 2019-10-16 18:40:08 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) ) 2019-10-16 18:40:08 : <INFO> [IRIS] Failed 2019-10-16 18:40:09 : <INFO> [Button clicked] Scan 2019-10-16 18:40:09 : <INFO> [Scan] Started 2019-10-16 18:40:09 : <INFO> [Database] Downloading database 2019-10-16 18:40:11 : <INFO> [Database] Checking integrity 2019-10-16 18:40:11 : <INFO> [Database] Found 2586 families 2019-10-16 18:40:11 : <INFO> [Database] Database v "2019-10-14.1" 2019-10-16 18:40:12 : <INFO> [Loading paths] Local paths loaded 2019-10-16 18:40:12 : <INFO> [Loading paths] Chrome paths loaded 2019-10-16 18:40:12 : <INFO> [Loading paths] User Keys loaded 2019-10-16 18:40:12 : <INFO> [Module initialized] "File" 2019-10-16 18:40:12 : <INFO> [Module initialized] "Folder" 2019-10-16 18:40:12 : <INFO> [Module initialized] "RegistryKey" 2019-10-16 18:40:12 : <INFO> [Module initialized] "RegistryValue" 2019-10-16 18:40:13 : <INFO> [Module initialized] "TaskName" 2019-10-16 18:40:13 : <INFO> [Module initialized] "Service" 2019-10-16 18:40:13 : <INFO> [Module initialized] "Winlogon" 2019-10-16 18:40:51 : <INFO> [Module initialized] "URL" 2019-10-16 18:40:51 : <INFO> [Module initialized] "RegAppInit" 2019-10-16 18:40:51 : <INFO> [Module initialized] "RegClasses" 2019-10-16 18:40:51 : <INFO> [Module initialized] "DNS" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegFirewallPolicy" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegGuid" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegIEElevationPolicy" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegOther" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegProductID" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegSoftware" 2019-10-16 18:40:52 : <INFO> [Module initialized] "RegStartup" 2019-10-16 18:40:52 : <INFO> [Module initialized] "WMI" 2019-10-16 18:40:52 : <INFO> [Module initialized] "ChromiumExt" 2019-10-16 18:40:52 : <INFO> [Module initialized] "FirefoxExt" 2019-10-16 18:40:52 : <INFO> [Module initialize] Scan Browser 2019-10-16 18:40:56 : <INFO> [Module initialize] Scan Browser FF 2019-10-16 18:40:56 : <INFO> [Module initialize] FF start pages loaded 2019-10-16 18:40:56 : <INFO> [Module initialize] FF search providers loaded 2019-10-16 18:40:56 : <INFO> [Module initialize] FF plugin list loaded 2019-10-16 18:40:56 : <INFO> [Scan] Exclusions loaded 2019-10-16 18:41:39 : <INFO> [Scan] Item detected: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.CyberLinkLabelPrint" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\******\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-16 18:41:47 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ] 2019-10-16 18:41:48 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-16 18:41:48 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ] 2019-10-16 18:41:48 : <INFO> [Scan] Item detected: "Preinstalled.LenovoPower2Go" , "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ] 2019-10-16 18:41:51 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ] 2019-10-16 18:41:51 : <INFO> [Scan] Item detected: "Preinstalled.HPSupportAssistant" , "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ] 2019-10-16 18:41:58 : <INFO> [Telemetry] Sending to Influx 2019-10-16 18:42:02 : <INFO> [SslCert] Issued by ("Let's Encrypt Authority X3") 2019-10-16 18:42:02 : <INFO> [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org") 2019-10-16 18:42:02 : <INFO> [SslCert] Locality Name () 2019-10-16 18:42:02 : <INFO> [SslCert] Organization () 2019-10-16 18:42:02 : <INFO> [SslCert] Certificate EffectiveDate: "So Aug 18 10:50:38 2019 GMT" 2019-10-16 18:42:02 : <INFO> [SslCert] Certificate ExpirationDate: "Sa Nov 16 10:50:38 2019 GMT" 2019-10-16 18:42:02 : <INFO> [SslCert] ALPN: Yes 2019-10-16 18:42:02 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 18:42:02 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 18:42:02 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 18:42:02 : <INFO> [Telemetry] Status code: QVariant(int, 204) 2019-10-16 18:42:02 : <INFO> [Telemetry] Sending to DSE 2019-10-16 18:42:03 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-16 18:42:03 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-16 18:42:03 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-16 