Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 16.10.2019, 23:40   #1
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Liebe Helfer,
nachdem ich eine PUP Fund mit adware gelöscht habe taucht er nach einiger Zeit wieder auf. Die Systemwiederherstellung funktioniert nicht mehr, DVDs werden nicht mehr gelesen.
ESET, malwarebytes und antivir haben nichts gefunden. Das System ist auch langsamer geworden und die Festplatte wird immer wieder angesprochen. Auch merkt man immer wieder Datenverkehr im Hintergrund (DSL-Manager).
Ich würde mich über Hile sehr freuen.
Viele Grüße
Euer sehr Grosserdummi.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2019 02
durchgeführt von ***** (Administrator) auf *****-PC (MEDIONPC MS-7708) (16-10-2019 22:31:03)
Gestartet von C:\Users\Andi\Desktop
Geladene Profile: ***** & Andi (Verfügbare Profile: ***** & Andi)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.RealTime.Client.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.RealTimeOptimizer.exe
(CYBERGHOST S.A. -> CyberGhost S.A.) C:\Program Files\CyberGhost 7\CyberGhost.Service.exe
(devolo AG -> devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe
(N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe
(N C P e GmbH Network Communications Products engineering -> ) C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe
(N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH) C:\Program Files\LANCOM\Advanced VPN Client\ncpsec.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] C:\Program Files\DSL-Manager\DslMgrSvc.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267576 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [227168 2019-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira System Speedup User Starter] => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331016 2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\Run: [] => [X]
HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD) [Datei ist nicht signiert]
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-05] (Google Inc -> Google Inc.)
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B4841AC3-BB3F-4bbf-8F90-E25B45EF4CB4}] -> C:\Windows\system32\NcpCredentialProvider.dll [2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0AA50FC8-7A78-4181-8C8D-879DAECB83E0} - System32\Tasks\ScanToPCActivationApp.exe_{7A2752E8-41BF-446B-BCC9-FAC7AE6D0787} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {1328E01E-02FE-4908-8A50-720DBC0F3042} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe [3159368 2016-11-07] (N C P e GmbH Network Communications Products engineering -> )
Task: {218B5C72-8DC3-4312-ABB6-E2C833ABA9BD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [26062808 2019-10-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {2C44FCF8-BCF7-47C5-A256-3556C2FABD65} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331016 2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2E30107C-3A9C-4B91-BD85-AADE9C3DE5F5} - System32\Tasks\FaxApplications.exe_{86438813-AECB-4D0A-AAD9-F0F8D1B66461} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\FaxApplications.exe [2863720 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {4512EB18-82C0-4B13-943F-B9AA5D048D89} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{1B78D916-9DF3-417A-918B-A94B46D1E6FA} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {46C9FC76-8D4E-4D48-A3F6-923D811E48FE} - System32\Tasks\ScanToPCActivationApp.exe_{67FA5A8A-DD4A-4BBE-9838-909C8530A603} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [2610696 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {485CCF89-70C9-410C-A5A0-267BE629806F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {4D7AC085-0160-481A-9529-DDEED6D899FE} - System32\Tasks\HPCustPartic.exe_{3A2C75DE-F318-4570-BB2A-675FD594725C} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {51BAA260-CDBA-4865-942A-03C2D2B61F13} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{FE492128-87C2-480B-A531-282CE465E9A0} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {6133947C-F64E-4C99-A644-3C4FB0D8CB44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {6234A8B6-0BF5-4932-82B2-661208127FA2} - System32\Tasks\Toolbox.exe_{25A8E04B-2A10-4028-BC46-55E049707F83} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\Toolbox.exe [4102152 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {680AC6D9-DE1C-4D25-93C6-8C210A5F3821} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe [2167112 2016-11-07] (N C P e GmbH Network Communications Products engineering -> )
Task: {747DF87E-EDDD-4062-88DA-45693886C6A8} - System32\Tasks\FaxApplications.exe_{6BC6E2B3-116C-400A-9063-A759C08B555D} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\FaxApplications.exe [3835912 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {79323855-6713-41CE-B5D4-B11FA88F767C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
Task: {79B47647-F66E-4D32-BB86-892229C4251C} - System32\Tasks\AdwCleaner_onReboot => C:\Dateien alter WindowsME PC\Hörl\Downloads Internet\Virusscanner\adware\adwcleaner_7.4.1.exe [7636680 2019-09-10] (Malwarebytes Inc -> Malwarebytes)
Task: {7E0C4354-C1B7-4EBD-B126-6E97AFC19046} - System32\Tasks\HPCustPartic.exe_{6BAC4913-62D1-4175-B774-8F91CF35F276} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {7F792889-A5B8-47BD-A14C-9417C9D917FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {84540620-3C0C-4881-A9DA-BF9FE69BEDE1} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {8B03B8F6-548B-41FF-891E-0D0A25A86AF7} - System32\Tasks\FaxApplications.exe_{C40C909F-36AC-47DB-A108-025AF0D8DFE0} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\FaxApplications.exe [2863720 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {8D3AB6B2-743F-49D7-91A8-B6A88E427949} - System32\Tasks\Toolbox.exe_{508CE650-4627-49EF-90FE-40E1C5F169F1} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\Toolbox.exe [2903144 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {93080E14-9AA5-461A-9937-034B28E332A1} - System32\Tasks\{6BCFD55A-AA69-4B44-B289-410D926768AF} => E:\SETUP.EXE
Task: {9705054C-B3F2-4FAE-8988-046A9879FF63} - System32\Tasks\HPCustPartic.exe_{AB82E144-D9AF-4416-94A0-87809A95B6EF} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {995863CB-C2B0-4941-8E8E-E21E3B042035} - System32\Tasks\{3133D293-CE5A-4DBD-A784-304AA30B073E} => E:\Setup.exe
Task: {9BBCF488-9DB2-4F3B-B740-795020380835} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{2DD55BA1-6B12-4297-8ECB-974022D20420} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {A700ED6E-7C85-4174-8908-8FDA97D2C242} - System32\Tasks\{469EEBD4-DEF3-4F8A-B87C-FC531AD88183} => E:\SETUP.EXE
Task: {A81258D8-37B2-49BF-A1DE-D7E476CF502D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
Task: {B213F190-DE0D-44A6-9317-78A02C5F728E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
Task: {B21DB96B-1ACF-43F6-9284-37CC8C083468} - System32\Tasks\HP Officejet 6500 E710a-f.exe_{E0B8F529-EFEB-42D7-9E37-9F8E37054E9D} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HP Officejet 6500 E710a-f.exe [3867240 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {CABE9DDA-96B9-44E0-82B7-4C213AB017E8} - System32\Tasks\HPCustPartic.exe_{A8CB3E2E-7110-4439-81C8-9E211A306D06} => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {D3A19ABC-4CDF-4543-9FE2-4A1DE8015886} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.)
Task: {DF850EF1-E84A-411E-A83F-D0ED30EC1064} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2759024 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {E2584395-4D90-498B-98E6-418CF59D4C04} - System32\Tasks\ScanToPCActivationApp.exe_{8E75C518-6072-4DDB-BBE8-06B3AB2E30D4} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {E8A1B084-D8DF-49C2-8F35-2C7A6BFF4F1B} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [4330504 2015-08-31] (Hewlett Packard -> HP Inc.)
Task: {F3FFA226-9ACA-4950-A778-56FE47E9ED4A} - System32\Tasks\{7DF065F9-3712-42CF-9197-263042AA4568} => E:\SETUP.EXE
Task: {F9789991-7F8C-4A28-A5E0-E823E240FBE6} - System32\Tasks\Toolbox.exe_{46E57D55-60CB-42D9-A115-8B107DD632D8} => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\Toolbox.exe [2903144 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mg.mail.yahoo.com/neo/launch?.rand=ei7428lvqlr9r
hxxp://www.freemail.de/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {1120228E-D747-4D08-A4B4-4B4D82EF12AD} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {4548E562-7A1E-4DB5-9F68-DF4F97394503} URL = hxxp://www.clipfish.de/suche/{searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {4A8CD86C-18D5-4073-8416-F68A43F52E87} URL = hxxp://suche.sueddeutsche.de/{searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {66C0BCA5-1BE9-4E26-89B2-51AE787EC92D} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {670BB114-C750-49E9-B008-7689F7FE314E} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {68E59624-F3B4-44BF-B1BC-B4ED45A03BE2} URL = hxxp://www.benefind.de/result.html?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {77ED0AA8-A539-45AE-A9FA-E9668CBEB5CE} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {7D91603D-30F7-4A9E-B440-EFC1DD739FBF} URL = hxxp://www.pressini.de/results.htm
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {81C14EE5-F013-49E8-8B98-C4902DCFC1E6} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {93B89ADF-09AF-48E7-A036-4C87EA38222A} URL = hxxp://www.ricardo.ch/search/search.asp?txtSearch={searchTerms}&Catg=1&InTitleAndDesc=1
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {C84A2359-04D5-457E-9EE6-F8A6B83AED8C} URL = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {CCCFB525-7E19-4B5B-AA48-A42A022AD63A} URL = hxxp://www.druckbesser.de/index.php?pg=drucksachen-profisuche&suchbegriff={searchTerms}#ergebnisse
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {DCF61ACB-0471-47B4-9C6B-691C3AF47874} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {E5DF8F95-23A0-48E1-BE5C-F7B9B11F0924} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {E903553E-CFE2-4E90-B3C0-D204F60459C5} URL = hxxp://www.fancity.eu/{searchTerms}
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {EBD97CF0-28E6-44C7-BA95-53C59781FB5A} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {F72B4A0F-F740-4E1C-842B-48145C388209} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> {F7E29EF4-E9FD-40F1-923C-5C40A5A3F888} URL = hxxp://www.youtube.de/results?search_query={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC -> DivX, LLC)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2637316431-523064892-2508072546-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2637316431-523064892-2508072546-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc -> Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 27w45164.default
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\27w45164.default [2019-10-12]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\dvyugvfq.default-release [2019-10-12]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-08-30] [Legacy] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-10-25] [Legacy] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: (Freemake Youtube Download Button) - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-10-25] [Legacy] [ist nicht signiert]
FF HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-18] (Adobe Systems Incorporated -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) [Datei ist nicht signiert]
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC -> DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-11-05] (Samsung Electronics CO., LTD. -> Samsung)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npagee.dll [2015-07-08]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareService.exe [542896 2019-02-13] (Adaware Software -> )
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [401800 2013-10-11] (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1209328 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [483408 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [483408 2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [500272 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [586176 2019-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989536 2019-08-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CG7Service; C:\Program Files\CyberGhost 7\CyberGhost.Service.exe [93904 2019-08-21] (CYBERGHOST S.A. -> CyberGhost S.A.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [4981936 2019-04-23] (devolo AG -> devolo AG)
S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [Datei ist nicht signiert]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG -> Nero AG)
R2 ncpclcfg; C:\Program Files\LANCOM\Advanced VPN Client\ncpclcfg.exe [768328 2016-11-07] (N C P e GmbH Network Communications Products engineering -> )
R2 ncprwsnt; C:\Program Files\LANCOM\Advanced VPN Client\ncprwsnt.exe [2791240 2016-11-07] (N C P e GmbH Network Communications Products engineering -> )
R2 ncpsec; C:\Program Files\LANCOM\Advanced VPN Client\ncpsec.exe [461128 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP engineering GmbH)
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-11-05] (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154760 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert]
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5586432 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [209920 2010-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [32064 2014-01-23] (MCCI Internal Testing Software -> Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG (kein ServiceDLL)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [87568 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [50728 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153280 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [171568 2019-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36688 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60360 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [33280 2019-03-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [43624 2017-03-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [261920 2015-07-09] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH -> T-Systems Enterprise Services GmbH)
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [99432 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [99432 2016-11-07] (N C P e GmbH Network Communications Products engineering -> NCP Engineering GmbH)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [36624 2019-04-23] (devolo AG -> Riverbed Technology, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [181384 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [378336 2018-05-02] (Bitdefender SRL -> BitDefender S.R.L.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech -> Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech -> Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech -> Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech -> Logitech Inc.)
U3 aswbdisk; kein ImagePath
S3 avfwim; system32\DRIVERS\avfwim.sys [X]
S1 avfwot; system32\DRIVERS\avfwot.sys [X]
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X] <==== ACHTUNG
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-10-16 22:31 - 2019-10-16 22:33 - 000039662 _____ C:\Users\Andi\Desktop\FRST.txt
2019-10-16 22:00 - 2019-10-16 22:32 - 000000000 ____D C:\FRST
2019-10-16 21:59 - 2019-10-16 21:59 - 001452032 _____ (Farbar) C:\Users\Andi\Desktop\FRST.exe
2019-10-15 23:06 - 2019-10-16 20:39 - 000483629 _____ C:\Users\Andi\Desktop\C2 Verklaring vermissing  reisdocument Huber.pdf
2019-10-15 16:16 - 2019-10-16 21:46 - 000003210 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2019-10-14 15:50 - 2019-10-14 15:50 - 000208014 _____ C:\Users\Andi\Documents\Wintergarten Bestellung.pdf
2019-10-12 16:35 - 2019-10-13 00:00 - 000001845 _____ C:\Users\*****\Desktop\ESET Online Scanner.lnk
2019-10-12 16:34 - 2019-10-12 16:35 - 008166712 _____ (ESET spol. s r.o.) C:\Users\Andi\Downloads\ESETOnlineScanner_DEU(1).exe
2019-10-12 12:59 - 2019-10-12 15:09 - 000000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2019-10-12 12:35 - 2019-10-12 16:25 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla
2019-10-12 12:04 - 2019-10-12 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-10-12 11:59 - 2019-10-12 14:11 - 000000000 ____D C:\Windows\Downloaded Installations
2019-10-12 11:44 - 2019-10-12 11:44 - 000000000 ____D C:\Program Files\VulkanRT
2019-10-12 11:44 - 2018-03-24 01:05 - 000138120 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2019-10-12 11:44 - 2017-12-09 00:25 - 000798520 _____ C:\Windows\system32\vulkan-1.dll
2019-10-12 11:44 - 2017-12-09 00:25 - 000490808 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-12 11:43 - 2018-03-24 00:57 - 003661704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-10-12 11:43 - 2018-03-24 00:57 - 002097120 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2019-10-12 11:43 - 2018-03-24 00:57 - 001767304 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-10-12 11:43 - 2018-03-24 00:56 - 000469392 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-10-12 11:43 - 2018-03-24 00:56 - 000430048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-10-12 11:43 - 2018-03-24 00:56 - 000110016 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-10-12 11:43 - 2018-03-24 00:56 - 000082560 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-10-12 11:43 - 2018-03-21 19:32 - 008114212 _____ C:\Windows\system32\nvcoproc.bin
2019-10-12 11:42 - 2019-10-16 21:48 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-12 11:42 - 2019-10-12 11:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-12 11:42 - 2018-04-13 01:11 - 000447928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-12 11:42 - 2018-03-24 01:50 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-10-12 11:39 - 2019-10-12 14:11 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-10-12 11:39 - 2019-10-12 14:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-12 00:58 - 2019-10-07 07:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-12 00:58 - 2019-10-06 05:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-12 00:58 - 2019-10-06 05:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-12 00:58 - 2019-10-06 05:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-12 00:58 - 2019-10-06 05:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-12 00:58 - 2019-10-06 05:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-12 00:58 - 2019-10-06 05:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-12 00:58 - 2019-10-06 05:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-12 00:58 - 2019-10-06 05:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-12 00:58 - 2019-10-06 05:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-12 00:58 - 2019-10-06 05:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-12 00:58 - 2019-10-06 05:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-12 00:58 - 2019-10-06 05:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-12 00:58 - 2019-10-06 05:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-12 00:58 - 2019-10-06 05:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-12 00:58 - 2019-10-06 05:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-12 00:58 - 2019-10-06 05:10 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-12 00:58 - 2019-10-06 05:06 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-12 00:58 - 2019-10-06 05:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-12 00:58 - 2019-10-06 05:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-12 00:58 - 2019-10-06 05:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-12 00:58 - 2019-10-06 04:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-12 00:58 - 2019-10-06 04:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-12 00:58 - 2019-10-06 04:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-12 00:58 - 2019-10-06 04:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-12 00:58 - 2019-10-06 04:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-12 00:58 - 2019-10-06 04:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-12 00:58 - 2019-10-06 04:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-12 00:58 - 2019-10-06 04:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-12 00:58 - 2019-10-06 04:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-12 00:58 - 2019-10-06 04:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-12 00:58 - 2019-10-06 04:48 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-12 00:58 - 2019-10-06 04:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-12 00:58 - 2019-10-06 04:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-12 00:58 - 2019-10-06 04:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-12 00:58 - 2019-10-06 04:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-12 00:58 - 2019-09-19 06:30 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-12 00:58 - 2019-09-17 04:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-10-12 00:58 - 2019-09-17 04:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-12 00:58 - 2019-09-17 04:32 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-10-12 00:58 - 2019-09-17 04:32 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-12 00:58 - 2019-09-17 04:32 - 000137952 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-10-12 00:58 - 2019-09-17 04:32 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-12 00:58 - 2019-09-17 04:32 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-12 00:58 - 2019-09-17 04:30 - 001315912 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 04:04 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-12 00:58 - 2019-09-17 04:04 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-12 00:58 - 2019-09-17 04:04 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-12 00:58 - 2019-09-17 04:04 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-12 00:58 - 2019-09-17 04:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-12 00:58 - 2019-09-17 04:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-12 00:58 - 2019-09-17 04:02 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-12 00:58 - 2019-09-17 04:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-12 00:58 - 2019-09-17 04:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-12 00:58 - 2019-09-17 03:59 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-12 00:58 - 2019-09-17 03:58 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-12 00:58 - 2019-09-17 03:58 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-12 00:58 - 2019-09-17 03:58 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-12 00:58 - 2019-09-17 03:58 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-12 00:58 - 2019-09-17 03:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-12 00:58 - 2019-09-17 03:57 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-12 00:58 - 2019-09-17 03:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-12 00:58 - 2019-09-17 03:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-12 00:58 - 2019-09-17 03:57 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-12 00:58 - 2019-09-17 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-12 00:58 - 2019-09-17 02:10 - 000407776 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-12 00:58 - 2019-09-11 06:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-10-12 00:58 - 2019-09-11 06:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2019-10-12 00:58 - 2019-09-10 04:27 - 001064448 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-12 00:58 - 2019-09-10 04:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-12 00:58 - 2019-09-10 04:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-12 00:58 - 2019-09-10 04:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-12 00:58 - 2019-09-10 04:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-12 00:58 - 2019-09-10 04:02 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-12 00:58 - 2019-09-10 04:00 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-12 00:58 - 2019-09-10 04:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-12 00:58 - 2019-09-10 04:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-12 00:58 - 2019-09-10 04:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-12 00:58 - 2019-09-10 04:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-12 00:58 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-12 00:58 - 2019-09-10 04:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-12 00:58 - 2019-09-10 03:59 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-12 00:58 - 2019-09-10 03:56 - 000248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-10 23:00 - 2019-10-10 23:00 - 000000000 ____D C:\Users\*****\AppData\Local\mbam
2019-10-07 21:49 - 2019-10-07 21:49 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk
2019-10-07 21:49 - 2019-10-07 21:49 - 000001082 _____ C:\ProgramData\Desktop\Avira.lnk
2019-10-02 07:44 - 2019-09-12 05:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-02 07:44 - 2019-09-12 05:52 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-02 07:44 - 2019-09-12 05:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-02 07:44 - 2019-09-12 05:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-02 07:44 - 2019-09-12 05:32 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-02 07:43 - 2019-09-12 05:53 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-09-28 16:49 - 2019-09-28 16:49 - 000000000 ____D C:\Users\*****\AppData\Local\Avira

==================== Ein Monat (geänderte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-10-16 21:56 - 2009-07-14 06:34 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-16 21:56 - 2009-07-14 06:34 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-16 21:54 - 2014-01-29 20:00 - 000002292 ____H C:\Users\Andi\Documents\Default.rdp
2019-10-16 21:49 - 2018-12-22 13:26 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-10-16 21:48 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-15 23:18 - 2013-12-19 01:25 - 000000000 ____D C:\Users\Andi\AppData\Local\CyberGhost
2019-10-15 16:00 - 2010-08-28 02:49 - 001620684 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-15 16:00 - 2010-05-12 15:13 - 000699432 _____ C:\Windows\system32\perfh007.dat
2019-10-15 16:00 - 2010-05-12 15:13 - 000149572 _____ C:\Windows\system32\perfc007.dat
2019-10-15 15:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-10-15 15:58 - 2019-09-13 09:11 - 000000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2019-10-15 08:06 - 2010-12-05 14:18 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-15 08:06 - 2010-12-05 14:18 - 000002125 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-15 08:06 - 2010-12-05 14:18 - 000002125 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-14 14:50 - 2014-12-24 11:32 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-10-14 14:50 - 2010-12-15 12:19 - 000000000 ____D C:\Users\Andi\AppData\Local\Adobe
2019-10-12 23:19 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2019-10-12 16:36 - 2017-05-25 10:41 - 000000000 ____D C:\Users\Andi\AppData\LocalLow\Mozilla
2019-10-12 14:30 - 2018-01-28 11:08 - 000003268 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\Help
2019-10-12 14:11 - 2009-07-14 04:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-10-12 13:49 - 2018-01-28 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-10-12 13:49 - 2015-07-22 13:48 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-12 12:43 - 2010-12-05 16:03 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2451C8A6-C0B1-40F0-AE59-6A188E718F2B}
2019-10-12 12:35 - 2015-07-08 20:07 - 000000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2019-10-12 11:59 - 2010-08-30 20:11 - 000000000 ____D C:\Program Files\Common Files\InstallShield
2019-10-12 11:52 - 2011-08-17 19:58 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Adobe
2019-10-12 09:37 - 2009-07-14 06:33 - 000427088 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-12 02:00 - 2010-12-05 14:21 - 000000000 ____D C:\Users\*****
2019-10-12 01:15 - 2013-08-13 23:33 - 000000000 ____D C:\Windows\system32\MRT
2019-10-12 01:06 - 2010-08-30 18:47 - 124046008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-09 08:08 - 2018-02-18 11:41 - 000003096 _____ C:\Windows\Sandboxie.ini
2019-10-08 08:40 - 2011-02-01 11:44 - 000000000 ___RD C:\Users\Andi\ONROP
2019-10-07 21:57 - 2010-12-05 14:17 - 000003534 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 21:57 - 2010-12-05 14:17 - 000003406 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 21:56 - 2010-12-05 14:17 - 000000000 ____D C:\Program Files\Google
2019-10-06 12:44 - 2019-09-10 11:19 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-10-03 13:29 - 2018-01-28 11:02 - 000003666 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2019-09-28 16:50 - 2011-04-01 10:43 - 000000000 ____D C:\Users\*****\AppData\Roaming\PetersSoftware
2019-09-28 16:41 - 2011-04-01 10:50 - 000000000 ____D C:\Users\Andi\AppData\Roaming\PetersSoftware
2019-09-28 15:42 - 2018-01-28 11:07 - 000171568 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2019-09-28 15:42 - 2018-01-28 11:07 - 000153280 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2019-09-24 21:11 - 2014-11-21 11:06 - 000000000 ____D C:\Program Files\PetersSoftware
2019-09-18 18:25 - 2011-04-25 08:41 - 000000000 ____D C:\Users\Andi\Documents\Outlook-Dateien

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ================

2013-03-15 13:47 - 2015-03-27 19:52 - 000002912 _____ () C:\Users\*****\AppData\Roaming\Safer-Networking.log
2011-02-28 01:13 - 2011-02-28 01:13 - 000007597 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)


LastRegBack: 2019-10-10 22:20
==================== Ende von FRST.txt ============================
         

Alt 16.10.2019, 23:41   #2
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 12-10-2019 02
durchgeführt von ***** (16-10-2019 22:33:40)
Gestartet von C:\Users\Andi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-12-05 12:21:31)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2637316431-523064892-2508072546-500 - Administrator - Disabled)
Andi (S-1-5-21-2637316431-523064892-2508072546-1001 - Limited - Enabled) => C:\Users\Andi
Gast (S-1-5-21-2637316431-523064892-2508072546-501 - Limited - Disabled)
***** (S-1-5-21-2637316431-523064892-2508072546-1000 - Administrator - Enabled) => C:\User\*****
HomeGroupUser$ (S-1-5-21-2637316431-523064892-2508072546-1007 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4Captains (HKLM\...\4Captains) (Version:  - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
adaware antivirus (HKLM\...\{B629330D-7DD1-49D0-9270-70CB736693EE}_AdAwareUpdater) (Version: 12.6.1005.11662 - adaware)
AdAwareInstaller (HKLM\...\{13B94BFA-D005-42D0-88A2-02E6C81BAF7A}) (Version: 12.6.1005.11662 - adaware) Hidden
AdAwareUpdater (HKLM\...\{B629330D-7DD1-49D0-9270-70CB736693EE}) (Version: 12.6.1005.11662 - adaware) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Aldi Süd Foto Service 4.6 (HKLM\...\Aldi Süd Foto Service) (Version: 4.6 - ORWO Net)
ALDI SÜD Mah Jong (HKLM\...\ALDI SÜD Mah Jong) (Version:  - )
ALDI Süd Online Druck Service 4.6 (HKLM\...\ALDI Süd Online Druck Service) (Version: 4.6 - ORWO Net)
Aldi Sued Fotoservice 2.7 (HKLM\...\ALDI Sued Fotoservice_is1) (Version:  - )
AllShare Framework DMS (HKLM\...\{FFCA6A43-2111-4DD0-9A26-D81F7DD20960}) (Version: 1.3.21 - Samsung)
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Apple Application Support (32-Bit) (HKLM\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CE84DF09-7A4C-45AC-BEAE-7313AE8FD18E}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{e2be50eb-5ea7-469b-9805-e29b51000bb6}) (Version: 1.2.137.23068 - Avira Operations GmbH & Co. KG)
Avira (HKLM\...\{F3986A03-518F-4860-B372-1ACD7773DD99}) (Version: 1.2.137.23068 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.1910.1604 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.2.1.10749 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM\...\{D81845B4-5239-AD56-39A5-9FCFE528330F}) (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Cessna NAVIII G1000 Trainer v8.01 (HKLM\...\Cessna NAVIII G1000 Trainer v8.01) (Version: v8.01 - GARMIN)
CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
CyberGhost 7 (HKLM\...\CyberGhost 7) (Version: 7.1.2.4167 - CyberGhost S.A.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
devolo Cockpit (HKLM\...\dlancockpit) (Version: 5.0.4.0 - devolo AG)
devolo dLAN-Konfigurationsassistent (HKLM\...\dlanconf) (Version: 20.0.0.0 - devolo AG)
devolo Informer (HKLM\...\dslmon) (Version: 28.0.0.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Drucken in PDF Annotator (novaPDF OEM 7.4 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version:  - Softland)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EXAM 11 (HKLM\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Studio version 5.0.3 (HKLM\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Freemake Video Converter Version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Fresh 3.5.1 (HKLM\...\Fresh) (Version: 3.5.1 - GARMIN)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro App (HKLM\...\{FA856359-2B03-4ABC-AC82-E69AF9F405CE}) (Version: 5.6.509 - GoPro, Inc.) Hidden
GoPro Studio 2.5.6 (HKLM\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.)
HP Dropbox Plugin (HKLM\...\{C7C4E3CD-6C29-4FCD-9C92-73FB8CFA23E0}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM\...\{D3AC873D-A142-4AF6-B2A4-F6B17BD5A340}) (Version: 36.0.39.57346 - HP)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{674FD0B7-9641-4B07-906D-AB77A94C51B6}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP OfficeJet Pro 8710 - Grundlegende Software für das Gerät (HKLM\...\{9427E29D-BB2B-4720-8F0F-D02ADEBDB4AD}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8710 Hilfe (HKLM\...\{AC6E479B-DD73-4490-8B91-E497003E89AA}) (Version: 38.0.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Solutions Framework (HKLM\...\{AAE126B3-95C5-49E1-A590-7B5F6EDC7D60}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{A95F74BA-8A42-4D24-AE9B-3AC2A1F95968}) (Version: 12.3.6.12 - HP)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iOpus Secure Email Attachments (SEA) (HKLM\...\iOpus Secure Email Attachments (SEA)) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{3E78E23E-A9F3-41D1-9E98-2A2386D87101}) (Version: 12.9.5.7 - Apple Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kalender-Excel-8.12.1 (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Kalender-Excel-8.12.1_is1) (Version: 8.12.1 - MSDatec)
Kalender-Excel-8.7.1 (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\Kalender-Excel-8.7.1_is1) (Version: 8.7.1 - MSDatec)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LANCOM Advanced VPN Client (HKLM\...\{81C44F7F-5A1E-4FA9-ADE2-B84C866B8091}) (Version: 3.11.32792 - NCP engineering GmbH)
Language Proficiency Trainer Version 1.3 (HKLM\...\{BEBC89AB-DDA6-4C52-9500-B2A8DA8098C7}_is1) (Version: 1.3 - R. Eisenschmidt GmbH)
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Malwarebytes Version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Marketsplash Schnellzugriffe (HKLM\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Medion Home Cinema (HKLM\...\{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Microsoft .NET Framework 4.8 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 69.0 (x86 de) (HKLM\...\Mozilla Firefox 69.0 (x86 de)) (Version: 69.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.0.7178 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA 3D Vision Treiber 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
PDF Annotator 3.0.0.336 (HKLM\...\PDFAnnotator_is1) (Version: 3.0.0.336 - GRAHL software design)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Link 1.7.0.1311052230 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1311052230 - Copyright 2013 SAMSUNG)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.22 (32-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Schattensimulator Version 1.0 (HKLM\...\Schattensimulator_is1) (Version:  - Warema)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Switch (HKLM\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.18124.4 - Samsung Electronics Co., Ltd.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{2188C32A-AE04-4142-82AC-22803A5C5464}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Studie zur Verbesserung von HP OfficeJet Pro 8710 (HKLM\...\{AE1A126D-651B-4240-A1E5-B91FCF17BFF7}) (Version: 38.1.1881.57490 - HP Inc.)
supra IPCam (HKLM\...\{E7804B9B-8134-44DE-8FC7-9ACCE9611368}) (Version: 1.9.3.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
USB Flash Security Ver.4.0.1 (HKLM\...\KASHU_UsbEnterVer.4.0.1) (Version: Ver.4.0.1 - KASHU SYSTEM DESIGN INC.)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VFR Sprechfunk Simulator 2 Version 2.1.4 (HKLM\...\{933D82F6-E423-4115-B440-4E0804BCBEBE}_is1) (Version: 2.1.4 - R. Eisenschmidt GmbH)
VFW_Codec32 (HKLM\...\{AFEF72F3-EDEC-4B70-BB25-4CEA1FCBF425}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
webGAMET (HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\webGAMET) (Version:  - Deutscher Wetterdienst)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.2 - WebM Project)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1000_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\*****\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1001_Classes\CLSID\{B6CE1A28-A831-43E4-A81F-E2B429D66231}\InprocServer32 -> C:\Users\Andi\AppData\Local\ASKTOO~1\DOWNLO~1\Nero.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2637316431-523064892-2508072546-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
ContextMenuHandlers1: [1iOpusSEA] -> {E743A5D1-F6F0-11D6-963F-0002B3499E34} => C:\Windows\System32\iOpusSEA.dll [2003-03-05] () [Datei ist nicht signiert]
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareShellExtension.dll [2019-02-13] (Adaware Software -> )
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareShellExtension.dll [2019-02-13] (Adaware Software -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-05-27] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2019-09-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll -> Keine Datei
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2019-10-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\system32\CFHD.dll [1490944 2015-07-02] (CineForm Inc.) [Datei ist nicht signiert]

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


ShortcutWithArgument: C:\Users\Public\Desktop\MEDION Serviceportal.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> www.medionservice.de
ShortcutWithArgument: C:\Users\Public\Desktop\MEDIONhome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> hxxp://www.medion.com/de

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-11-29 23:59 - 2012-11-29 23:59 - 000093696 _____ () [Datei ist nicht signiert] C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-08-30 20:04 - 2010-03-04 05:08 - 000058880 _____ () [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2019-05-18 14:55 - 2019-05-18 14:55 - 000170496 _____ () [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9109216ecdcf9ae71a57b08b84995d99\IsdiInterop.ni.dll
2011-08-27 16:34 - 2003-03-05 16:55 - 000077824 _____ () [Datei ist nicht signiert] C:\Windows\System32\iOpusSEA.dll
2011-03-27 18:57 - 2001-10-28 16:42 - 000116224 _____ () [Datei ist nicht signiert] C:\Windows\System32\pdfcmnnt.dll
2010-05-27 21:36 - 2010-05-27 21:36 - 000708608 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2010-05-27 21:35 - 2010-05-27 21:35 - 000003584 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamdeu.dll
2010-08-30 20:04 - 2010-03-04 05:10 - 000006656 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IAStorDataMgr.resources.dll
2010-08-30 20:04 - 2010-03-04 05:09 - 000032768 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IAStorIcon.resources.dll
2010-08-30 20:04 - 2010-03-04 05:09 - 000004608 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\de-DE\IntelVisualDesign.resources.dll
2010-08-30 20:04 - 2010-03-04 05:08 - 000163328 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2010-08-30 20:04 - 2010-03-04 05:08 - 001046528 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2010-08-30 20:04 - 2010-03-04 04:53 - 000280064 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2019-05-18 14:55 - 2019-05-18 14:55 - 000176640 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\d56ef23c56dafafbd705bda28d96a1c3\IAStorDataMgr.ni.dll
2019-05-18 14:55 - 2019-05-18 14:55 - 000452608 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5c758e4d1dc449e6ad7cd1292aaf3bce\IAStorUtil.ni.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2011-06-17 15:11 - 2011-06-17 15:11 - 000225280 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-10-12 11:44 - 2018-03-24 01:05 - 000764640 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-10-12 11:44 - 2018-03-24 01:05 - 000320032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr.dll
2019-06-13 14:24 - 2019-04-23 12:14 - 000078336 _____ (Riverbed Technology, Inc.) [Datei ist nicht signiert] C:\Windows\system32\devolopacket.dll
2019-06-13 14:24 - 2019-04-23 12:14 - 000295936 _____ (Riverbed Technology, Inc.) [Datei ist nicht signiert] C:\Windows\system32\devolopcap.dll
2019-10-02 07:54 - 2019-10-02 07:54 - 000913920 _____ (ServiceStack) [Datei ist nicht signiert] C:\Windows\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\985cf3f73389cdf0d60e8a51854ccb86\ServiceStack.Text.ni.dll
2016-11-07 10:50 - 2016-11-07 10:50 - 001567744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\LANCOM\Advanced VPN Client\libeay32.dll
2011-01-12 13:04 - 2007-11-26 15:50 - 000167936 _____ (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] C:\Program Files\DSL-Manager\Deskband.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7548 mehr Seiten.

IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7546 mehr Seiten.

IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\nuernberger-land.de -> hxxp://nuernberger-land.de
IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\t-online.de -> homepage.t-online.de
IE trusted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\telekom.de -> hxxps://homepagecenter.telekom.de
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2637316431-523064892-2508072546-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7548 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2013-03-23 18:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\;C:\Program Files\Common Files\Apple\Mobile Device Support\;C:\Program Files\Common Files\Apple\Apple Application Support;C:\Program Files\Skype\Phone\;C:\Program Files\QuickTime\QTSystem\
HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