18:42:03 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-16 18:42:03 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-16 18:42:03 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-16 18:42:03 : <INFO> [SslCert] ALPN: Yes 2019-10-16 18:42:03 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 18:42:03 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 18:42:03 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 18:42:03 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-16 18:42:03 : <INFO> [Scan] Finished 2019-10-16 19:46:12 : <INFO> [Button clicked] Next 2019-10-16 19:46:14 : <INFO> [Button clicked] Clean & repair 2019-10-16 19:46:15 : <INFO> [Button clicked] Dialog button clicked [ 2 ] 2019-10-16 19:46:15 : <INFO> [Cleaning] Started 2019-10-16 19:46:15 : <WARNING> [Cleaning] Unable to Open process - "[System Process]" 0 2019-10-16 19:46:15 : <WARNING> [Cleaning] Unable to Open process - "System" 0 2019-10-16 19:46:16 : <INFO> [Quarantine] Session folder: "C:\\AdwCleaner\\Quarantine\\v1\\20191016.214615" 2019-10-16 19:46:16 : <INFO> [Cleaning] Processing: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-16 19:46:16 : <INFO> [Cleaning] Quarantined: "PUP.Optional.Legacy" , "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ] 2019-10-16 19:46:16 : <INFO> [Engine Additional Action] "Delete Tracing Keys" 2019-10-16 19:46:21 : <INFO> [Engine Additional Action] "Reset Winsock" 2019-10-16 19:46:21 : <INFO> [Telemetry] Sending to Influx 2019-10-16 19:46:23 : <INFO> [Telemetry] Sending to DSE 2019-10-16 19:46:25 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-16 19:46:25 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-16 19:46:25 : <INFO> [SslCert] Locality Name ("San Jose") 2019-10-16 19:46:25 : <INFO> [SslCert] Organization ("Malwarebytes Inc.") 2019-10-16 19:46:25 : <INFO> [SslCert] Certificate EffectiveDate: "Do Feb 22 00:00:00 2018 GMT" 2019-10-16 19:46:25 : <INFO> [SslCert] Certificate ExpirationDate: "Mi Apr 22 12:00:00 2020 GMT" 2019-10-16 19:46:25 : <INFO> [SslCert] ALPN: Yes 2019-10-16 19:46:25 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 19:46:25 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 19:46:25 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 19:46:25 : <INFO> [Telemetry] Status code: QVariant(int, 201) 2019-10-16 19:46:25 : <INFO> [Cleaning] Finished 2019-10-16 19:46:30 : <INFO> [Button clicked] Dialog button clicked [ 6 ] 2019-10-16 19:46:32 : <INFO> [Application] Closing AdwCleaner 2019-10-16 21:14:25 : <INFO> [Application] AdwCleaner 7 . 4 . 1 launched 2019-10-16 21:14:33 : <INFO> [MBInstaller] Checking Iris 2019-10-16 21:14:33 : <INFO> [IRIS] Making request 2019-10-16 21:14:34 : <INFO> [Telemetry] Sending hello ication updates 2019-10-16 21:14:36 : <INFO> [Button clicked] Log files menu item 2019-10-16 21:14:38 : <INFO> [IRIS] Failed 2019-10-16 21:14:38 : <INFO> [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA") 2019-10-16 21:14:38 : <INFO> [SslCert] Issued to ("*.malwarebytes.com") 2019-10-16 21:14:38 : <INFO> [SslCert] Locality Name ("Santa Clara") 2019-10-16 21:14:38 : <INFO> [SslCert] Organization ("Malwarebytes Inc") 2019-10-16 21:14:38 : <INFO> [SslCert] Certificate EffectiveDate: "Mo Okt 2 00:00:00 2017 GMT" 2019-10-16 21:14:38 : <INFO> [SslCert] Certificate ExpirationDate: "Di Okt 6 12:00:00 2020 GMT" 2019-10-16 21:14:38 : <INFO> [SslCert] ALPN: None 2019-10-16 21:14:38 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384" 2019-10-16 21:14:38 : <INFO> [SslCert] KXE: "ECDH" 2019-10-16 21:14:38 : <INFO> [SslCert] Protocol: "TLSv1.2" 2019-10-16 21:14:38 : <INFO> [Telemetry] Status code: QVariant(int, 200) |
17.10.2019, 08:25 | #6 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtZitat:
Dass keine CD oder DVD mehr gelesen werden können kann an einem defekten Laufwerk liegen. Die Dinger halten doch nicht ewig. Macht anno 2019 auch wenig bis keinen SInn sich extra ein neues Laufwerk zu holen falls das bestehende defekt ist. Für fast garnix mehr benötigt man die Dinger noch. Die allermeisten neuen Rechner und Notebooks werden doch schon lange ohne optisches Laufwerk ausgeliefert. Man installiert im Prinzip alles aus dem Internet bzw lokalen Netzwerken und auch Videomaterial kommt überwiegend per Stream daher. Deine größte Baustelle lautet: Zitat:
a) Windows 10 neu installieren und hoffen, dass diese alte Hardware damit zurechtkommt b) zu Linux wechseln c) neuen Rechner kaufen
__________________ --> PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht |
18.10.2019, 21:06 | #7 |
| Danke ! und vielleicht doch Hilfe ? Lieber Cosinus, vielen Dank für Deine schnelle Antwort und interessanten Ausführungen. Sicher hast Du vollkommen Recht und sobald sich meine finanzielle Lage wieder entspannt werde ich umgehend einen neuen Rechner erwerben. Hälst Du es für möglich, daß mein System von einer Schadsoftware betroffen sein und man es zwischenzeitlich (bis sich meine finanzielle Lage etwas gebessert hat) mit etwas Hilfe davon befreien könnte ? Dein erwartungsfroher Grosserdummi |
01.11.2019, 21:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht Eigentlich dachte ich meine Antwort sei klar, aber so kann man sich täuschen. Niemand hat gesagt, dass du unbedingt einen neuen Rechner kaufen musst. Lies mal Option A und B richtig. Windows 7 zu retten macht genau Null Sinn.
__________________ Logfiles bitte immer in CODE-Tags posten |
01.11.2019, 21:33 | #9 | |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtZitat:
Vielen Dank auch für den Hinweis zum richtig lesen lernen. Habe als Legasteniker Deinen Rat befolgt und sofort den onlinekurs "Richtiges Lesen von Computercracksbeiträgen für absolute Laien" belegt aber leider nicht alles verstanden. Wahrscheinlich bin ich ein hoffnungsloser Fall. Genehmige mir zum Trost ein kleines Gläschen DIAZEPAM |
01.11.2019, 21:43 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht Relevante Daten sichert man über ein sauberes System wie Knoppix oder Ubuntu MATE im Ausprobiermodus. Und mit Daten meint man auch nur eigene Dateien, Dokumente, Musik, Vidios, KEINE Programme, Spiele oder deren Setups. Wenn du so eine Angst um deine Daten hast, warum hast du dann nicht vorher Backups gemacht? Backups macht man grundsätzlich immer und regelmäßig. Du scheinst dir aber irgendwie erst jetzt Gedanken zu machen wo dein System am auseinanderfallen ist...
__________________ Logfiles bitte immer in CODE-Tags posten |
02.11.2019, 10:19 | #11 | |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nichtZitat:
Wenn du so eine Angst um deine Daten hast, warum hast du dann nicht vorher Backups gemacht? Backups macht man grundsätzlich immer und regelmäßig. Du scheinst dir aber irgendwie erst jetzt Gedanken zu machen wo dein System am auseinanderfallen ist Habe backups gemacht, aber bin mir nicht sicher ob diese "sauber" sind. An Deiner "Hilfe" liebe ich besonders den philosophischen Diskurs mit immer leicht anklagendem Unterton. Vielleicht bin ich ja hier falsch? Wer wendet sich an TROJANERBOARD ? Der Crack der immer alles richtig macht, oder der Grossedummi, der den Computer als Werkzeug braucht und nicht als Selbstzweck, der nach Hilfe sucht, wenn er selber nicht mehr weiter kommt. Wenden sich hier Hilfesuchende an Trojanerboard, die keine Angst um ihre Daten haben? Wie immer im Leben gilt: Hinterher ist man schlauer - wenn man vorher schlauer gewesen wäre, bräuchte man keine Hilfe. Habe mich zum zweiten mal an Trojanerboard gewendet, da mir sehr höflich und effizient geholfen wurde. Heiliger Aharonov, Leo bitte hilf |
02.11.2019, 14:44 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht Es geht nicht darum, dass man hier nur Leuten helfen will, die ein IT-Studium abgeschlossen haben oder schon seit 20 Jahren Systemadministrator sind. Wir helfen hier jedem und auch jedem Laien. Es kann aber nicht angehen, dass seit Jahrzehnten über Backups und Updates gesprochen wird und den Leuten das regelrecht eingetrichtert wird, aber trotzdem viele User immer noch nicht in der Lage sind, regelmäßig Dateien zu sichern oder sich von so altem Müll wie Windows 7, Vista oder gar noch XP zu trennen, letzteres passiert auch nur sehr widerwillig. Spätestens nach einem Jahr Computernutzung muss man doch begriffen haben, dass Dateien sich leicht löschen lassen, auch versehentlich. Allein deswegen muss man doch schon ein Backup haben. Dann kommt noch die Gefahr durch Krypto-Trojaner und Festplattendefekte...