MSCONFIG\Services: adawareantivirusservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AllShare Framework DMS => 2
MSCONFIG\Services: CG7Service => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nsverctl => 2
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\startupfolder: C:^Users^Andi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareTray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 7\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoPro Studio Importer => C:\Program Files\GoPro\Tools\Importer\GoPro Importer.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{69DF5E11-1D09-4647-A612-953CE9724F7D}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE0B8A16-832E-4DC3-B70E-34BEA741D52E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{498617AE-EAE7-4DD3-83E2-0D1C57164B89}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18853FAF-EFD7-49BF-8704-F02239FAF29C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E0E4EAC9-2DA5-4F53-8060-02456121F54C}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe Keine Datei
FirewallRules: [UDP Query User{D57AD702-6DAC-41F1-AED1-3E4FEAD1276C}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe Keine Datei
FirewallRules: [{EBF7597E-2CA6-4CE2-AA2D-DAABAA6939EC}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS57E5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{A74DC7C6-79CA-45E0-BBE8-198E3C808573}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS57E5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{081C0941-AC0A-43EC-A8CA-C8EEAE9C28C5}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS63E0\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{C939DB88-005F-491B-8760-20F89BFB9C1D}] => (Allow) C:\Users\*****\AppData\Local\Temp\7zS63E0\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{DCAC11FE-306A-451E-A906-50CFC99FD6C0}] => (Allow) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe Keine Datei
FirewallRules: [{2A66FC9E-DAA9-4AE0-947E-2C6BBB3713F2}] => (Allow) C:\Program Files\Samsung\AllShare\AllShare.exe Keine Datei
FirewallRules: [{87865B26-ED10-4416-9862-08C36F3E4D48}] => (Allow) C:\Program Files\Samsung\AllShare\AllShareAgent.exe Keine Datei
FirewallRules: [{8501991C-4BE5-4BB3-A2C2-FBF484D2D377}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe Keine Datei
FirewallRules: [{C6EED99B-B185-41F8-9DF2-7FB36D5C6454}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe Keine Datei
FirewallRules: [{F032E0CC-5D9C-417F-9E6C-AE02EE6E2782}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe Keine Datei
FirewallRules: [{CE20DC6D-F997-46F8-8107-6C1CE307BED7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe Keine Datei
FirewallRules: [{6671E99B-2393-410B-98F7-26CB2BC81D20}] => (Allow) C:\Program Files\devolo\informer\devinf.exe (devolo AG -> devolo AG)
FirewallRules: [{047807E6-D21A-451C-AFEC-74E77D789262}] => (Allow) C:\Program Files\devolo\informer\devinf.exe (devolo AG -> devolo AG)
FirewallRules: [{DB969CA1-1C45-45AC-8D8B-91BA4ACEF2E5}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{87E3FCEC-30F7-4B04-BF1F-3D1660C39C27}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{AF6A00D7-4861-47DD-A3FB-646831DBD542}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{67E6EA45-6B2D-47DF-BA7B-C2CD679E7D27}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{E53D3C10-8A28-4536-A971-C4794AEC2F98}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{04A4DA75-B7F4-4711-ABB9-9F7218522370}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{CE1A85B6-D8F1-4AC3-8A51-2F205649D490}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert]
FirewallRules: [{DADCF2A7-2669-4B67-B24F-6475D36279E9}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [Datei ist nicht signiert]
FirewallRules: [{18FDF0F3-2C4C-4DA3-B219-96096F5493C1}] => (Allow) LPort=8743
FirewallRules: [{CE363F0B-5DBA-43DB-9CF2-401E657AE458}] => (Allow) LPort=8643
FirewallRules: [{E264F72D-BFDB-4DE8-8FA7-61D67C9CB5DA}] => (Allow) LPort=7676
FirewallRules: [{2AE5E98B-D8CC-42BB-B57E-49F157FD9E7F}] => (Allow) LPort=7679
FirewallRules: [{CC864930-826E-45AB-9C69-713D5056A4F5}] => (Allow) LPort=24234
FirewallRules: [{672F950F-3979-420C-A5A3-20F752D2646C}] => (Allow) LPort=7900
FirewallRules: [{0964D9F9-5572-45CA-9F90-89F302111038}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2E5DEC5A-6957-412F-B646-0A86A44E66C8}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{1F97DB57-3B81-4549-9E9F-9E86E27C99A3}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5BBA2234-E059-4277-BD14-C76EE881C8E8}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1E97B52B-7524-4674-8F5F-D3493E29EF83}] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AFF42F24-54C1-402E-A565-CBDAF34BF291}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43F208A5-18F5-4595-8236-3CE073A08EC3}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS35A0\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{9F5CDA78-22ED-49C2-80EC-D61CAD7A00C5}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS35A0\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0A36E872-831D-4BC5-93FF-D30EB1B8C180}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3647\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{4DC06B68-C8F1-4A1C-BD86-EABCCE572A2F}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3647\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{482398DB-7734-4A36-8A7C-C87533CC080A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6360\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{8E154816-C6A0-46C9-85A5-1EDD3F60E358}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6360\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{F143B6F5-7B34-40AF-A149-5A20FC563A58}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS12A5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{3ED9575B-BD6B-4EB8-AF06-48BFBC877F27}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS12A5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{E148DE93-F439-4CF0-9832-16A71AB3B0C8}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3AF7\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0FF28FFF-C279-4287-AC47-73D1C94710C2}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS3AF7\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{C65576CE-E106-4706-8A71-D6B65DAE17ED}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6320\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{2EF966B5-7FCA-4306-8DB1-910752665D0A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS6320\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{3118C1BC-B854-4D0F-90E1-826FE40C792A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS100D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{9D31F803-EB30-46E7-BF84-2074F054E047}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS100D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{368C1202-D331-4A37-89AE-2C6BFDC297E8}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{75F4ABE1-6EBD-4655-BA30-67839F9766B8}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{93CD8866-770B-4758-91CB-799A49E2D529}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{11414214-CDC4-47EE-B4C2-416F8DC0B5F0}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9BA0055E-2DE1-45F7-AE7A-6EC9484DE364}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6B3911F0-9077-4991-BD5F-11F0D05C9B44}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{93E2B080-A022-4BE7-9F02-4B54256D8893}] => (Allow) E:\fsetup.exe Keine Datei
FirewallRules: [{507E50C2-EEEE-4C86-AB86-27D98B37B7D4}] => (Allow) E:\fsetup.exe Keine Datei
FirewallRules: [{89924C91-46E7-4B1D-BEB8-E91DA03C541C}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS10F3\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{6368D6EC-BCCB-46E1-8FC9-1B1CAF7A22A9}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS10F3\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{8201659B-1033-4285-B217-AF8564AB5B20}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS117F\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{4596D4A6-BC0A-4B15-8D5D-D4C4EE8E931A}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS117F\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{D17331A7-2311-4371-94FA-2D0D06625679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{63A02533-6B8E-47B7-BD1C-D778440D943F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D93D6C88-45B0-4C1A-B8EB-E473D68908E0}] => (Allow) C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe (Tino Marx -> Marx Softwareentwicklung - www.software4u.de)
FirewallRules: [{642A2A54-43DD-4552-9CC1-1848FEE50432}] => (Allow) C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe (Tino Marx -> Marx Softwareentwicklung - www.software4u.de)
FirewallRules: [{0A90640F-E2B2-4206-BBF0-C6EBF100EC3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8389D60F-F7F9-4261-A1D5-6094BE317DA1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{8B8A7D88-BC83-4FB3-BB84-4FDDA92BDA5E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{82934933-618F-486C-9A23-7A029CC2E09E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{54B8D8CB-4821-4B63-BEEA-AB4FE2AE2909}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [TCP Query User{31670968-C511-407C-9303-F96D90CD4765}C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe] => (Block) C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe (Garmin International -> ) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{CB5D6263-3BBA-47FD-9F8A-90678A2078CE}C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe] => (Block) C:\program files\cessna naviii g1000 trainer v8.01\cdusimv2.exe (Garmin International -> ) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3775C1AE-A640-4AC0-B672-17F62CA23092}C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe Keine Datei
FirewallRules: [UDP Query User{016C65BE-C024-491F-9A5C-D6FA60031D09}C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs16cf\enterprisedu.exe Keine Datei
FirewallRules: [TCP Query User{883D4F7E-3CB5-40FD-B699-6354C9C28A3F}C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe Keine Datei
FirewallRules: [UDP Query User{4A841371-5351-41E5-84C5-66D84FA323D0}C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs17f2\enterprisedu.exe Keine Datei
FirewallRules: [TCP Query User{23385891-ABD0-4A2A-B886-E3A77D90D725}C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe Keine Datei
FirewallRules: [UDP Query User{E544D31C-A9E3-434F-8248-D9D8A01FC793}C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs3bad\enterprisedu.exe Keine Datei
FirewallRules: [TCP Query User{CCDADC6B-4D07-4888-BA92-362936E8DA77}C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe Keine Datei
FirewallRules: [UDP Query User{A7D45160-0BBF-4550-AA9D-B40FF9C4AC57}C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe] => (Allow) C:\users\*****\appdata\local\temp\7zs157b\enterprisedu.exe Keine Datei
FirewallRules: [{C0F179C6-9850-490C-B77A-C10523E1F5BE}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1A44\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{41F67C85-CF5B-4E77-A522-6879024F1AD8}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1A44\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{30CA3530-DA9F-4579-B38D-8A216024CF56}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1B59\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{D10B1123-8491-43E4-A805-513BCF565DEC}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS1B59\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{84C77C70-0230-4038-A261-1901511BF812}] => (Allow) C:\Users\Andi\AppData\Local\Temp\7zS7CC7\HP.EasyStart.exe Keine Datei
FirewallRules: [{52E996C8-07E8-4CD2-860C-90026001E438}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{75B8329C-2A74-490B-8FD7-F0067133EA45}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{17132420-02DC-4392-B23E-A22F141E1F0C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{71F6C09C-DE8C-4953-994B-116AB02FAE0D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{03BE2B7A-544D-49E1-98C0-47FC288ED2A1}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{CBBB3366-9502-47ED-9FA9-0C3EE23BDBA8}] => (Allow) LPort=5357
FirewallRules: [{40BEF000-6595-42C9-9A8A-3B21F9C88BD9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{E6DFD6C5-03AC-4D86-88FB-846E544061C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{89F0B9DB-21BD-4F60-A21A-AF0138A46776}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{05764678-211E-41CA-8AB4-2441D3ED7026}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe Keine Datei
FirewallRules: [{610B0BA9-2482-4A53-985E-07FB7BAC4779}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe Keine Datei
FirewallRules: [{9F89876B-C24E-444E-9FC1-69DD09ADFA99}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe Keine Datei
FirewallRules: [{332F14E0-3E9D-44C6-B5B2-B50148470B5F}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe Keine Datei
FirewallRules: [{424BE5F2-2CC0-44A1-9B27-DC9E6212C37B}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0F32\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{B7FCB802-1BE7-4AF0-BCC9-C6E8BDD10E5F}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0F32\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [TCP Query User{F5D20907-46A9-4454-A151-9ABBE0FB9F26}C:\program files\devolo\informer\devinf.exe] => (Allow) C:\program files\devolo\informer\devinf.exe (devolo AG -> devolo AG)
FirewallRules: [UDP Query User{FB5200AB-719B-4604-A2F1-FE88BC1C5284}C:\program files\devolo\informer\devinf.exe] => (Allow) C:\program files\devolo\informer\devinf.exe (devolo AG -> devolo AG)
FirewallRules: [{8660E1D4-DB48-4CA8-A313-B45F06008190}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96B42443-C2B5-4E83-A55A-A6228BDEE44D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CC9EE0F-EE83-48CF-BEB5-457B71DF3741}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{51C9714C-E1F7-48D3-B747-AC4C894802D0}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0D26\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2C18C080-1DA5-42CD-8EC7-4ABBD0710FF3}] => (Allow) C:\Users\*****\AppData\Local\temp\7zS0D26\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5B2CE1DF-4838-471B-BF3F-E52FD5E6BA77}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{557F83AB-E956-400A-8009-F3BDECC49EEF}] => (Allow) C:\Program Files\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{BC27863E-99D3-4669-BAC8-CD7CE1419A3E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B7F750E3-2A86-40E7-ABF5-8EC3AAB6917B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

02-10-2019 07:44:27 Windows Update
04-10-2019 00:54:59 Windows Update
05-10-2019 17:44:01 Avira System Speedup Optimierung
12-10-2019 00:59:45 Windows Update
12-10-2019 12:00:58 Installiert ASUS GPU TweakII
12-10-2019 13:08:07 Wiederherstellungsvorgang

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: avfwot
Description: avfwot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: avfwot
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/16/2019 10:23:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1524

Startzeit: 01d5845f6132f697

Endzeit: 761

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: c2421cbe-f052-11e9-8a1d-0200886cdc10

Error: (10/16/2019 10:22:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f90

Startzeit: 01d5845f31c9a5c0

Endzeit: 180

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: 9b184f8d-f052-11e9-8a1d-0200886cdc10

Error: (10/16/2019 10:20:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7601.18917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a98

Startzeit: 01d5845efdc177f1

Endzeit: 840

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: 66e5b666-f052-11e9-8a1d-0200886cdc10

Error: (10/16/2019 08:32:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.SystemSpeedup.Maintenance.exe, Version: 6.2.1.10749, Zeitstempel: 0x5d6fbf37
Name des fehlerhaften Moduls: clr.dll, Version: 4.8.4018.0, Zeitstempel: 0x5d4a64a8
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0035a3f8
ID des fehlerhaften Prozesses: 0x8ec
Startzeit der fehlerhaften Anwendung: 0x01d584500b68f568
Pfad der fehlerhaften Anwendung: C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Berichtskennung: 4c59516a-f043-11e9-8888-0200886cdc10

Error: (10/15/2019 11:35:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1, Zeitstempel: 0x4900aa18
Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1, Zeitstempel: 0x4900aa18
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000c41a
ID des fehlerhaften Prozesses: 0xc88
Startzeit der fehlerhaften Anwendung: 0x01d58388941a6d71
Pfad der fehlerhaften Anwendung: C:\Program Files\DSL-Manager\DslMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\Program Files\DSL-Manager\DslMgrSvc.exe
Berichtskennung: bb463127-ef93-11e9-85e6-74f06d8d1620

Error: (10/15/2019 04:32:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.SystemSpeedup.Maintenance.exe, Version: 6.2.1.10749, Zeitstempel: 0x5d6fbf37
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x040e6a68
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0x01d583655a0426d4
Pfad der fehlerhaften Anwendung: C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 99cf6b73-ef58-11e9-85e6-74f06d8d1620

Error: (10/15/2019 03:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.23537, Zeitstempel: 0x57c44cc4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.24468, Zeitstempel: 0x5ce88549
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b150
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0x01d5835b91d9ee29
Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE
Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung: e6995826-ef53-11e9-8b28-0200886cdc10

Error: (10/15/2019 03:58:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 7633B150
Stapel:


Systemfehler:
=============
Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 10:01:02 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 10:00:30 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 10:00:30 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 10:00:29 PM) (Source: DCOM) (EventID: 10016) (User: *****-PC)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-21-2637316431-523064892-2508072546-1001) für Benutzer *****-PC\Andi von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 und APPID 
{56BE716B-2F76-4DFA-8702-67AE10044F0B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 09:50:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Start (Lokal) für die COM-Serveranwendung mit CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 und APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (10/16/2019 09:50:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
avfwot


==================== Memory info =========================== 

BIOS: American Megatrends Inc. A7708MLN.105 09/21/2010
Motherboard: MEDIONPC MS-7708
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Prozentuale Nutzung des RAM: 84%
Installierter physikalischer RAM: 3063.11 MB
Verfügbarer physikalischer RAM: 475.04 MB
Summe virtueller Speicher: 6124.6 MB
Verfügbarer virtueller Speicher: 2707.86 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:1356.17 GB) (Free:975.17 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.01 GB) NTFS
Drive k: (USB DISK) (Removable) (Total:14.91 GB) (Free:11.11 GB) FAT32

\\?\Volume{ad4805e4-00b2-11e0-b7c3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1356.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== Ende vom Addition.txt ============================
         
__________________


Alt 16.10.2019, 23:47   #3
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Code:
ATTFilter
aner  7 . 4 . 1  launched
2019-09-10 09:30:30 :  <INFO>      [MBInstaller] Checking Iris
2019-09-10 09:30:30 :  <INFO>      [IRIS] Making request
2019-09-10 09:30:31 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-10 09:30:31 :  <INFO>      [Telemetry] Sending hello
2019-09-10 09:30:31 :  <WARNING>   Type conversion already registered from type QSharedPointer<QNetworkSession> to type QObject*
2019-09-10 09:30:31 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-10 09:30:31 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-10 09:30:31 :  <INFO>      [SslCert] ALPN: None
2019-09-10 09:30:31 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-10 09:30:31 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-10 09:30:31 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-10 09:30:31 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-10 09:30:31 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-10 09:30:31 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-10 09:30:31 :  <INFO>      [SslCert] ALPN: None
2019-09-10 09:30:31 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-10 09:30:31 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-10 09:30:31 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-10 09:30:31 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-10 09:30:31 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-10 09:30:31 :  <INFO>      [IRIS] Failed
2019-09-10 09:30:37 :  <INFO>      [Button clicked] EULA agreed
2019-09-10 09:30:45 :  <INFO>      [Button clicked] Dashboard menu item
2019-09-10 09:30:50 :  <INFO>      [Button clicked] Settings menu item
2019-09-10 09:31:03 :  <INFO>      [Button clicked] Dashboard menu item
2019-09-10 09:31:04 :  <INFO>      [Button clicked] Scan
2019-09-10 09:31:04 :  <INFO>      [Scan] Started
2019-09-10 09:31:05 :  <INFO>      [Database] Downloading database
2019-09-10 09:31:06 :  <INFO>      [Database] Checking integrity
2019-09-10 09:31:06 :  <INFO>      [Database] Found  2599  families
2019-09-10 09:31:06 :  <INFO>      [Database] Database v "2019-09-06.1"
2019-09-10 09:31:06 :  <INFO>      [Loading paths] Local paths loaded
2019-09-10 09:31:06 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-10 09:31:06 :  <INFO>      [Loading paths] User Keys loaded
2019-09-10 09:31:06 :  <INFO>      [Module initialized]  "File"
2019-09-10 09:31:06 :  <INFO>      [Module initialized]  "Folder"
2019-09-10 09:31:06 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-10 09:31:06 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-10 09:31:08 :  <INFO>      [Module initialized]  "TaskName"
2019-09-10 09:31:08 :  <INFO>      [Module initialized]  "Service"
2019-09-10 09:31:08 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-10 09:31:44 :  <INFO>      [Module initialized]  "URL"
2019-09-10 09:31:44 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-10 09:31:44 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-10 09:31:44 :  <INFO>      [Module initialized]  "DNS"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegOther"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "WMI"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-10 09:31:45 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-10 09:31:45 :  <INFO>      [Module initialize] Scan Browser
2019-09-10 09:31:47 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-10 09:31:47 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-10 09:31:47 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-10 09:31:47 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-10 09:31:47 :  <INFO>      [Scan] Exclusions loaded
2019-09-10 09:32:31 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-10 09:32:31 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-10 09:32:31 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ]
2019-09-10 09:32:32 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKLM\\Software\\Myfree Codec" [ "Registry" ]
2019-09-10 09:32:32 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ]
2019-09-10 09:32:32 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-10 09:32:37 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-10 09:32:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-10 09:32:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DownloadSponsor" ,  "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ]
2019-09-10 09:32:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-10 09:32:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-10 09:32:49 :  <INFO>      [Telemetry] Sending to Influx
2019-09-10 09:32:51 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-10 09:32:51 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-10 09:32:51 :  <INFO>      [SslCert] Locality Name ()
2019-09-10 09:32:51 :  <INFO>      [SslCert] Organization ()
2019-09-10 09:32:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-10 09:32:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-10 09:32:51 :  <INFO>      [SslCert] ALPN: Yes
2019-09-10 09:32:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-10 09:32:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-10 09:32:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-10 09:32:51 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-10 09:32:51 :  <INFO>      [Telemetry] Sending to DSE
2019-09-10 09:32:52 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-10 09:32:52 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-10 09:32:52 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-10 09:32:52 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-10 09:32:52 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-10 09:32:52 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-10 09:32:52 :  <INFO>      [SslCert] ALPN: Yes
2019-09-10 09:32:52 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-10 09:32:52 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-10 09:32:52 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-10 09:32:52 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-10 09:32:52 :  <INFO>      [Scan] Finished
2019-09-10 09:33:05 :  <INFO>      [Button clicked] Log files menu item
2019-09-10 09:33:18 :  <INFO>      [Button clicked] Dashboard menu item
2019-09-10 09:33:29 :  <INFO>      [Button clicked] Next
2019-09-10 09:34:42 :  <INFO>      [Button clicked] Bundleware found ok button
2019-09-10 09:34:49 :  <INFO>      [Button clicked] Previous
2019-09-10 09:35:25 :  <INFO>      [Button clicked] Next
2019-09-10 09:35:49 :  <INFO>      [Button clicked] Clean & repair
2019-09-10 09:35:59 :  <INFO>      [Button clicked] Dialog button clicked [ 5 ]
2019-09-10 09:36:03 :  <INFO>      [Button clicked] Previous
2019-09-10 09:36:14 :  <INFO>      [Button clicked] Next
2019-09-10 09:36:17 :  <INFO>      [Button clicked] Previous
2019-09-10 09:36:26 :  <INFO>      [Button clicked] Next
2019-09-10 09:37:01 :  <INFO>      [Button clicked] Previous
2019-09-10 09:37:06 :  <INFO>      [Button clicked] Log files menu item
2019-09-10 09:37:10 :  <INFO>      [Application] Closing AdwCleaner
2019-09-11 20:52:56 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-11 20:53:05 :  <INFO>      [MBInstaller] Checking Iris
2019-09-11 20:53:05 :  <INFO>      [IRIS] Making request
2019-09-11 20:53:06 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 20:53:06 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 20:53:06 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-11 20:53:06 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-11 20:53:06 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-11 20:53:06 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-11 20:53:06 :  <INFO>      [SslCert] ALPN: None
2019-09-11 20:53:06 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:53:06 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:53:06 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:53:07 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-11 20:53:07 :  <INFO>      [IRIS] Failed
2019-09-11 20:53:09 :  <INFO>      [Button clicked] Survey closed
2019-09-11 20:53:09 :  <INFO>      [Telemetry] Sending NPS Survey
2019-09-11 20:53:11 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-11 20:53:11 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-11 20:53:11 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-11 20:53:11 :  <INFO>      [SslCert] ALPN: None
2019-09-11 20:53:11 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:53:11 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:53:11 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:53:11 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-11 20:53:11 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-11 20:53:11 :  <INFO>      [SslCert] Locality Name ()
2019-09-11 20:53:11 :  <INFO>      [SslCert] Organization ()
2019-09-11 20:53:11 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-11 20:53:11 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-11 20:53:11 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 20:53:11 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:53:11 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:53:11 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:53:11 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-11 20:53:13 :  <INFO>      [Button clicked] Scan
2019-09-11 20:53:13 :  <INFO>      [Scan] Started
2019-09-11 20:53:13 :  <INFO>      [Database] Downloading database
2019-09-11 20:53:14 :  <INFO>      [Database] Checking integrity
2019-09-11 20:53:14 :  <INFO>      [Database] Found  2599  families
2019-09-11 20:53:14 :  <INFO>      [Database] Database v "2019-09-06.1"
2019-09-11 20:53:15 :  <INFO>      [Loading paths] Local paths loaded
2019-09-11 20:53:15 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-11 20:53:15 :  <INFO>      [Loading paths] User Keys loaded
2019-09-11 20:53:15 :  <INFO>      [Module initialized]  "File"
2019-09-11 20:53:15 :  <INFO>      [Module initialized]  "Folder"
2019-09-11 20:53:15 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-11 20:53:15 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-11 20:53:17 :  <INFO>      [Module initialized]  "TaskName"
2019-09-11 20:53:17 :  <INFO>      [Module initialized]  "Service"
2019-09-11 20:53:17 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "URL"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "DNS"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegOther"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "WMI"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-11 20:53:54 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-11 20:53:54 :  <INFO>      [Module initialize] Scan Browser
2019-09-11 20:53:56 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-11 20:53:56 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-11 20:53:56 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-11 20:53:56 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-11 20:53:56 :  <INFO>      [Scan] Exclusions loaded
2019-09-11 20:54:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:54:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:54:37 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ]
2019-09-11 20:54:38 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKLM\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:54:38 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:54:38 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-11 20:54:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-11 20:54:44 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-11 20:54:48 :  <INFO>      [Scan] Item detected:  "PUP.Optional.DownloadSponsor" ,  "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ]
2019-09-11 20:54:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-11 20:54:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-11 20:54:54 :  <INFO>      [Telemetry] Sending to Influx
2019-09-11 20:54:54 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-11 20:54:54 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-11 20:54:54 :  <INFO>      [SslCert] Locality Name ()
2019-09-11 20:54:54 :  <INFO>      [SslCert] Organization ()
2019-09-11 20:54:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-11 20:54:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-11 20:54:54 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 20:54:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:54:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:54:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:54:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-11 20:54:54 :  <INFO>      [Telemetry] Sending to DSE
2019-09-11 20:54:55 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 20:54:55 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 20:54:55 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-11 20:54:55 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-11 20:54:55 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-11 20:54:55 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-11 20:54:55 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 20:54:55 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:54:55 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:54:55 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:54:55 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-11 20:54:55 :  <INFO>      [Scan] Finished
2019-09-11 20:55:27 :  <INFO>      [Button clicked] Next
2019-09-11 20:55:32 :  <INFO>      [Button clicked] Previous
2019-09-11 20:55:38 :  <INFO>      [Button clicked] Next
2019-09-11 20:55:40 :  <INFO>      [Button clicked] Previous
2019-09-11 20:55:47 :  <INFO>      [Button clicked] Next
2019-09-11 20:55:49 :  <INFO>      [Button clicked] Previous
2019-09-11 20:55:50 :  <INFO>      [Button clicked] Next
2019-09-11 20:55:53 :  <INFO>      [Button clicked] Previous
2019-09-11 20:55:57 :  <INFO>      [Button clicked] Next
2019-09-11 20:56:00 :  <INFO>      [Button clicked] Clean & repair
2019-09-11 20:56:06 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-09-11 20:56:06 :  <INFO>      [Cleaning] Started
2019-09-11 20:56:06 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-09-11 20:56:06 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-09-11 20:56:07 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20190911.225607"
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKLM\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKLM\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Myfree Codec" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run|Web Companion" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.WebCompanion" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.WebCompanion" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Lavasoft\\WebCompanion" [ "Folder" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.WebCompanion" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.WebCompanion" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\webcompanion.com" [ "Registry" ]
2019-09-11 20:56:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.WebCompanion" ,  "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:56:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.WebCompanion" ,  "HKLM\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:56:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:56:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.WebCompanion" ,  "HKCU\\Software\\Lavasoft\\Web Companion" [ "Registry" ]
2019-09-11 20:56:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.DownloadSponsor" ,  "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ]
2019-09-11 20:56:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.DownloadSponsor" ,  "C:\\Users\\Andi\\AppData\\Local\\Temp\\DMR" [ "Folder" ]
2019-09-11 20:56:09 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-09-11 20:56:13 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-09-11 20:56:13 :  <INFO>      [Telemetry] Sending to Influx
2019-09-11 20:56:13 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-11 20:56:13 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-11 20:56:13 :  <INFO>      [SslCert] Locality Name ()
2019-09-11 20:56:13 :  <INFO>      [SslCert] Organization ()
2019-09-11 20:56:13 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-11 20:56:13 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-11 20:56:13 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 20:56:13 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:56:13 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:56:13 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:56:13 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-11 20:56:13 :  <INFO>      [Telemetry] Sending to DSE
2019-09-11 20:56:14 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 20:56:14 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 20:56:14 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-11 20:56:14 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-11 20:56:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-11 20:56:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-11 20:56:14 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 20:56:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 20:56:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 20:56:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 20:56:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-11 20:56:14 :  <INFO>      [Cleaning] Finished
2019-09-11 20:56:19 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-09-11 20:56:21 :  <INFO>      [Application] Closing AdwCleaner
2019-09-11 21:04:15 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-11 21:04:21 :  <INFO>      [MBInstaller] Checking Iris
2019-09-11 21:04:21 :  <INFO>      [IRIS] Making request
2019-09-11 21:04:22 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-09-11 21:04:22 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 21:04:22 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 21:04:22 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-11 21:04:22 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-11 21:04:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-11 21:04:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-11 21:04:22 :  <INFO>      [SslCert] ALPN: None
2019-09-11 21:04:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 21:04:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 21:04:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 21:04:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 21:04:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 21:04:23 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-11 21:04:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-11 21:04:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-11 21:04:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-11 21:04:23 :  <INFO>      [SslCert] ALPN: None
2019-09-11 21:04:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 21:04:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 21:04:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 21:04:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-11 21:04:23 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-11 21:04:23 :  <INFO>      [IRIS] Failed
2019-09-11 21:04:30 :  <INFO>      [Button clicked] Scan
2019-09-11 21:04:30 :  <INFO>      [Scan] Started
2019-09-11 21:04:30 :  <INFO>      [Database] Downloading database
2019-09-11 21:04:32 :  <INFO>      [Database] Checking integrity
2019-09-11 21:04:32 :  <INFO>      [Database] Found  2599  families
2019-09-11 21:04:32 :  <INFO>      [Database] Database v "2019-09-06.1"
2019-09-11 21:04:33 :  <INFO>      [Loading paths] Local paths loaded
2019-09-11 21:04:33 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-11 21:04:33 :  <INFO>      [Loading paths] User Keys loaded
2019-09-11 21:04:33 :  <INFO>      [Module initialized]  "File"
2019-09-11 21:04:33 :  <INFO>      [Module initialized]  "Folder"
2019-09-11 21:04:33 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-11 21:04:33 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-11 21:04:35 :  <INFO>      [Module initialized]  "TaskName"
2019-09-11 21:04:35 :  <INFO>      [Module initialized]  "Service"
2019-09-11 21:04:35 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "URL"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "DNS"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegOther"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "WMI"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-11 21:05:12 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-11 21:05:12 :  <INFO>      [Module initialize] Scan Browser
2019-09-11 21:05:13 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-11 21:05:13 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-11 21:05:13 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-11 21:05:13 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-11 21:05:13 :  <INFO>      [Scan] Exclusions loaded
2019-09-11 21:06:02 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-11 21:06:02 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-11 21:06:02 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-11 21:06:03 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-11 21:06:07 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-11 21:06:07 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-11 21:06:13 :  <INFO>      [Telemetry] Sending to Influx
2019-09-11 21:06:14 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-11 21:06:14 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-11 21:06:14 :  <INFO>      [SslCert] Locality Name ()
2019-09-11 21:06:14 :  <INFO>      [SslCert] Organization ()
2019-09-11 21:06:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-11 21:06:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-11 21:06:14 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 21:06:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 21:06:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 21:06:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 21:06:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-11 21:06:14 :  <INFO>      [Telemetry] Sending to DSE
2019-09-11 21:06:15 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-11 21:06:15 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-11 21:06:15 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-11 21:06:15 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-11 21:06:15 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-11 21:06:15 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-11 21:06:15 :  <INFO>      [SslCert] ALPN: Yes
2019-09-11 21:06:15 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-11 21:06:15 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-11 21:06:15 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-11 21:06:15 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-11 21:06:15 :  <INFO>      [Scan] Finished
2019-09-11 21:06:29 :  <INFO>      [Checkbox clicked] No threats detected  "Don't show again":  "Unchecked"
2019-09-11 21:06:30 :  <INFO>      [Button clicked] No threats detected ok button
2019-09-11 21:06:45 :  <INFO>      [Button clicked] Quarantine menu item
2019-09-11 21:06:57 :  <INFO>      [Application] Closing AdwCleaner
2019-09-14 21:22:47 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-14 21:22:57 :  <INFO>      [MBInstaller] Checking Iris
2019-09-14 21:22:57 :  <INFO>      [IRIS] Making request
2019-09-14 21:22:58 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-14 21:22:58 :  <INFO>      [Telemetry] Sending hello
2019-09-14 21:22:58 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-14 21:22:58 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-14 21:22:58 :  <INFO>      [SslCert] ALPN: None
2019-09-14 21:22:58 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:22:58 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:22:58 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:22:58 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-14 21:22:58 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-14 21:22:58 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-14 21:22:58 :  <INFO>      [SslCert] ALPN: None
2019-09-14 21:22:58 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:22:58 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:22:58 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:22:58 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-14 21:22:58 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-14 21:22:58 :  <INFO>      [IRIS] Failed
2019-09-14 21:23:05 :  <INFO>      [Button clicked] Scan
2019-09-14 21:23:05 :  <INFO>      [Scan] Started
2019-09-14 21:23:05 :  <INFO>      [Database] Downloading database
2019-09-14 21:23:06 :  <INFO>      [Database] Checking integrity
2019-09-14 21:23:06 :  <INFO>      [Database] Found  2599  families
2019-09-14 21:23:06 :  <INFO>      [Database] Database v "2019-09-13.1"
2019-09-14 21:23:07 :  <INFO>      [Loading paths] Local paths loaded
2019-09-14 21:23:07 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-14 21:23:07 :  <INFO>      [Loading paths] User Keys loaded
2019-09-14 21:23:07 :  <INFO>      [Module initialized]  "File"
2019-09-14 21:23:07 :  <INFO>      [Module initialized]  "Folder"
2019-09-14 21:23:07 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-14 21:23:07 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-14 21:23:09 :  <INFO>      [Module initialized]  "TaskName"
2019-09-14 21:23:09 :  <INFO>      [Module initialized]  "Service"
2019-09-14 21:23:09 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "URL"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "DNS"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegOther"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-14 21:23:47 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-14 21:23:48 :  <INFO>      [Module initialized]  "WMI"
2019-09-14 21:23:48 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-14 21:23:48 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-14 21:23:48 :  <INFO>      [Module initialize] Scan Browser
2019-09-14 21:23:50 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-14 21:23:50 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-14 21:23:50 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-14 21:23:50 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-14 21:23:50 :  <INFO>      [Scan] Exclusions loaded
2019-09-14 21:24:29 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-14 21:24:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-14 21:24:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-14 21:24:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-14 21:24:36 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-14 21:24:40 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-14 21:24:40 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-14 21:24:46 :  <INFO>      [Telemetry] Sending to Influx
2019-09-14 21:24:47 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-14 21:24:47 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-14 21:24:47 :  <INFO>      [SslCert] Locality Name ()
2019-09-14 21:24:47 :  <INFO>      [SslCert] Organization ()
2019-09-14 21:24:47 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-14 21:24:47 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-14 21:24:47 :  <INFO>      [SslCert] ALPN: Yes
2019-09-14 21:24:47 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:24:47 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:24:47 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:24:47 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-14 21:24:47 :  <INFO>      [Telemetry] Sending to DSE
2019-09-14 21:24:48 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:24:48 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:24:48 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-14 21:24:48 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-14 21:24:48 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-14 21:24:48 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-14 21:24:48 :  <INFO>      [SslCert] ALPN: Yes
2019-09-14 21:24:48 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:24:48 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:24:48 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:24:48 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-14 21:24:48 :  <INFO>      [Scan] Finished
2019-09-14 21:25:59 :  <INFO>      [Button clicked] Next
2019-09-14 21:26:03 :  <INFO>      [Button clicked] Clean & repair
2019-09-14 21:26:06 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-09-14 21:26:06 :  <INFO>      [Cleaning] Started
2019-09-14 21:26:06 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-09-14 21:26:06 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-09-14 21:26:07 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20190914.232607"
2019-09-14 21:26:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-14 21:26:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-14 21:26:07 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-09-14 21:26:09 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-09-14 21:26:09 :  <INFO>      [Telemetry] Sending to Influx
2019-09-14 21:26:09 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-14 21:26:09 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-14 21:26:09 :  <INFO>      [SslCert] Locality Name ()
2019-09-14 21:26:09 :  <INFO>      [SslCert] Organization ()
2019-09-14 21:26:09 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-14 21:26:09 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-14 21:26:09 :  <INFO>      [SslCert] ALPN: Yes
2019-09-14 21:26:09 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:26:09 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:26:09 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:26:09 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-14 21:26:09 :  <INFO>      [Telemetry] Sending to DSE
2019-09-14 21:26:10 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:26:10 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:26:10 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-14 21:26:10 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-14 21:26:10 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-14 21:26:10 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-14 21:26:10 :  <INFO>      [SslCert] ALPN: Yes
2019-09-14 21:26:10 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:26:10 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:26:10 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:26:10 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-14 21:26:10 :  <INFO>      [Cleaning] Finished
2019-09-14 21:26:13 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-09-14 21:26:14 :  <INFO>      [Application] Closing AdwCleaner
2019-09-14 21:30:27 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-14 21:31:02 :  <INFO>      [MBInstaller] Checking Iris
2019-09-14 21:31:02 :  <INFO>      [IRIS] Making request
2019-09-14 21:31:03 :  <INFO>      [Telemetry] Sending hello
2019-09-14 21:31:03 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-14 21:31:04 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-14 21:31:04 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-14 21:31:04 :  <INFO>      [SslCert] ALPN: None
2019-09-14 21:31:04 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:31:04 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:31:04 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:31:04 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-14 21:31:04 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-14 21:31:04 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-14 21:31:04 :  <INFO>      [SslCert] ALPN: None
2019-09-14 21:31:04 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:31:04 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:31:04 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:31:04 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-14 21:31:04 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-14 21:31:04 :  <INFO>      [IRIS] Failed
2019-09-14 21:31:13 :  <INFO>      [Button clicked] Scan
2019-09-14 21:31:13 :  <INFO>      [Scan] Started
2019-09-14 21:31:13 :  <INFO>      [Database] Downloading database
2019-09-14 21:31:14 :  <INFO>      [Database] Checking integrity
2019-09-14 21:31:14 :  <INFO>      [Database] Found  2599  families
2019-09-14 21:31:14 :  <INFO>      [Database] Database v "2019-09-13.1"
2019-09-14 21:31:16 :  <INFO>      [Loading paths] Local paths loaded