__________________ Logfiles bitte immer in CODE-Tags posten |
02.11.2019, 15:15 | #13 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht "Es kann aber nicht angehen,..." Wer bestimmt das ? Ich versuch es mal mit einer Allegorie: Irgend etwas macht seltsame Geräusche an meinem Auto, was mich etwas beunruhigt-am Ende etwas ernstes? Meine Freunde können mir keinen richtigen Rat geben. Ich frage einen KFZ Mechatroniker: Der gibt mir folgenden Rat: 1.) Kauf einen neuen Motor, vielleicht verträgt der sich auch mit Deinem Getriebe 2.) Kauf dir einen Elektromotor 3.) Kauf dir ein neues Auto, dein Modell ist überholt und neigt zum auseinanderfallen. Als backup sollte man zumindest ein Moped vorhalten. Als langjähriger Autofahrer kann es nicht angehen, sich nicht regelmäßig um sein Moped zu kümmern. Nicht verraten hat er mir vielleicht mal die Spannrollen der Riemen oder der Kette zu prüfen und den Nagel aus meinem Reifen zu entfernen. Dann fahre ich halt wieder Fahrrad und genehmige mir noch ein Schlückchen DIAZEPAM |
02.11.2019, 15:37 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht Der Vergleich so in dieser Form passt hinten und vorne nicht. Als normaler Anwender zu Hause am Computer bist du selbst für deine Dateien verantwortlich. Wo und wie etwas gespeichert wird und wie oft Backups gemacht werden. Der normale Anwender schraubt aber nicht am PC herum. So ein Anwender wäre ich übertragen auf das Auto. Ich weiß wie man von A nach B kommt, es auf den verschiedenen Straßen sicher bewegt, ich kann selbst tanken, den Luftdruck prüfen, Scheibenwischwasser nachkippen und den Ölstand prüfen. Das gehört zur normalen Bedienung eines Autos dazu. Zumindest selbst tanken sollte man können, ebenso wie man als Windows-User wissen muss, wie man einen Dateimanager bedient und Dateien von A nach B kopiert. Was ich einer Werkstatt überlasse sind jegliche Wartungsarbeiten. Öl-, Reifen-, oder Kühlmittelwechsel, Bremsenerneuerung etc. pp. - aber doch nicht das wöchentliche Tanken! Nun glauben aber die meisten PC-Laien, dass übertragen aufs Auto, sie weder fürs Tanken, noch für die Kontrolle von Ölstand und Scheibenwischwasser zuständig sind. Ja sie halten es tw. noch nicht einmal für nötig zu wissen, wie man sich sicher auf den Straßen zu bewegen hat. Wer das alles nicht will muss Bus/Bahn/Taxi nehmen oder Fahrrad fahren. Obwohl beim Fahrrad muss man sich auch um den Luftdruck kümmern
__________________ Logfiles bitte immer in CODE-Tags posten |
03.11.2019, 10:24 | #15 |
| PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht In der Zeit in der wir beide hier philosophierten über den Sinn von Windows 7 Rettungsversuchen, wäre das Problem bei gutem Willen längst gelöst worden. Ich wünsche Dir alles Gute und vor allem viel Gesundheit |
Themen zu PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht |
ad-aware, adobe, adware, antivir, antivirus, avdevprot, avg, avira, bonjour, converter, defender, festplatte, google, home, mozilla, mp3, prozesse, pup taucht immer wieder auf, realtek, registry, scan, secur, sigcheck, software, svchost.exe, temp, usb, windows |