2019-09-14 21:31:16 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-14 21:31:16 :  <INFO>      [Loading paths] User Keys loaded
2019-09-14 21:31:16 :  <INFO>      [Module initialized]  "File"
2019-09-14 21:31:16 :  <INFO>      [Module initialized]  "Folder"
2019-09-14 21:31:16 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-14 21:31:16 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-14 21:31:19 :  <INFO>      [Module initialized]  "TaskName"
2019-09-14 21:31:19 :  <INFO>      [Module initialized]  "Service"
2019-09-14 21:31:19 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "URL"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "DNS"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegOther"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "WMI"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-14 21:31:59 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-14 21:31:59 :  <INFO>      [Module initialize] Scan Browser
2019-09-14 21:32:01 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-14 21:32:01 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-14 21:32:01 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-14 21:32:01 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-14 21:32:01 :  <INFO>      [Scan] Exclusions loaded
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-14 21:32:53 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-14 21:32:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-14 21:32:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-14 21:33:03 :  <INFO>      [Telemetry] Sending to Influx
2019-09-14 21:33:07 :  <INFO>      [Telemetry] Sending to DSE
2019-09-14 21:33:09 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-14 21:33:09 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-14 21:33:09 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-14 21:33:09 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-14 21:33:09 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-14 21:33:09 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-14 21:33:09 :  <INFO>      [SslCert] ALPN: Yes
2019-09-14 21:33:09 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-14 21:33:09 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-14 21:33:09 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-14 21:33:09 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-14 21:33:09 :  <INFO>      [Scan] Finished
2019-09-14 21:33:16 :  <INFO>      [Button clicked] No threats detected ok button
2019-09-14 21:33:27 :  <INFO>      [Button clicked] Cancel
2019-09-14 21:33:30 :  <INFO>      [Button clicked] Quarantine menu item
2019-09-14 21:33:38 :  <INFO>      [Button clicked] Quarantine menu item
2019-09-14 21:33:49 :  <INFO>      [Application] Closing AdwCleaner
2019-09-24 22:35:31 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-24 22:36:32 :  <INFO>      [MBInstaller] Checking Iris
2019-09-24 22:36:32 :  <INFO>      [IRIS] Making request
2019-09-24 22:36:33 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-24 22:36:33 :  <INFO>      [Telemetry] Sending hello
2019-09-24 22:36:33 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-24 22:36:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-24 22:36:33 :  <INFO>      [SslCert] ALPN: None
2019-09-24 22:36:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:36:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:36:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:36:33 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-24 22:36:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-24 22:36:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-24 22:36:33 :  <INFO>      [SslCert] ALPN: None
2019-09-24 22:36:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:36:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:36:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:36:33 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-24 22:36:33 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-24 22:36:33 :  <INFO>      [IRIS] Failed
2019-09-24 22:36:36 :  <INFO>      [Button clicked] Scan
2019-09-24 22:36:36 :  <INFO>      [Scan] Started
2019-09-24 22:36:36 :  <INFO>      [Database] Downloading database
2019-09-24 22:36:37 :  <INFO>      [Database] Checking integrity
2019-09-24 22:36:37 :  <INFO>      [Database] Found  2600  families
2019-09-24 22:36:37 :  <INFO>      [Database] Database v "2019-09-23.1"
2019-09-24 22:36:38 :  <INFO>      [Loading paths] Local paths loaded
2019-09-24 22:36:39 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-24 22:36:39 :  <INFO>      [Loading paths] User Keys loaded
2019-09-24 22:36:39 :  <INFO>      [Module initialized]  "File"
2019-09-24 22:36:39 :  <INFO>      [Module initialized]  "Folder"
2019-09-24 22:36:39 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-24 22:36:39 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-24 22:36:40 :  <INFO>      [Module initialized]  "TaskName"
2019-09-24 22:36:40 :  <INFO>      [Module initialized]  "Service"
2019-09-24 22:36:40 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "URL"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "DNS"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegOther"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "WMI"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-24 22:37:14 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-24 22:37:14 :  <INFO>      [Module initialize] Scan Browser
2019-09-24 22:37:18 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-24 22:37:18 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-24 22:37:18 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-24 22:37:18 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-24 22:37:18 :  <INFO>      [Scan] Exclusions loaded
2019-09-24 22:38:13 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ]
2019-09-24 22:38:13 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ]
2019-09-24 22:38:14 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-24 22:38:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-24 22:38:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-24 22:38:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-24 22:38:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-24 22:38:26 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-24 22:38:26 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-24 22:38:32 :  <INFO>      [Telemetry] Sending to Influx
2019-09-24 22:38:34 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-24 22:38:34 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-24 22:38:34 :  <INFO>      [SslCert] Locality Name ()
2019-09-24 22:38:34 :  <INFO>      [SslCert] Organization ()
2019-09-24 22:38:34 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-24 22:38:34 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-24 22:38:34 :  <INFO>      [SslCert] ALPN: Yes
2019-09-24 22:38:34 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:38:34 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:38:34 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:38:34 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-24 22:38:34 :  <INFO>      [Telemetry] Sending to DSE
2019-09-24 22:38:35 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-24 22:38:35 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-24 22:38:35 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-24 22:38:35 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-24 22:38:35 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-24 22:38:35 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-24 22:38:35 :  <INFO>      [SslCert] ALPN: Yes
2019-09-24 22:38:35 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:38:35 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:38:35 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:38:35 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-24 22:38:35 :  <INFO>      [Scan] Finished
2019-09-24 22:38:43 :  <INFO>      [Button clicked] Next
2019-09-24 22:38:45 :  <INFO>      [Button clicked] Previous
2019-09-24 22:38:53 :  <INFO>      [Button clicked] Next
2019-09-24 22:38:55 :  <INFO>      [Button clicked] Clean & repair
2019-09-24 22:39:01 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-09-24 22:39:01 :  <INFO>      [Cleaning] Started
2019-09-24 22:39:01 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-09-24 22:39:01 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-09-24 22:39:01 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20190925.003901"
2019-09-24 22:39:01 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\ak.staticimgfarm.com" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\DOMStorage\\staticimgfarm.com" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-24 22:39:02 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-09-24 22:39:05 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-09-24 22:39:05 :  <INFO>      [Telemetry] Sending to Influx
2019-09-24 22:39:05 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-24 22:39:05 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-24 22:39:05 :  <INFO>      [SslCert] Locality Name ()
2019-09-24 22:39:05 :  <INFO>      [SslCert] Organization ()
2019-09-24 22:39:05 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-24 22:39:05 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-24 22:39:05 :  <INFO>      [SslCert] ALPN: Yes
2019-09-24 22:39:05 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:39:05 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:39:05 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:39:05 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-24 22:39:05 :  <INFO>      [Telemetry] Sending to DSE
2019-09-24 22:39:06 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-24 22:39:06 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-24 22:39:06 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-24 22:39:06 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-24 22:39:06 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-24 22:39:06 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-24 22:39:06 :  <INFO>      [SslCert] ALPN: Yes
2019-09-24 22:39:06 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-24 22:39:06 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-24 22:39:06 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-24 22:39:06 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-24 22:39:06 :  <INFO>      [Cleaning] Finished
2019-09-24 22:39:10 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-09-24 22:39:11 :  <INFO>      [Application] Closing AdwCleaner
2019-09-28 08:44:25 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-28 08:44:52 :  <INFO>      [MBInstaller] Checking Iris
2019-09-28 08:44:52 :  <INFO>      [IRIS] Making request
2019-09-28 08:44:52 :  <INFO>      [Telemetry] Sending hello
2019-09-28 08:44:52 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-28 08:44:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-28 08:44:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-28 08:44:54 :  <INFO>      [SslCert] ALPN: None
2019-09-28 08:44:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:44:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:44:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:44:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-28 08:44:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-28 08:44:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-28 08:44:54 :  <INFO>      [SslCert] ALPN: None
2019-09-28 08:44:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:44:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:44:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:44:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-28 08:44:54 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-28 08:44:54 :  <INFO>      [IRIS] Failed
2019-09-28 08:44:54 :  <INFO>      [Button clicked] Scan
2019-09-28 08:44:54 :  <INFO>      [Scan] Started
2019-09-28 08:44:55 :  <INFO>      [Database] Downloading database
2019-09-28 08:44:56 :  <INFO>      [Database] Checking integrity
2019-09-28 08:44:56 :  <INFO>      [Database] Found  2601  families
2019-09-28 08:44:56 :  <INFO>      [Database] Database v "2019-09-27.1"
2019-09-28 08:44:56 :  <INFO>      [Loading paths] Local paths loaded
2019-09-28 08:44:57 :  <INFO>      [Loading paths] Chrome paths loaded
2019-09-28 08:44:57 :  <INFO>      [Loading paths] User Keys loaded
2019-09-28 08:44:57 :  <INFO>      [Module initialized]  "File"
2019-09-28 08:44:57 :  <INFO>      [Module initialized]  "Folder"
2019-09-28 08:44:57 :  <INFO>      [Module initialized]  "RegistryKey"
2019-09-28 08:44:57 :  <INFO>      [Module initialized]  "RegistryValue"
2019-09-28 08:44:58 :  <INFO>      [Module initialized]  "TaskName"
2019-09-28 08:44:58 :  <INFO>      [Module initialized]  "Service"
2019-09-28 08:44:58 :  <INFO>      [Module initialized]  "Winlogon"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "URL"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegAppInit"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegClasses"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "DNS"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegGuid"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-09-28 08:45:34 :  <INFO>      [Module initialized]  "RegOther"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "RegProductID"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "RegSoftware"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "RegStartup"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "WMI"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-09-28 08:45:35 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-09-28 08:45:35 :  <INFO>      [Module initialize] Scan Browser
2019-09-28 08:45:36 :  <INFO>      [Module initialize] Scan Browser FF
2019-09-28 08:45:36 :  <INFO>      [Module initialize] FF start pages loaded
2019-09-28 08:45:36 :  <INFO>      [Module initialize] FF search providers loaded
2019-09-28 08:45:36 :  <INFO>      [Module initialize] FF plugin list loaded
2019-09-28 08:45:36 :  <INFO>      [Scan] Exclusions loaded
2019-09-28 08:46:11 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-28 08:46:17 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-09-28 08:46:17 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-28 08:46:17 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-09-28 08:46:18 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-09-28 08:46:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-09-28 08:46:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-09-28 08:46:27 :  <INFO>      [Telemetry] Sending to Influx
2019-09-28 08:46:29 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-28 08:46:29 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-28 08:46:29 :  <INFO>      [SslCert] Locality Name ()
2019-09-28 08:46:29 :  <INFO>      [SslCert] Organization ()
2019-09-28 08:46:29 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-28 08:46:29 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-28 08:46:29 :  <INFO>      [SslCert] ALPN: Yes
2019-09-28 08:46:29 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:46:29 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:46:29 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:46:29 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-28 08:46:29 :  <INFO>      [Telemetry] Sending to DSE
2019-09-28 08:46:30 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 08:46:30 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 08:46:30 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-28 08:46:30 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-28 08:46:30 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-28 08:46:30 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-28 08:46:30 :  <INFO>      [SslCert] ALPN: Yes
2019-09-28 08:46:30 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:46:30 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:46:30 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:46:30 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-28 08:46:30 :  <INFO>      [Scan] Finished
2019-09-28 08:46:51 :  <INFO>      [Button clicked] Next
2019-09-28 08:46:53 :  <INFO>      [Button clicked] Previous
2019-09-28 08:46:55 :  <INFO>      [Button clicked] Next
2019-09-28 08:46:57 :  <INFO>      [Button clicked] Clean & repair
2019-09-28 08:46:59 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-09-28 08:46:59 :  <INFO>      [Cleaning] Started
2019-09-28 08:46:59 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-09-28 08:46:59 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-09-28 08:46:59 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20190928.104659"
2019-09-28 08:46:59 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-28 08:46:59 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-09-28 08:46:59 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-09-28 08:47:05 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-09-28 08:47:05 :  <INFO>      [Telemetry] Sending to Influx
2019-09-28 08:47:06 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-09-28 08:47:06 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-09-28 08:47:06 :  <INFO>      [SslCert] Locality Name ()
2019-09-28 08:47:06 :  <INFO>      [SslCert] Organization ()
2019-09-28 08:47:06 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-09-28 08:47:06 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-09-28 08:47:06 :  <INFO>      [SslCert] ALPN: Yes
2019-09-28 08:47:06 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:47:06 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:47:06 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:47:06 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-09-28 08:47:06 :  <INFO>      [Telemetry] Sending to DSE
2019-09-28 08:47:07 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 08:47:07 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 08:47:07 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-09-28 08:47:07 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-09-28 08:47:07 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-09-28 08:47:07 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-09-28 08:47:07 :  <INFO>      [SslCert] ALPN: Yes
2019-09-28 08:47:07 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 08:47:07 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 08:47:07 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 08:47:07 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-09-28 08:47:07 :  <INFO>      [Cleaning] Finished
2019-09-28 08:47:09 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-09-28 08:47:10 :  <INFO>      [Application] Closing AdwCleaner
2019-09-28 14:48:29 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-09-28 14:49:13 :  <INFO>      [MBInstaller] Checking Iris
2019-09-28 14:49:13 :  <INFO>      [IRIS] Making request
2019-09-28 14:49:14 :  <INFO>      [MBBanner] Checking Iris
2019-09-28 14:49:14 :  <INFO>      [AdwUpgrade] Checking application updates
2019-09-28 14:49:14 :  <INFO>      [Telemetry] Sending hello
2019-09-28 14:49:14 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-28 14:49:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-28 14:49:14 :  <INFO>      [SslCert] ALPN: None
2019-09-28 14:49:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 14:49:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 14:49:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 14:49:14 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-28 14:49:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-28 14:49:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-28 14:49:14 :  <INFO>      [SslCert] ALPN: None
2019-09-28 14:49:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 14:49:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 14:49:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 14:49:15 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-09-28 14:49:15 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-09-28 14:49:15 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-09-28 14:49:15 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-09-28 14:49:15 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-09-28 14:49:15 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-09-28 14:49:15 :  <INFO>      [SslCert] ALPN: None
2019-09-28 14:49:15 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-09-28 14:49:15 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-09-28 14:49:15 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-09-28 14:49:15 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-09-28 14:49:15 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-28 14:49:15 :  <INFO>      [IRIS] Failed
2019-09-28 14:49:15 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-09-28 14:49:15 :  <INFO>      [IRIS] Failed
2019-09-28 14:49:40 :  <INFO>      [Application] Closing AdwCleaner
2019-10-05 15:31:54 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-05 15:32:16 :  <INFO>      [MBInstaller] Checking Iris
2019-10-05 15:32:16 :  <INFO>      [IRIS] Making request
2019-10-05 15:32:16 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-05 15:32:18 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:32:18 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:32:18 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-05 15:32:18 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-05 15:32:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-05 15:32:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-05 15:32:18 :  <INFO>      [SslCert] ALPN: None
2019-10-05 15:32:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:32:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:32:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:32:19 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:32:19 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:32:19 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-05 15:32:19 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-05 15:32:19 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-05 15:32:19 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-05 15:32:19 :  <INFO>      [SslCert] ALPN: None
2019-10-05 15:32:19 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:32:19 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:32:19 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:32:19 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-05 15:32:19 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-05 15:32:19 :  <INFO>      [IRIS] Failed
2019-10-05 15:32:20 :  <INFO>      [Button clicked] Scan
2019-10-05 15:32:20 :  <INFO>      [Scan] Started
2019-10-05 15:32:20 :  <INFO>      [Database] Downloading database
2019-10-05 15:32:21 :  <INFO>      [Database] Checking integrity
2019-10-05 15:32:21 :  <INFO>      [Database] Found  2586  families
2019-10-05 15:32:21 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-05 15:32:23 :  <INFO>      [Loading paths] Local paths loaded
2019-10-05 15:32:23 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-05 15:32:23 :  <INFO>      [Loading paths] User Keys loaded
2019-10-05 15:32:23 :  <INFO>      [Module initialized]  "File"
2019-10-05 15:32:23 :  <INFO>      [Module initialized]  "Folder"
2019-10-05 15:32:23 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-05 15:32:23 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-05 15:32:25 :  <INFO>      [Module initialized]  "TaskName"
2019-10-05 15:32:26 :  <INFO>      [Module initialized]  "Service"
2019-10-05 15:32:26 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-05 15:33:21 :  <INFO>      [Module initialized]  "URL"
2019-10-05 15:33:21 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-05 15:33:21 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-05 15:33:21 :  <INFO>      [Module initialized]  "DNS"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegOther"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "WMI"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-05 15:33:22 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-05 15:33:23 :  <INFO>      [Module initialize] Scan Browser
2019-10-05 15:33:31 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-05 15:33:31 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-05 15:33:31 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-05 15:33:31 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-05 15:33:31 :  <INFO>      [Scan] Exclusions loaded
2019-10-05 15:34:45 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-05 15:34:56 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-05 15:34:56 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-05 15:34:56 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-05 15:34:57 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-05 15:35:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-05 15:35:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-05 15:35:08 :  <INFO>      [Telemetry] Sending to Influx
2019-10-05 15:35:10 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-05 15:35:10 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-05 15:35:10 :  <INFO>      [SslCert] Locality Name ()
2019-10-05 15:35:10 :  <INFO>      [SslCert] Organization ()
2019-10-05 15:35:10 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-05 15:35:10 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-05 15:35:10 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:35:10 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:35:10 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:35:10 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:35:10 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-05 15:35:10 :  <INFO>      [Telemetry] Sending to DSE
2019-10-05 15:35:11 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:35:11 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:35:11 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-05 15:35:11 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-05 15:35:11 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-05 15:35:11 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-05 15:35:11 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:35:11 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:35:11 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:35:11 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:35:11 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-05 15:35:11 :  <INFO>      [Scan] Finished
2019-10-05 15:35:22 :  <INFO>      [Button clicked] Next
2019-10-05 15:35:24 :  <INFO>      [Button clicked] Previous
2019-10-05 15:35:25 :  <INFO>      [Button clicked] Next
2019-10-05 15:35:26 :  <INFO>      [Button clicked] Clean & repair
2019-10-05 15:35:28 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-05 15:35:28 :  <INFO>      [Cleaning] Started
2019-10-05 15:35:28 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-05 15:35:28 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-05 15:35:28 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191005.173528"
2019-10-05 15:35:28 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-05 15:35:28 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-05 15:35:29 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-05 15:35:35 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-05 15:35:35 :  <INFO>      [Telemetry] Sending to Influx
2019-10-05 15:35:35 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-05 15:35:35 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-05 15:35:35 :  <INFO>      [SslCert] Locality Name ()
2019-10-05 15:35:35 :  <INFO>      [SslCert] Organization ()
2019-10-05 15:35:35 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-05 15:35:35 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-05 15:35:35 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:35:35 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:35:35 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:35:35 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:35:35 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-05 15:35:35 :  <INFO>      [Telemetry] Sending to DSE
2019-10-05 15:35:36 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:35:36 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:35:36 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-05 15:35:36 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-05 15:35:36 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-05 15:35:36 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-05 15:35:36 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:35:36 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:35:36 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:35:36 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:35:36 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-05 15:35:36 :  <INFO>      [Cleaning] Finished
2019-10-05 15:35:39 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-05 15:35:41 :  <INFO>      [Application] Closing AdwCleaner
2019-10-05 15:40:44 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-05 15:40:53 :  <INFO>      [MBInstaller] Checking Iris
2019-10-05 15:40:53 :  <INFO>      [IRIS] Making request
2019-10-05 15:40:54 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-05 15:40:54 :  <INFO>      [Telemetry] Sending hello
2019-10-05 15:40:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:40:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:40:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-05 15:40:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-05 15:40:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-05 15:40:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-05 15:40:54 :  <INFO>      [SslCert] ALPN: None
2019-10-05 15:40:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:40:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:40:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:40:55 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:40:55 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:40:55 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-05 15:40:55 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-05 15:40:55 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-05 15:40:55 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-05 15:40:55 :  <INFO>      [SslCert] ALPN: None
2019-10-05 15:40:55 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:40:55 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:40:55 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:40:55 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-05 15:40:55 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-05 15:40:55 :  <INFO>      [IRIS] Failed
2019-10-05 15:40:57 :  <INFO>      [Button clicked] Scan
2019-10-05 15:40:57 :  <INFO>      [Scan] Started
2019-10-05 15:40:58 :  <INFO>      [Database] Downloading database
2019-10-05 15:40:58 :  <INFO>      [Database] Checking integrity
2019-10-05 15:40:58 :  <INFO>      [Database] Found  2586  families
2019-10-05 15:40:58 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-05 15:41:00 :  <INFO>      [Loading paths] Local paths loaded
2019-10-05 15:41:00 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-05 15:41:00 :  <INFO>      [Loading paths] User Keys loaded
2019-10-05 15:41:00 :  <INFO>      [Module initialized]  "File"
2019-10-05 15:41:00 :  <INFO>      [Module initialized]  "Folder"
2019-10-05 15:41:00 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-05 15:41:00 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-05 15:41:01 :  <INFO>      [Module initialized]  "TaskName"
2019-10-05 15:41:01 :  <INFO>      [Module initialized]  "Service"
2019-10-05 15:41:01 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "URL"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "DNS"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegOther"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "WMI"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-05 15:41:40 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-05 15:41:40 :  <INFO>      [Module initialize] Scan Browser
2019-10-05 15:41:44 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-05 15:41:44 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-05 15:41:44 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-05 15:41:44 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-05 15:41:44 :  <INFO>      [Scan] Exclusions loaded
2019-10-05 15:42:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-05 15:42:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-05 15:42:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:42:49 :  <INFO>
         
__________________

Geändert von Grosserdummi (16.10.2019 um 23:53 Uhr)

Alt 16.10.2019, 23:56   #4
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Code:
ATTFilter
[Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-05 15:42:49 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-05 15:42:52 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-05 15:42:52 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-05 15:42:59 :  <INFO>      [Telemetry] Sending to Influx
2019-10-05 15:43:00 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-05 15:43:00 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-05 15:43:00 :  <INFO>      [SslCert] Locality Name ()
2019-10-05 15:43:00 :  <INFO>      [SslCert] Organization ()
2019-10-05 15:43:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-05 15:43:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-05 15:43:00 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:43:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:43:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:43:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:43:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-05 15:43:00 :  <INFO>      [Telemetry] Sending to DSE
2019-10-05 15:43:01 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-05 15:43:01 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-05 15:43:01 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-05 15:43:01 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-05 15:43:01 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-05 15:43:01 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-05 15:43:01 :  <INFO>      [SslCert] ALPN: Yes
2019-10-05 15:43:01 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-05 15:43:01 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-05 15:43:01 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-05 15:43:01 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-05 15:43:01 :  <INFO>      [Scan] Finished
2019-10-05 15:43:28 :  <INFO>      [Application] Closing AdwCleaner
2019-10-06 08:13:19 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-06 08:13:27 :  <INFO>      [MBInstaller] Checking Iris
2019-10-06 08:13:27 :  <INFO>      [IRIS] Making request
2019-10-06 08:13:27 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-06 08:13:27 :  <INFO>      [Telemetry] Sending hello
2019-10-06 08:13:28 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-06 08:13:28 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-06 08:13:28 :  <INFO>      [SslCert] ALPN: None
2019-10-06 08:13:28 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 08:13:28 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 08:13:28 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 08:13:28 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-06 08:13:28 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-06 08:13:28 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-06 08:13:28 :  <INFO>      [SslCert] ALPN: None
2019-10-06 08:13:28 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 08:13:28 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 08:13:28 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 08:13:28 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-06 08:13:28 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-06 08:13:28 :  <INFO>      [IRIS] Failed
2019-10-06 08:13:34 :  <INFO>      [Button clicked] Scan
2019-10-06 08:13:34 :  <INFO>      [Scan] Started
2019-10-06 08:13:34 :  <INFO>      [Database] Downloading database
2019-10-06 08:13:35 :  <INFO>      [Database] Checking integrity
2019-10-06 08:13:35 :  <INFO>      [Database] Found  2586  families
2019-10-06 08:13:35 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-06 08:13:36 :  <INFO>      [Loading paths] Local paths loaded
2019-10-06 08:13:36 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-06 08:13:36 :  <INFO>      [Loading paths] User Keys loaded
2019-10-06 08:13:36 :  <INFO>      [Module initialized]  "File"
2019-10-06 08:13:36 :  <INFO>      [Module initialized]  "Folder"
2019-10-06 08:13:36 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-06 08:13:36 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-06 08:13:37 :  <INFO>      [Module initialized]  "TaskName"
2019-10-06 08:13:37 :  <INFO>      [Module initialized]  "Service"
2019-10-06 08:13:37 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "URL"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "DNS"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegOther"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "WMI"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-06 08:14:26 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-06 08:14:26 :  <INFO>      [Module initialize] Scan Browser
2019-10-06 08:14:28 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-06 08:14:28 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-06 08:14:28 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-06 08:14:28 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-06 08:14:28 :  <INFO>      [Scan] Exclusions loaded
2019-10-06 08:15:15 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-06 08:15:15 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-06 08:15:15 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-06 08:15:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-06 08:15:19 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-06 08:15:19 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-06 08:15:25 :  <INFO>      [Telemetry] Sending to Influx
2019-10-06 08:15:27 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-06 08:15:27 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-06 08:15:27 :  <INFO>      [SslCert] Locality Name ()
2019-10-06 08:15:27 :  <INFO>      [SslCert] Organization ()
2019-10-06 08:15:27 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-06 08:15:27 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-06 08:15:27 :  <INFO>      [SslCert] ALPN: Yes
2019-10-06 08:15:27 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 08:15:27 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 08:15:27 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 08:15:27 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-06 08:15:27 :  <INFO>      [Telemetry] Sending to DSE
2019-10-06 08:15:28 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 08:15:28 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 08:15:28 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-06 08:15:28 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-06 08:15:28 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-06 08:15:28 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-06 08:15:28 :  <INFO>      [SslCert] ALPN: Yes
2019-10-06 08:15:28 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 08:15:28 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 08:15:28 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 08:15:28 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-06 08:15:28 :  <INFO>      [Scan] Finished
2019-10-06 08:15:47 :  <INFO>      [Button clicked] Cancel
2019-10-06 08:15:55 :  <INFO>      [Button clicked] Quarantine menu item
2019-10-06 08:16:35 :  <INFO>      [Application] Closing AdwCleaner
2019-10-06 09:34:24 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-06 09:34:32 :  <INFO>      [MBInstaller] Checking Iris
2019-10-06 09:34:32 :  <INFO>      [IRIS] Making request
2019-10-06 09:34:32 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-06 09:34:32 :  <INFO>      [Telemetry] Sending hello
2019-10-06 09:34:33 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-06 09:34:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-06 09:34:33 :  <INFO>      [SslCert] ALPN: None
2019-10-06 09:34:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 09:34:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 09:34:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 09:34:33 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-06 09:34:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-06 09:34:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-06 09:34:33 :  <INFO>      [SslCert] ALPN: None
2019-10-06 09:34:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 09:34:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 09:34:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 09:34:33 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-06 09:34:33 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-06 09:34:33 :  <INFO>      [IRIS] Failed
2019-10-06 09:34:39 :  <INFO>      [Button clicked] Scan
2019-10-06 09:34:39 :  <INFO>      [Scan] Started
2019-10-06 09:34:40 :  <INFO>      [Database] Downloading database
2019-10-06 09:34:40 :  <INFO>      [Database] Checking integrity
2019-10-06 09:34:40 :  <INFO>      [Database] Found  2586  families
2019-10-06 09:34:40 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-06 09:34:41 :  <INFO>      [Loading paths] Local paths loaded
2019-10-06 09:34:41 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-06 09:34:41 :  <INFO>      [Loading paths] User Keys loaded
2019-10-06 09:34:41 :  <INFO>      [Module initialized]  "File"
2019-10-06 09:34:41 :  <INFO>      [Module initialized]  "Folder"
2019-10-06 09:34:41 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-06 09:34:41 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-06 09:34:43 :  <INFO>      [Module initialized]  "TaskName"
2019-10-06 09:34:43 :  <INFO>      [Module initialized]  "Service"
2019-10-06 09:34:43 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "URL"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "DNS"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegOther"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "WMI"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-06 09:35:26 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-06 09:35:26 :  <INFO>      [Module initialize] Scan Browser
2019-10-06 09:35:27 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-06 09:35:27 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-06 09:35:27 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-06 09:35:27 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-06 09:35:27 :  <INFO>      [Scan] Exclusions loaded
2019-10-06 09:36:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-06 09:36:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-06 09:36:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-06 09:36:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-06 09:36:15 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-06 09:36:15 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-06 09:36:20 :  <INFO>      [Telemetry] Sending to Influx
2019-10-06 09:36:22 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-06 09:36:22 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-06 09:36:22 :  <INFO>      [SslCert] Locality Name ()
2019-10-06 09:36:22 :  <INFO>      [SslCert] Organization ()
2019-10-06 09:36:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-06 09:36:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-06 09:36:22 :  <INFO>      [SslCert] ALPN: Yes
2019-10-06 09:36:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 09:36:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 09:36:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 09:36:22 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-06 09:36:22 :  <INFO>      [Telemetry] Sending to DSE
2019-10-06 09:36:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-06 09:36:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-06 09:36:23 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-06 09:36:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-06 09:36:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-06 09:36:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-06 09:36:23 :  <INFO>      [SslCert] ALPN: Yes
2019-10-06 09:36:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-06 09:36:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-06 09:36:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-06 09:36:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-06 09:36:23 :  <INFO>      [Scan] Finished
2019-10-06 09:36:26 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 20:51:05 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 20:51:12 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 20:51:12 :  <INFO>      [IRIS] Making request
2019-10-10 20:51:13 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 20:51:13 :  <INFO>      [Telemetry] Sending hello
2019-10-10 20:51:14 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:51:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:51:14 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:51:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:51:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:51:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:51:14 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:51:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:51:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:51:14 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:51:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:51:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:51:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:51:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 20:51:14 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 20:51:14 :  <INFO>      [IRIS] Failed
2019-10-10 20:51:16 :  <INFO>      [Button clicked] Scan
2019-10-10 20:51:16 :  <INFO>      [Scan] Started
2019-10-10 20:51:16 :  <INFO>      [Database] Downloading database
2019-10-10 20:51:17 :  <INFO>      [Database] Checking integrity
2019-10-10 20:51:17 :  <INFO>      [Database] Found  2586  families
2019-10-10 20:51:17 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 20:51:18 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 20:51:18 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 20:51:18 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 20:51:18 :  <INFO>      [Module initialized]  "File"
2019-10-10 20:51:18 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 20:51:18 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 20:51:18 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 20:51:19 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 20:51:19 :  <INFO>      [Module initialized]  "Service"
2019-10-10 20:51:19 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 20:51:53 :  <INFO>      [Module initialized]  "URL"
2019-10-10 20:51:53 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 20:51:53 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 20:51:53 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 20:51:54 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 20:51:54 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 20:51:56 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 20:51:56 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 20:51:56 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 20:51:56 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 20:51:56 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 20:52:33 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-10 20:52:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-10 20:52:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:52:38 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>
         
Code:
ATTFilter
     [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-10 20:52:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-10 20:52:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-10 20:52:48 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:52:50 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:52:50 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:52:50 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:52:50 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:52:50 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:52:50 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:52:50 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:52:50 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:52:50 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:52:50 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:52:50 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:52:50 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:52:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:52:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:52:51 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:52:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:52:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:52:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:52:51 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:52:51 :  <INFO>      [Scan] Finished
2019-10-10 20:53:04 :  <INFO>      [Button clicked] Next
2019-10-10 20:53:07 :  <INFO>      [Button clicked] Previous
2019-10-10 20:53:14 :  <INFO>      [Button clicked] Next
2019-10-10 20:53:16 :  <INFO>      [Button clicked] Clean & repair
2019-10-10 20:53:19 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Started
2019-10-10 20:53:19 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-10 20:53:19 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-10 20:53:19 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191010.225319"
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-10 20:53:19 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-10 20:53:22 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:53:22 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:53:22 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:53:22 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:53:22 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:53:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:53:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:53:22 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:53:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:53:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:53:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:53:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:53:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:53:23 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:53:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:53:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:53:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:53:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:53:23 :  <INFO>      [Cleaning] Finished
2019-10-10 20:53:26 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-10 20:53:27 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 20:57:46 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 20:57:54 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 20:57:54 :  <INFO>      [IRIS] Making request
2019-10-10 20:57:55 :  <INFO>      [Telemetry] Sending hello
2019-10-10 20:57:55 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:57:56 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:57:56 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:57:56 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:57:56 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:57:56 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 20:57:56 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 20:57:56 :  <INFO>      [IRIS] Failed
2019-10-10 20:58:04 :  <INFO>      [Button clicked] Scan
2019-10-10 20:58:04 :  <INFO>      [Scan] Started
2019-10-10 20:58:04 :  <INFO>      [Database] Downloading database
2019-10-10 20:58:05 :  <INFO>      [Database] Checking integrity
2019-10-10 20:58:05 :  <INFO>      [Database] Found  2586  families
2019-10-10 20:58:05 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 20:58:06 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 20:58:07 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 20:58:07 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "File"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "Service"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "URL"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 20:58:49 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 20:58:50 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 20:58:50 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-10 20:59:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-10 20:59:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-10 20:59:52 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:59:53 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:59:53 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:59:53 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:59:53 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:59:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:59:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:59:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:59:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:59:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:59:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:59:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:59:53 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:59:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:59:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:59:54 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:59:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:59:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:59:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:59:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:59:54 :  <INFO>      [Scan] Finished
2019-10-10 20:59:59 :  <INFO>      [Button clicked] Open MB
2019-10-10 21:00:19 :  <INFO>      [Button clicked] Open MB
2019-10-10 21:01:08 :  <INFO>      [Application] Closing AdwCleaner
2019-10-11 06:32:34 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-11 06:32:43 :  <INFO>      [MBInstaller] Checking Iris
2019-10-11 06:32:43 :  <INFO>      [IRIS] Making request
2019-10-11 06:32:43 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] ALPN: None
2019-10-11 06:32:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:32:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] ALPN: None
2019-10-11 06:32:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:32:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:32:44 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-11 06:32:44 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-11 06:32:44 :  <INFO>      [IRIS] Failed
2019-10-11 06:32:45 :  <INFO>      [Button clicked] Scan
2019-10-11 06:32:45 :  <INFO>      [Scan] Started
2019-10-11 06:32:45 :  <INFO>      [Database] Downloading database
2019-10-11 06:32:47 :  <INFO>      [Database] Checking integrity
2019-10-11 06:32:47 :  <INFO>      [Database] Found  2586  families
2019-10-11 06:32:47 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-11 06:32:47 :  <INFO>      [Loading paths] Local paths loaded
2019-10-11 06:32:48 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-11 06:32:48 :  <INFO>      [Loading paths] User Keys loaded
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "File"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "Folder"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "TaskName"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "Service"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "URL"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "DNS"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegOther"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "WMI"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-11 06:33:37 :  <INFO>      [Module initialize] Scan Browser
2019-10-11 06:33:38 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-11 06:33:38 :  <INFO>      [Scan] Exclusions loaded
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-11 06:34:25 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-11 06:34:25 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-11 06:34:32 :  <INFO>      [Telemetry] Sending to Influx
2019-10-11 06:34:33 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-11 06:34:33 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-11 06:34:33 :  <INFO>      [SslCert] Locality Name ()
2019-10-11 06:34:33 :  <INFO>      [SslCert] Organization ()
2019-10-11 06:34:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-11 06:34:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-11 06:34:33 :  <INFO>      [SslCert] ALPN: Yes
2019-10-11 06:34:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:34:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:34:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:34:33 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-11 06:34:33 :  <INFO>      [Telemetry] Sending to DSE
2019-10-11 06:34:34 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-11 06:34:34 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-11 06:34:34 :  <INFO>      [SslCert] ALPN: Yes
2019-10-11 06:34:34 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:34:34 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:34:34 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:34:34 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-11 06:34:34 :  <INFO>      [Scan] Finished
2019-10-11 06:34:38 :  <INFO>      [Application] Closing AdwCleaner
2019-10-12 08:47:32 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-12 08:47:41 :  <INFO>      [MBInstaller] Checking Iris
2019-10-12 08:47:41 :  <INFO>      [IRIS] Making request
2019-10-12 08:47:42 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-12 08:47:42 :  <INFO>      [Telemetry] Sending hello
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] ALPN: None
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:47:44 :  <INFO>      [SslCert] ALPN: None
2019-10-12 08:47:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:47:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:47:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:47:44 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-12 08:47:44 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 08:47:44 :  <INFO>      [IRIS] Failed
2019-10-12 08:47:46 :  <INFO>      [Button clicked] Scan
2019-10-12 08:47:46 :  <INFO>      [Scan] Started
2019-10-12 08:47:46 :  <INFO>      [Database] Downloading database
2019-10-12 08:47:47 :  <INFO>      [Database] Checking integrity
2019-10-12 08:47:47 :  <INFO>      [Database] Found  2586  families
2019-10-12 08:47:47 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-12 08:47:48 :  <INFO>      [Loading paths] Local paths loaded
2019-10-12 08:47:48 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-12 08:47:48 :  <INFO>      [Loading paths] User Keys loaded
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "File"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "Folder"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "TaskName"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "Service"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "URL"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "DNS"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegOther"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "WMI"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-12 08:48:25 :  <INFO>      [Module initialize] Scan Browser
2019-10-12 08:48:27 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-12 08:48:27 :  <INFO>      [Scan] Exclusions loaded
2019-10-12 08:49:03 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-12 08:49:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-12 08:49:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-12 08:49:20 :  <INFO>      [Telemetry] Sending to Influx
2019-10-12 08:49:22 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-12 08:49:22 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-12 08:49:22 :  <INFO>      [SslCert] Locality Name ()
2019-10-12 08:49:22 :  <INFO>      [SslCert] Organization ()
2019-10-12 08:49:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-12 08:49:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-12 08:49:22 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:22 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-12 08:49:22 :  <INFO>      [Telemetry] Sending to DSE
2019-10-12 08:49:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-12 08:49:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-12 08:49:23 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-12 08:49:23 :  <INFO>      [Scan] Finished
2019-10-12 08:49:31 :  <INFO>      [Button clicked] Next
2019-10-12 08:49:32 :  <INFO>      [Button clicked] Clean & repair
2019-10-12 08:49:35 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Started
2019-10-12 08:49:35 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-12 08:49:35 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-12 08:49:35 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191012.104935"
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:35 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-12 08:49:38 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Sending to Influx
2019-10-12 08:49:38 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-12 08:49:38 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-12 08:49:38 :  <INFO>      [SslCert] Locality Name ()
2019-10-12 08:49:38 :  <INFO>      [SslCert] Organization ()
2019-10-12 08:49:38 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-12 08:49:38 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-12 08:49:38 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:38 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:38 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:38 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Sending to DSE
2019-10-12 08:49:39 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-12 08:49:39 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-12 08:49:39 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:39 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:39 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:39 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:39 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-12 08:49:39 :  <INFO>      [Cleaning] Finished
2019-10-12 08:49:43 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-12 08:49:44 :  <INFO>      [Application] Closing AdwCleaner
2019-10-12 10:29:40 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-12 10:29:53 :  <INFO>      [MBInstaller] Checking Iris
2019-10-12 10:29:53 :  <INFO>      [IRIS] Making request
2019-10-12 10:29:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:55 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 10:29:55 :  <INFO>      [SslCert] ALPN: None
2019-10-12 10:29:55 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:55 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 10:29:55 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:55 :  <INFO>      [MBBanner] Checking Iris
2019-10-12 10:29:55 :  <INFO>      [IRIS] Making request
2019-10-12 10:29:55 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-12 10:29:55 :  <INFO>      [Telemetry] Sending hello
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:56 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
o Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
kt 6 12:00:00 2020 GMT"
2019-10-12 10:29:56 :  <INFO>      [SslCert] ALPN: None
 EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 10:29:57 :  <INFO>      [SslCert] ALPN: None
2019-10-12 10:29:57 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:57 :  <INFO>      [SslCert] KXE:  "ECDH"
HE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:57 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-12 10:29:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:57 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 10:29:57 :  <INFO>      [IRIS] Failed
2019-10-12 10:30:11 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 14:12:52 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 14:13:03 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 14:13:03 :  <INFO>      [IRIS] Making request
2019-10-15 14:13:04 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 14:13:04 :  <INFO>      [Telemetry] Sending hello
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] ALPN: None
2019-10-15 14:13:05 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:13:05 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] ALPN: None
2019-10-15 14:13:05 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:13:05 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:13:05 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 14:13:05 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 14:13:05 :  <INFO>      [IRIS] Failed
2019-10-15 14:13:07 :  <INFO>      [Button clicked] Scan
2019-10-15 14:13:07 :  <INFO>      [Scan] Started
2019-10-15 14:13:07 :  <INFO>      [Database] Downloading database
2019-10-15 14:13:08 :  <INFO>      [Database] Checking integrity
2019-10-15 14:13:08 :  <INFO>      [Database] Found  2586  families
2019-10-15 14:13:08 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 14:13:10 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 14:13:10 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 14:13:10 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "File"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 14:13:11 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 14:13:12 :  <INFO>      [Module initialized]  "Service"
2019-10-15 14:13:12 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "URL"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 14:14:34 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 14:14:41 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 14:14:41 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 14:15:53 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 14:16:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 14:16:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 14:16:11 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 14:16:14 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 14:16:14 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 14:16:14 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 14:16:14 :  <INFO>      [SslCert] Organization ()
2019-10-15 14:16:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 14:16:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 14:16:14 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 14:16:14 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 14:16:15 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 14:16:15 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 14:16:15 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:15 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:15 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:15 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:15 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 14:16:15 :  <INFO>      [Scan] Finished
2019-10-15 14:16:23 :  <INFO>      [Button clicked] Log files menu item
2019-10-15 14:16:35 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-15 14:16:38 :  <INFO>      [Button clicked] Next
2019-10-15 14:16:40 :  <INFO>      [Button clicked] Clean & repair
2019-10-15 14:16:42 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Started
2019-10-15 14:16:42 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-15 14:16:42 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-15 14:16:42 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191015.161642"
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:42 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-15 14:16:52 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 14:16:52 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 14:16:52 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 14:16:52 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 14:16:52 :  <INFO>      [SslCert] Organization ()
2019-10-15 14:16:52 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 14:16:52 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 14:16:52 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:52 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:52 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:52 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 14:16:53 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 14:16:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 14:16:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 14:16:53 :  <INFO>      [Cleaning] Finished
2019-10-15 14:17:00 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-15 14:17:02 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 21:37:05 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 21:37:15 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 21:37:15 :  <INFO>      [IRIS] Making request
2019-10-15 21:37:16 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 21:37:16 :  <INFO>      [Telemetry] Sending hello
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:37:17 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:37:17 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:37:17 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:37:17 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:37:17 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 21:37:17 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 21:37:17 :  <INFO>      [IRIS] Failed
2019-10-15 21:37:18 :  <INFO>      [Button clicked] Scan
2019-10-15 21:37:18 :  <INFO>      [Scan] Started
2019-10-15 21:37:18 :  <INFO>      [Database] Downloading database
2019-10-15 21:37:19 :  <INFO>      [Database] Checking integrity
2019-10-15 21:37:19 :  <INFO>      [Database] Found  2586  families
2019-10-15 21:37:19 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 21:37:21 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 21:37:21 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 21:37:21 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "File"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 21:37:22 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 21:37:23 :  <INFO>      [Module initialized]  "Service"
2019-10-15 21:37:23 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "URL"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 21:38:14 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 21:38:17 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 21:38:17 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 21:38:58 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 21:39:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 21:39:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 21:39:16 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:39:18 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:39:18 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:39:18 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:39:18 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:39:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:39:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:39:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:18 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:39:18 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:39:19 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:39:19 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:39:19 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:19 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:19 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:19 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:19 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 21:39:19 :  <INFO>      [Scan] Finished
2019-10-15 21:39:24 :  <INFO>      [Button clicked] Next
2019-10-15 21:39:26 :  <INFO>      [Button clicked] Clean & repair
2019-10-15 21:39:28 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Started
2019-10-15 21:39:28 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-15 21:39:28 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-15 21:39:28 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191015.233928"
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:28 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-15 21:39:36 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:39:36 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:39:36 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:39:36 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:39:36 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:39:36 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:39:36 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:39:36 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:36 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:36 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:36 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:39:37 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:39:37 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:39:37 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:37 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:37 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:37 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:37 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 21:39:37 :  <INFO>      [Cleaning] Finished
2019-10-15 21:39:45 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-15 21:39:47 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 21:43:41 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 21:43:49 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 21:43:49 :  <INFO>      [IRIS] Making request
2019-10-15 21:43:50 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 21:43:50 :  <INFO>      [Telemetry] Sending hello
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:43:51 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:43:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:43:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:43:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:43:51 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 21:43:51 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 21:43:51 :  <INFO>      [IRIS] Failed
2019-10-15 21:43:52 :  <INFO>      [Button clicked] Scan
2019-10-15 21:43:52 :  <INFO>      [Scan] Started
2019-10-15 21:43:52 :  <INFO>      [Database] Downloading database
2019-10-15 21:43:53 :  <INFO>      [Database] Checking integrity
2019-10-15 21:43:53 :  <INFO>      [Database] Found  2586  families
2019-10-15 21:43:53 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 21:43:54 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 21:43:54 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 21:43:54 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "File"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 21:43:55 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 21:43:56 :  <INFO>      [Module initialized]  "Service"
2019-10-15 21:43:56 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "URL"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 21:44:37 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 21:44:39 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 21:44:39 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 21:45:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 21:45:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 21:45:41 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:45:43 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:45:43 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:45:43 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:45:43 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:45:43 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:45:43 :  <INFO>
         

Alt 16.10.2019, 23:58   #5
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Code:
ATTFilter
     [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:52:39 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-10 20:52:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-10 20:52:43 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-10 20:52:48 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:52:50 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:52:50 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:52:50 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:52:50 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:52:50 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:52:50 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:52:50 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:52:50 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:52:50 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:52:50 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:52:50 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:52:50 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:52:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:52:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:52:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:52:51 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:52:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:52:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:52:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:52:51 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:52:51 :  <INFO>      [Scan] Finished
2019-10-10 20:53:04 :  <INFO>      [Button clicked] Next
2019-10-10 20:53:07 :  <INFO>      [Button clicked] Previous
2019-10-10 20:53:14 :  <INFO>      [Button clicked] Next
2019-10-10 20:53:16 :  <INFO>      [Button clicked] Clean & repair
2019-10-10 20:53:19 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Started
2019-10-10 20:53:19 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-10 20:53:19 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-10 20:53:19 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191010.225319"
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-10 20:53:19 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-10 20:53:19 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-10 20:53:22 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:53:22 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:53:22 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:53:22 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:53:22 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:53:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:53:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:53:22 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:53:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:53:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:53:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:53:22 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:53:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:53:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:53:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:53:23 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:53:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:53:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:53:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:53:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:53:23 :  <INFO>      [Cleaning] Finished
2019-10-10 20:53:26 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-10 20:53:27 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 20:57:46 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 20:57:54 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 20:57:54 :  <INFO>      [IRIS] Making request
2019-10-10 20:57:55 :  <INFO>      [Telemetry] Sending hello
2019-10-10 20:57:55 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:57:56 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:57:56 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-10 20:57:56 :  <INFO>      [SslCert] ALPN: None
2019-10-10 20:57:56 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:57:56 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:57:56 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:57:56 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 20:57:56 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 20:57:56 :  <INFO>      [IRIS] Failed
2019-10-10 20:58:04 :  <INFO>      [Button clicked] Scan
2019-10-10 20:58:04 :  <INFO>      [Scan] Started
2019-10-10 20:58:04 :  <INFO>      [Database] Downloading database
2019-10-10 20:58:05 :  <INFO>      [Database] Checking integrity
2019-10-10 20:58:05 :  <INFO>      [Database] Found  2586  families
2019-10-10 20:58:05 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 20:58:06 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 20:58:07 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 20:58:07 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "File"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 20:58:07 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "Service"
2019-10-10 20:58:08 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "URL"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 20:58:49 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 20:58:49 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 20:58:50 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 20:58:50 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 20:58:50 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:59:41 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-10 20:59:42 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-10 20:59:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-10 20:59:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-10 20:59:52 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 20:59:53 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 20:59:53 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 20:59:53 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 20:59:53 :  <INFO>      [SslCert] Organization ()
2019-10-10 20:59:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-10 20:59:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-10 20:59:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:59:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:59:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:59:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:59:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 20:59:53 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 20:59:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 20:59:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-10 20:59:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-10 20:59:54 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 20:59:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 20:59:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 20:59:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 20:59:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 20:59:54 :  <INFO>      [Scan] Finished
2019-10-10 20:59:59 :  <INFO>      [Button clicked] Open MB
2019-10-10 21:00:19 :  <INFO>      [Button clicked] Open MB
2019-10-10 21:01:08 :  <INFO>      [Application] Closing AdwCleaner
2019-10-11 06:32:34 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-11 06:32:43 :  <INFO>      [MBInstaller] Checking Iris
2019-10-11 06:32:43 :  <INFO>      [IRIS] Making request
2019-10-11 06:32:43 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] ALPN: None
2019-10-11 06:32:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:32:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-11 06:32:44 :  <INFO>      [SslCert] ALPN: None
2019-10-11 06:32:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:32:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:32:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:32:44 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-11 06:32:44 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-11 06:32:44 :  <INFO>      [IRIS] Failed
2019-10-11 06:32:45 :  <INFO>      [Button clicked] Scan
2019-10-11 06:32:45 :  <INFO>      [Scan] Started
2019-10-11 06:32:45 :  <INFO>      [Database] Downloading database
2019-10-11 06:32:47 :  <INFO>      [Database] Checking integrity
2019-10-11 06:32:47 :  <INFO>      [Database] Found  2586  families
2019-10-11 06:32:47 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-11 06:32:47 :  <INFO>      [Loading paths] Local paths loaded
2019-10-11 06:32:48 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-11 06:32:48 :  <INFO>      [Loading paths] User Keys loaded
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "File"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "Folder"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-11 06:32:48 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "TaskName"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "Service"
2019-10-11 06:32:49 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "URL"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "DNS"
2019-10-11 06:33:36 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegOther"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "WMI"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-11 06:33:37 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-11 06:33:37 :  <INFO>      [Module initialize] Scan Browser
2019-10-11 06:33:38 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-11 06:33:38 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-11 06:33:38 :  <INFO>      [Scan] Exclusions loaded
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-11 06:34:21 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-11 06:34:22 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-11 06:34:25 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-11 06:34:25 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-11 06:34:32 :  <INFO>      [Telemetry] Sending to Influx
2019-10-11 06:34:33 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-11 06:34:33 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-11 06:34:33 :  <INFO>      [SslCert] Locality Name ()
2019-10-11 06:34:33 :  <INFO>      [SslCert] Organization ()
2019-10-11 06:34:33 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-11 06:34:33 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-11 06:34:33 :  <INFO>      [SslCert] ALPN: Yes
2019-10-11 06:34:33 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:34:33 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:34:33 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:34:33 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-11 06:34:33 :  <INFO>      [Telemetry] Sending to DSE
2019-10-11 06:34:34 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-11 06:34:34 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-11 06:34:34 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-11 06:34:34 :  <INFO>      [SslCert] ALPN: Yes
2019-10-11 06:34:34 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-11 06:34:34 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-11 06:34:34 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-11 06:34:34 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-11 06:34:34 :  <INFO>      [Scan] Finished
2019-10-11 06:34:38 :  <INFO>      [Application] Closing AdwCleaner
2019-10-12 08:47:32 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-12 08:47:41 :  <INFO>      [MBInstaller] Checking Iris
2019-10-12 08:47:41 :  <INFO>      [IRIS] Making request
2019-10-12 08:47:42 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-12 08:47:42 :  <INFO>      [Telemetry] Sending hello
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] ALPN: None
2019-10-12 08:47:44 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:47:44 :  <INFO>      [SslCert] ALPN: None
2019-10-12 08:47:44 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:47:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:47:44 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:47:44 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:47:44 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-12 08:47:44 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 08:47:44 :  <INFO>      [IRIS] Failed
2019-10-12 08:47:46 :  <INFO>      [Button clicked] Scan
2019-10-12 08:47:46 :  <INFO>      [Scan] Started
2019-10-12 08:47:46 :  <INFO>      [Database] Downloading database
2019-10-12 08:47:47 :  <INFO>      [Database] Checking integrity
2019-10-12 08:47:47 :  <INFO>      [Database] Found  2586  families
2019-10-12 08:47:47 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-12 08:47:48 :  <INFO>      [Loading paths] Local paths loaded
2019-10-12 08:47:48 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-12 08:47:48 :  <INFO>      [Loading paths] User Keys loaded
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "File"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "Folder"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-12 08:47:48 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "TaskName"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "Service"
2019-10-12 08:47:49 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "URL"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "DNS"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegOther"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "WMI"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-12 08:48:25 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-12 08:48:25 :  <INFO>      [Module initialize] Scan Browser
2019-10-12 08:48:27 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-12 08:48:27 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-12 08:48:27 :  <INFO>      [Scan] Exclusions loaded
2019-10-12 08:49:03 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-12 08:49:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-12 08:49:10 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-12 08:49:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-12 08:49:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-12 08:49:20 :  <INFO>      [Telemetry] Sending to Influx
2019-10-12 08:49:22 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-12 08:49:22 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-12 08:49:22 :  <INFO>      [SslCert] Locality Name ()
2019-10-12 08:49:22 :  <INFO>      [SslCert] Organization ()
2019-10-12 08:49:22 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-12 08:49:22 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-12 08:49:22 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:22 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:22 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:22 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:22 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-12 08:49:22 :  <INFO>      [Telemetry] Sending to DSE
2019-10-12 08:49:23 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-12 08:49:23 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-12 08:49:23 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-12 08:49:23 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:23 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:23 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:23 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:23 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-12 08:49:23 :  <INFO>      [Scan] Finished
2019-10-12 08:49:31 :  <INFO>      [Button clicked] Next
2019-10-12 08:49:32 :  <INFO>      [Button clicked] Clean & repair
2019-10-12 08:49:35 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Started
2019-10-12 08:49:35 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-12 08:49:35 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-12 08:49:35 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191012.104935"
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:35 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-12 08:49:35 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-12 08:49:38 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Sending to Influx
2019-10-12 08:49:38 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-12 08:49:38 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-12 08:49:38 :  <INFO>      [SslCert] Locality Name ()
2019-10-12 08:49:38 :  <INFO>      [SslCert] Organization ()
2019-10-12 08:49:38 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-12 08:49:38 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-12 08:49:38 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:38 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:38 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:38 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-12 08:49:38 :  <INFO>      [Telemetry] Sending to DSE
2019-10-12 08:49:39 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-12 08:49:39 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-12 08:49:39 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-12 08:49:39 :  <INFO>      [SslCert] ALPN: Yes
2019-10-12 08:49:39 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 08:49:39 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 08:49:39 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 08:49:39 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-12 08:49:39 :  <INFO>      [Cleaning] Finished
2019-10-12 08:49:43 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-12 08:49:44 :  <INFO>      [Application] Closing AdwCleaner
2019-10-12 10:29:40 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-12 10:29:53 :  <INFO>      [MBInstaller] Checking Iris
2019-10-12 10:29:53 :  <INFO>      [IRIS] Making request
2019-10-12 10:29:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 10:29:55 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:55 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 10:29:55 :  <INFO>      [SslCert] ALPN: None
2019-10-12 10:29:55 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:55 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-12 10:29:55 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:55 :  <INFO>      [MBBanner] Checking Iris
2019-10-12 10:29:55 :  <INFO>      [IRIS] Making request
2019-10-12 10:29:55 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-12 10:29:55 :  <INFO>      [Telemetry] Sending hello
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-12 10:29:56 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-12 10:29:56 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
o Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:56 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
kt 6 12:00:00 2020 GMT"
2019-10-12 10:29:56 :  <INFO>      [SslCert] ALPN: None
 EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-12 10:29:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-12 10:29:57 :  <INFO>      [SslCert] ALPN: None
2019-10-12 10:29:57 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:57 :  <INFO>      [SslCert] KXE:  "ECDH"
HE-RSA-AES256-GCM-SHA384"
2019-10-12 10:29:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:57 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-12 10:29:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-12 10:29:57 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-12 10:29:57 :  <INFO>      [IRIS] Failed
2019-10-12 10:30:11 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 14:12:52 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 14:13:03 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 14:13:03 :  <INFO>      [IRIS] Making request
2019-10-15 14:13:04 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 14:13:04 :  <INFO>      [Telemetry] Sending hello
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] ALPN: None
2019-10-15 14:13:05 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:13:05 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 14:13:05 :  <INFO>      [SslCert] ALPN: None
2019-10-15 14:13:05 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:13:05 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:13:05 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:13:05 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 14:13:05 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 14:13:05 :  <INFO>      [IRIS] Failed
2019-10-15 14:13:07 :  <INFO>      [Button clicked] Scan
2019-10-15 14:13:07 :  <INFO>      [Scan] Started
2019-10-15 14:13:07 :  <INFO>      [Database] Downloading database
2019-10-15 14:13:08 :  <INFO>      [Database] Checking integrity
2019-10-15 14:13:08 :  <INFO>      [Database] Found  2586  families
2019-10-15 14:13:08 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 14:13:10 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 14:13:10 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 14:13:10 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "File"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 14:13:10 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 14:13:11 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 14:13:12 :  <INFO>      [Module initialized]  "Service"
2019-10-15 14:13:12 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "URL"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 14:14:33 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 14:14:34 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 14:14:34 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 14:14:41 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 14:14:41 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 14:14:41 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 14:15:53 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 14:16:00 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 14:16:01 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 14:16:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 14:16:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 14:16:11 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 14:16:14 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 14:16:14 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 14:16:14 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 14:16:14 :  <INFO>      [SslCert] Organization ()
2019-10-15 14:16:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 14:16:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 14:16:14 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 14:16:14 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 14:16:15 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 14:16:15 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 14:16:15 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 14:16:15 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:15 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:15 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:15 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:15 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 14:16:15 :  <INFO>      [Scan] Finished
2019-10-15 14:16:23 :  <INFO>      [Button clicked] Log files menu item
2019-10-15 14:16:35 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-15 14:16:38 :  <INFO>      [Button clicked] Next
2019-10-15 14:16:40 :  <INFO>      [Button clicked] Clean & repair
2019-10-15 14:16:42 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Started
2019-10-15 14:16:42 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-15 14:16:42 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-15 14:16:42 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191015.161642"
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:42 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 14:16:42 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-15 14:16:52 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 14:16:52 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 14:16:52 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 14:16:52 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 14:16:52 :  <INFO>      [SslCert] Organization ()
2019-10-15 14:16:52 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 14:16:52 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 14:16:52 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:52 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:52 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:52 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 14:16:52 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 14:16:53 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 14:16:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 14:16:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 14:16:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 14:16:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 14:16:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 14:16:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 14:16:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 14:16:53 :  <INFO>      [Cleaning] Finished
2019-10-15 14:17:00 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-15 14:17:02 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 21:37:05 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 21:37:15 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 21:37:15 :  <INFO>      [IRIS] Making request
2019-10-15 21:37:16 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 21:37:16 :  <INFO>      [Telemetry] Sending hello
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:37:17 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:37:17 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:37:17 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:37:17 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:37:17 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:37:17 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:37:17 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 21:37:17 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 21:37:17 :  <INFO>      [IRIS] Failed
2019-10-15 21:37:18 :  <INFO>      [Button clicked] Scan
2019-10-15 21:37:18 :  <INFO>      [Scan] Started
2019-10-15 21:37:18 :  <INFO>      [Database] Downloading database
2019-10-15 21:37:19 :  <INFO>      [Database] Checking integrity
2019-10-15 21:37:19 :  <INFO>      [Database] Found  2586  families
2019-10-15 21:37:19 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 21:37:21 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 21:37:21 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 21:37:21 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "File"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 21:37:21 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 21:37:22 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 21:37:23 :  <INFO>      [Module initialized]  "Service"
2019-10-15 21:37:23 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "URL"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 21:38:14 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 21:38:14 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 21:38:17 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 21:38:17 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 21:38:17 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 21:38:58 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:39:04 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:39:05 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 21:39:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 21:39:09 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 21:39:16 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:39:18 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:39:18 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:39:18 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:39:18 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:39:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:39:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:39:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:18 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:39:18 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:39:19 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:39:19 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:39:19 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:39:19 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:19 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:19 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:19 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:19 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 21:39:19 :  <INFO>      [Scan] Finished
2019-10-15 21:39:24 :  <INFO>      [Button clicked] Next
2019-10-15 21:39:26 :  <INFO>      [Button clicked] Clean & repair
2019-10-15 21:39:28 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Started
2019-10-15 21:39:28 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-15 21:39:28 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-15 21:39:28 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191015.233928"
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:28 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-15 21:39:28 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-15 21:39:36 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:39:36 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:39:36 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:39:36 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:39:36 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:39:36 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:39:36 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:39:36 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:36 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:36 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:36 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:39:36 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:39:37 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:39:37 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:39:37 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:39:37 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:39:37 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:39:37 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:39:37 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:39:37 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 21:39:37 :  <INFO>      [Cleaning] Finished
2019-10-15 21:39:45 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-15 21:39:47 :  <INFO>      [Application] Closing AdwCleaner
2019-10-15 21:43:41 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-15 21:43:49 :  <INFO>      [MBInstaller] Checking Iris
2019-10-15 21:43:49 :  <INFO>      [IRIS] Making request
2019-10-15 21:43:50 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-15 21:43:50 :  <INFO>      [Telemetry] Sending hello
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:43:51 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:43:51 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-15 21:43:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-15 21:43:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-15 21:43:51 :  <INFO>      [SslCert] ALPN: None
2019-10-15 21:43:51 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:43:51 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:43:51 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:43:51 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-15 21:43:51 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-15 21:43:51 :  <INFO>      [IRIS] Failed
2019-10-15 21:43:52 :  <INFO>      [Button clicked] Scan
2019-10-15 21:43:52 :  <INFO>      [Scan] Started
2019-10-15 21:43:52 :  <INFO>      [Database] Downloading database
2019-10-15 21:43:53 :  <INFO>      [Database] Checking integrity
2019-10-15 21:43:53 :  <INFO>      [Database] Found  2586  families
2019-10-15 21:43:53 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-15 21:43:54 :  <INFO>      [Loading paths] Local paths loaded
2019-10-15 21:43:54 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-15 21:43:54 :  <INFO>      [Loading paths] User Keys loaded
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "File"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "Folder"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-15 21:43:54 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-15 21:43:55 :  <INFO>      [Module initialized]  "TaskName"
2019-10-15 21:43:56 :  <INFO>      [Module initialized]  "Service"
2019-10-15 21:43:56 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "URL"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "DNS"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegOther"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "WMI"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-15 21:44:37 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-15 21:44:37 :  <INFO>      [Module initialize] Scan Browser
2019-10-15 21:44:39 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-15 21:44:39 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-15 21:44:39 :  <INFO>      [Scan] Exclusions loaded
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:45:31 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-15 21:45:32 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-15 21:45:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-15 21:45:35 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-15 21:45:41 :  <INFO>      [Telemetry] Sending to Influx
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Locality Name ()
2019-10-15 21:45:43 :  <INFO>      [SslCert] Organization ()
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:45:43 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:45:43 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:45:43 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-15 21:45:43 :  <INFO>      [Telemetry] Sending to DSE
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-15 21:45:43 :  <INFO>      [SslCert] ALPN: Yes
2019-10-15 21:45:43 :  <INFO>
         
Code:
ATTFilter
     [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-15 21:45:43 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-15 21:45:43 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-15 21:45:43 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-15 21:45:43 :  <INFO>      [Scan] Finished
2019-10-15 21:45:57 :  <INFO>      [Application] Closing AdwCleaner
2019-10-16 18:39:56 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-16 18:40:06 :  <INFO>      [MBInstaller] Checking Iris
2019-10-16 18:40:06 :  <INFO>      [IRIS] Making request
2019-10-16 18:40:07 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-16 18:40:07 :  <INFO>      [Telemetry] Sending hello
2019-10-16 18:40:08 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-16 18:40:08 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-16 18:40:08 :  <INFO>      [SslCert] ALPN: None
2019-10-16 18:40:08 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 18:40:08 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 18:40:08 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 18:40:08 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-16 18:40:08 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-16 18:40:08 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-16 18:40:08 :  <INFO>      [SslCert] ALPN: None
2019-10-16 18:40:08 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 18:40:08 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 18:40:08 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 18:40:08 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-16 18:40:08 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-16 18:40:08 :  <INFO>      [IRIS] Failed
2019-10-16 18:40:09 :  <INFO>      [Button clicked] Scan
2019-10-16 18:40:09 :  <INFO>      [Scan] Started
2019-10-16 18:40:09 :  <INFO>      [Database] Downloading database
2019-10-16 18:40:11 :  <INFO>      [Database] Checking integrity
2019-10-16 18:40:11 :  <INFO>      [Database] Found  2586  families
2019-10-16 18:40:11 :  <INFO>      [Database] Database v "2019-10-14.1"
2019-10-16 18:40:12 :  <INFO>      [Loading paths] Local paths loaded
2019-10-16 18:40:12 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-16 18:40:12 :  <INFO>      [Loading paths] User Keys loaded
2019-10-16 18:40:12 :  <INFO>      [Module initialized]  "File"
2019-10-16 18:40:12 :  <INFO>      [Module initialized]  "Folder"
2019-10-16 18:40:12 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-16 18:40:12 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-16 18:40:13 :  <INFO>      [Module initialized]  "TaskName"
2019-10-16 18:40:13 :  <INFO>      [Module initialized]  "Service"
2019-10-16 18:40:13 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-16 18:40:51 :  <INFO>      [Module initialized]  "URL"
2019-10-16 18:40:51 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-16 18:40:51 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-16 18:40:51 :  <INFO>      [Module initialized]  "DNS"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegOther"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "WMI"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-16 18:40:52 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-16 18:40:52 :  <INFO>      [Module initialize] Scan Browser
2019-10-16 18:40:56 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-16 18:40:56 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-16 18:40:56 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-16 18:40:56 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-16 18:40:56 :  <INFO>      [Scan] Exclusions loaded
2019-10-16 18:41:39 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "C:\\Program Files\\CYBERLINK\\LABELPRINT" [ "Folder" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.CyberLinkLabelPrint" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{C59C179C-668D-49A9-B6EA-0121CCFC1243}" [ "Registry" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\******\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\*****\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Users\\Andi\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\Program Files\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-16 18:41:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungSmartSwitch" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2019-10-16 18:41:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-16 18:41:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" [ "Registry" ]
2019-10-16 18:41:48 :  <INFO>      [Scan] Item detected:  "Preinstalled.LenovoPower2Go" ,  "HKLM\\Software\\Microsoft\\Shared Tools\\MSConfig\\startupreg\\CLMLServer" [ "Registry" ]
2019-10-16 18:41:51 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "C:\\Program Files\\HEWLETT-PACKARD\\HP SUPPORT SOLUTIONS" [ "Folder" ]
2019-10-16 18:41:51 :  <INFO>      [Scan] Item detected:  "Preinstalled.HPSupportAssistant" ,  "HKLM\\Software\\Classes\\CLSID\\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}" [ "Registry" ]
2019-10-16 18:41:58 :  <INFO>      [Telemetry] Sending to Influx
2019-10-16 18:42:02 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-16 18:42:02 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-16 18:42:02 :  <INFO>      [SslCert] Locality Name ()
2019-10-16 18:42:02 :  <INFO>      [SslCert] Organization ()
2019-10-16 18:42:02 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So Aug 18 10:50:38 2019 GMT"
2019-10-16 18:42:02 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Nov 16 10:50:38 2019 GMT"
2019-10-16 18:42:02 :  <INFO>      [SslCert] ALPN: Yes
2019-10-16 18:42:02 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 18:42:02 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 18:42:02 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 18:42:02 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-16 18:42:02 :  <INFO>      [Telemetry] Sending to DSE
2019-10-16 18:42:03 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-16 18:42:03 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-16 18:42:03 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-16 18:42:03 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-16 18:42:03 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-16 18:42:03 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-16 18:42:03 :  <INFO>      [SslCert] ALPN: Yes
2019-10-16 18:42:03 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 18:42:03 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 18:42:03 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 18:42:03 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-16 18:42:03 :  <INFO>      [Scan] Finished
2019-10-16 19:46:12 :  <INFO>      [Button clicked] Next
2019-10-16 19:46:14 :  <INFO>      [Button clicked] Clean & repair
2019-10-16 19:46:15 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-16 19:46:15 :  <INFO>      [Cleaning] Started
2019-10-16 19:46:15 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-16 19:46:15 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-16 19:46:16 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191016.214615"
2019-10-16 19:46:16 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-16 19:46:16 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "HKU\\S-1-5-21-2637316431-523064892-2508072546-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{7854F00C-DC77-477E-A10E-603F48442D3B}" [ "Registry" ]
2019-10-16 19:46:16 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-16 19:46:21 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-16 19:46:21 :  <INFO>      [Telemetry] Sending to Influx
2019-10-16 19:46:23 :  <INFO>      [Telemetry] Sending to DSE
2019-10-16 19:46:25 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-16 19:46:25 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-16 19:46:25 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-16 19:46:25 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-16 19:46:25 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Feb 22 00:00:00 2018 GMT"
2019-10-16 19:46:25 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Apr 22 12:00:00 2020 GMT"
2019-10-16 19:46:25 :  <INFO>      [SslCert] ALPN: Yes
2019-10-16 19:46:25 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 19:46:25 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 19:46:25 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 19:46:25 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-16 19:46:25 :  <INFO>      [Cleaning] Finished
2019-10-16 19:46:30 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-16 19:46:32 :  <INFO>      [Application] Closing AdwCleaner
2019-10-16 21:14:25 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-16 21:14:33 :  <INFO>      [MBInstaller] Checking Iris
2019-10-16 21:14:33 :  <INFO>      [IRIS] Making request
2019-10-16 21:14:34 :  <INFO>      [Telemetry] Sending hello
ication updates
2019-10-16 21:14:36 :  <INFO>      [Button clicked] Log files menu item
2019-10-16 21:14:38 :  <INFO>      [IRIS] Failed
2019-10-16 21:14:38 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-16 21:14:38 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-16 21:14:38 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-16 21:14:38 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-16 21:14:38 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Okt 2 00:00:00 2017 GMT"
2019-10-16 21:14:38 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di Okt 6 12:00:00 2020 GMT"
2019-10-16 21:14:38 :  <INFO>      [SslCert] ALPN: None
2019-10-16 21:14:38 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-16 21:14:38 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-16 21:14:38 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-16 21:14:38 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
         
Ich hoffe ich habe alles richtig gemacht


Alt 17.10.2019, 09:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Zitat:
Die Systemwiederherstellung funktioniert nicht mehr, DVDs werden nicht mehr gelesen.
Windows Installation verkorkst, passiert recht häufig das die SWH nicht funktioniert. Die ist eh unzuverlässig und IMHO totaler Müll, wer zuverlässige Systemabbilder haben will verwendet besser sowas wie drivesnapshot!

Dass keine CD oder DVD mehr gelesen werden können kann an einem defekten Laufwerk liegen. Die Dinger halten doch nicht ewig. Macht anno 2019 auch wenig bis keinen SInn sich extra ein neues Laufwerk zu holen falls das bestehende defekt ist. Für fast garnix mehr benötigt man die Dinger noch. Die allermeisten neuen Rechner und Notebooks werden doch schon lange ohne optisches Laufwerk ausgeliefert. Man installiert im Prinzip alles aus dem Internet bzw lokalen Netzwerken und auch Videomaterial kommt überwiegend per Stream daher.

Deine größte Baustelle lautet:

Zitat:
Microsoft Windows 7 Home Premium Service Pack 1
Du musst ASAP auf ein aktuelles OS aktualisieren, weil Windows 7 in wenigen Wochen end of life ist und keine Updates mehr bekommt. Diese drei Möglichkeiten hast du nun:

a) Windows 10 neu installieren und hoffen, dass diese alte Hardware damit zurechtkommt
b) zu Linux wechseln
c) neuen Rechner kaufen
__________________
--> PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht

Alt 18.10.2019, 22:06   #7
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

Danke ! und vielleicht doch Hilfe ?



Lieber Cosinus,
vielen Dank für Deine schnelle Antwort und interessanten Ausführungen.
Sicher hast Du vollkommen Recht und sobald sich meine finanzielle Lage wieder entspannt werde ich umgehend einen neuen Rechner erwerben.
Hälst Du es für möglich, daß mein System von einer Schadsoftware betroffen sein und man es zwischenzeitlich (bis sich meine finanzielle Lage etwas gebessert hat) mit etwas Hilfe davon befreien könnte ?
Dein erwartungsfroher Grosserdummi

Alt 01.11.2019, 21:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Eigentlich dachte ich meine Antwort sei klar, aber so kann man sich täuschen.
Niemand hat gesagt, dass du unbedingt einen neuen Rechner kaufen musst.
Lies mal Option A und B richtig.

Windows 7 zu retten macht genau Null Sinn.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.11.2019, 21:33   #9
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Zitat:
Zitat von cosinus Beitrag anzeigen
Eigentlich dachte ich meine Antwort sei klar, aber so kann man sich täuschen.
Niemand hat gesagt, dass du unbedingt einen neuen Rechner kaufen musst.
Lies mal Option A und B richtig.

Windows 7 zu retten macht genau Null Sinn.
Besteht die Möglichkeit, daß bei einem "Umzug" meiner "persönlichen" Daten von dem unsinnigen ungeretteten Windows 7 zu Windows 10 (Mit Linux hatte ich noch nie zu tun) eine eventuell mögliche "Infektion" ungewollt mitübertragen wird ?
Vielen Dank auch für den Hinweis zum richtig lesen lernen.
Habe als Legasteniker Deinen Rat befolgt und sofort den onlinekurs "Richtiges Lesen von Computercracksbeiträgen für absolute Laien" belegt aber leider nicht alles verstanden.
Wahrscheinlich bin ich ein hoffnungsloser Fall.
Genehmige mir zum Trost ein kleines Gläschen DIAZEPAM

Alt 01.11.2019, 21:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Relevante Daten sichert man über ein sauberes System wie Knoppix oder Ubuntu MATE im Ausprobiermodus. Und mit Daten meint man auch nur eigene Dateien, Dokumente, Musik, Vidios, KEINE Programme, Spiele oder deren Setups.

Wenn du so eine Angst um deine Daten hast, warum hast du dann nicht vorher Backups gemacht? Backups macht man grundsätzlich immer und regelmäßig. Du scheinst dir aber irgendwie erst jetzt Gedanken zu machen wo dein System am auseinanderfallen ist...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2019, 10:19   #11
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Zitat:
Zitat von cosinus Beitrag anzeigen
Relevante Daten sichert man über ein sauberes System wie Knoppix oder Ubuntu MATE im Ausprobiermodus. Und mit Daten meint man auch nur eigene Dateien, Dokumente, Musik, Vidios, KEINE Programme, Spiele oder deren Setups.:
Bestimmt hast Du recht: Hatte selbst noch nie Berührung mit der Linux-Welt

Wenn du so eine Angst um deine Daten hast, warum hast du dann nicht vorher Backups gemacht? Backups macht man grundsätzlich immer und regelmäßig. Du scheinst dir aber irgendwie erst jetzt Gedanken zu machen wo dein System am auseinanderfallen ist

Habe backups gemacht, aber bin mir nicht sicher ob diese "sauber" sind.
An Deiner "Hilfe" liebe ich besonders den philosophischen Diskurs mit immer leicht anklagendem Unterton.
Vielleicht bin ich ja hier falsch?
Wer wendet sich an TROJANERBOARD ?
Der Crack der immer alles richtig macht, oder der Grossedummi, der den Computer als Werkzeug braucht und nicht als Selbstzweck, der nach Hilfe sucht, wenn er selber nicht mehr weiter kommt.
Wenden sich hier Hilfesuchende an Trojanerboard, die keine Angst um ihre Daten haben?
Wie immer im Leben gilt: Hinterher ist man schlauer - wenn man vorher schlauer gewesen wäre, bräuchte man keine Hilfe.
Habe mich zum zweiten mal an Trojanerboard gewendet, da mir sehr höflich und effizient geholfen wurde.
Heiliger Aharonov, Leo bitte hilf

Alt 02.11.2019, 14:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Es geht nicht darum, dass man hier nur Leuten helfen will, die ein IT-Studium abgeschlossen haben oder schon seit 20 Jahren Systemadministrator sind. Wir helfen hier jedem und auch jedem Laien.

Es kann aber nicht angehen, dass seit Jahrzehnten über Backups und Updates gesprochen wird und den Leuten das regelrecht eingetrichtert wird, aber trotzdem viele User immer noch nicht in der Lage sind, regelmäßig Dateien zu sichern oder sich von so altem Müll wie Windows 7, Vista oder gar noch XP zu trennen, letzteres passiert auch nur sehr widerwillig.

Spätestens nach einem Jahr Computernutzung muss man doch begriffen haben, dass Dateien sich leicht löschen lassen, auch versehentlich. Allein deswegen muss man doch schon ein Backup haben. Dann kommt noch die Gefahr durch Krypto-Trojaner und Festplattendefekte...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.11.2019, 15:15   #13
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



"Es kann aber nicht angehen,..."
Wer bestimmt das ?
Ich versuch es mal mit einer Allegorie:
Irgend etwas macht seltsame Geräusche an meinem Auto, was mich etwas beunruhigt-am Ende etwas ernstes?
Meine Freunde können mir keinen richtigen Rat geben.
Ich frage einen KFZ Mechatroniker:
Der gibt mir folgenden Rat:
1.) Kauf einen neuen Motor, vielleicht verträgt der sich auch mit Deinem Getriebe
2.) Kauf dir einen Elektromotor
3.) Kauf dir ein neues Auto, dein Modell ist überholt und neigt zum auseinanderfallen.
Als backup sollte man zumindest ein Moped vorhalten.
Als langjähriger Autofahrer kann es nicht angehen, sich nicht regelmäßig um sein Moped zu kümmern.
Nicht verraten hat er mir vielleicht mal die Spannrollen der Riemen oder der Kette zu prüfen und den Nagel aus meinem Reifen zu entfernen.
Dann fahre ich halt wieder Fahrrad und genehmige mir noch ein Schlückchen DIAZEPAM

Alt 02.11.2019, 15:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



Der Vergleich so in dieser Form passt hinten und vorne nicht.

Als normaler Anwender zu Hause am Computer bist du selbst für deine Dateien verantwortlich. Wo und wie etwas gespeichert wird und wie oft Backups gemacht werden. Der normale Anwender schraubt aber nicht am PC herum.

So ein Anwender wäre ich übertragen auf das Auto. Ich weiß wie man von A nach B kommt, es auf den verschiedenen Straßen sicher bewegt, ich kann selbst tanken, den Luftdruck prüfen, Scheibenwischwasser nachkippen und den Ölstand prüfen. Das gehört zur normalen Bedienung eines Autos dazu. Zumindest selbst tanken sollte man können, ebenso wie man als Windows-User wissen muss, wie man einen Dateimanager bedient und Dateien von A nach B kopiert.

Was ich einer Werkstatt überlasse sind jegliche Wartungsarbeiten. Öl-, Reifen-, oder Kühlmittelwechsel, Bremsenerneuerung etc. pp. - aber doch nicht das wöchentliche Tanken!

Nun glauben aber die meisten PC-Laien, dass übertragen aufs Auto, sie weder fürs Tanken, noch für die Kontrolle von Ölstand und Scheibenwischwasser zuständig sind. Ja sie halten es tw. noch nicht einmal für nötig zu wissen, wie man sich sicher auf den Straßen zu bewegen hat. Wer das alles nicht will muss Bus/Bahn/Taxi nehmen oder Fahrrad fahren. Obwohl beim Fahrrad muss man sich auch um den Luftdruck kümmern
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2019, 10:24   #15
Grosserdummi
 
PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Standard

PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht



In der Zeit in der wir beide hier philosophierten über den Sinn von Windows 7 Rettungsversuchen, wäre das Problem bei gutem Willen längst gelöst worden.
Ich wünsche Dir alles Gute und vor allem viel Gesundheit

Thema geschlossen

Themen zu PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht
ad-aware, adobe, adware, antivir, antivirus, avg, avira, bonjour, converter, defender, festplatte, google, home, mozilla, mp3, prozesse, pup taucht immer wieder auf, realtek, registry, scan, secur, software, svchost.exe, temp, usb, windows



Ähnliche Themen: PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht


  1. Virusmeldung in Avira taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (9)
  2. Win32:Malware-gen taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (15)
  3. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  4. Snap.do lässt sich nicht deinstallieren - taucht immer wieder in allen Browsern auf - Win 8.1 x64
    Log-Analyse und Auswertung - 23.10.2014 (15)
  5. PUP.Optional.Conduit taucht immer wieder auf!
    Log-Analyse und Auswertung - 28.05.2014 (23)
  6. TR/patched.ren.gen taucht immer wieder auf
    Log-Analyse und Auswertung - 08.03.2014 (14)
  7. Windows 7: OfferMosquito taucht immer wieder auf.
    Log-Analyse und Auswertung - 02.11.2013 (9)
  8. Plus Hd taucht immer wieder auf+Deal Finder
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (5)
  9. TR/Spy.Gen taucht immer wieder auf !
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (28)
  10. Trojaner taucht immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2009 (36)
  11. Trojaner taucht immer wieder auf
    Log-Analyse und Auswertung - 11.01.2009 (9)
  12. TR/Vundo taucht immer wieder auf..
    Mülltonne - 05.10.2008 (0)
  13. iexplore.exe taucht immer wieder auf
    Log-Analyse und Auswertung - 24.01.2008 (3)
  14. iexplore.exe taucht immer wieder auf
    Log-Analyse und Auswertung - 26.04.2007 (1)
  15. BDS/Agent.YW taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 29.06.2006 (4)
  16. Logfile Eintrag taucht immer wieder auf..
    Log-Analyse und Auswertung - 11.11.2005 (30)
  17. spy taucht immer wieder auf...
    Plagegeister aller Art und deren Bekämpfung - 13.06.2005 (3)

Zum Thema PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht - Liebe Helfer, nachdem ich eine PUP Fund mit adware gelöscht habe taucht er nach einiger Zeit wieder auf. Die Systemwiederherstellung funktioniert nicht mehr, DVDs werden nicht mehr gelesen. ESET, malwarebytes - PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht...
Archiv
Du betrachtest: PUP taucht immer wieder auf, Systemwiederherstellung funktioniert nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.