Také prosím o kontrolu.

[jarda213]

Zdravím, začíná se mi sekat prohlížeč, když se roluje, poskakuje to po sekundách, místo plynulého rolování, chvilkama se ukazuje mozilla neodpovídá, to samé na fb. Při psaní třeba tohoto textu se text ukazuje se zpožděním, a to píši jako datel. Díky moc za rady.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:26, on 5.1.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)

FIREFOX: 50.1.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Jarda\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jarda\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\MSI\Live Update\Live Update.exe
C:\Games\World_of_Tanks\WargamingGameUpdater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jarda\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
O4 - HKLM\..\Run: [Super Charger] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Command Center] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
O4 - HKCU\..\Run: [MyComGames] "C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe" -autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Jarda\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Jarda\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [World of Warships] "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ashampoo Core Tuner 2 Service (ACT2_Service) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Chemtable Startup Checking - Unknown owner - C:\Program Files (x86)\Reg Organizer\StartupCheckingService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MSI Command Center Clock Service (MSIClock_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
O23 - Service: MSI Command Center Comm Service (MSICOMM_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
O23 - Service: MSI Command Center CPU Service (MSICPU_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
O23 - Service: MSI Command Center control Service (MSICTL_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
O23 - Service: MSI Command Center DDR Service (MSIDDR_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
O23 - Service: MSI Command Center SMBus Service (MSISMB_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
O23 - Service: MSI Command Center SuperIO Service (MSISuperIO_CC) - MSI - C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
O23 - Service: MSI_FastBoot - MSI - C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
O23 - Service: MSI Live Update Service (MSI_LiveUpdate_Service) - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plays.tv Update Service (PlaysService) (PlaysService) - Copyright (c) 2016 Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SuperRAIDSvc - Micro-Star INT'L CO., LTD. - C:\MSI\Smart Utilities\SuperRAIDSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe

--
End of file - 15085 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).

[jarda213]

# AdwCleaner v6.041 - Log vytvořen 06/01/2017 v 07:00:47
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-05.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Jarda - JARDA-PC
# Spuštěno z : C:\Users\Jarda\Desktop\adwcleaner_6.041.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Složka nalezena: C:\Users\Jarda\AppData\Local\AskPartnerNetwork
Složka nalezena: C:\ProgramData\apn
Složka nalezena: C:\ProgramData\Thunder Network
Složka nalezena: C:\ProgramData\thunder network
Složka nalezena: C:\Program Files (x86)\AskPartnerNetwork


***** [ Soubory ] *****

Soubor nalezen: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mapsgalaxy.com
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč nalezen: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3D3A8143-CFAC-46F8-B19F-407F46E9E524}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\AskPartnerNetwork
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\CoinisRevShare
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\PRODUCTSETUP
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Reimage
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\csastats
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AskPartnerNetwork
Klíč nalezen: HKCU\Software\CoinisRevShare
Klíč nalezen: HKCU\Software\PRODUCTSETUP
Klíč nalezen: HKCU\Software\Reimage
Klíč nalezen: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\csastats
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKLM\SOFTWARE\AskPartnerNetwork
Klíč nalezen: HKLM\SOFTWARE\SiteSee
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
Klíč nalezen: [x64] HKCU\Software\AskPartnerNetwork
Klíč nalezen: [x64] HKCU\Software\CoinisRevShare
Klíč nalezen: [x64] HKCU\Software\PRODUCTSETUP
Klíč nalezen: [x64] HKCU\Software\Reimage
Klíč nalezen: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: [x64] HKCU\Software\Mail.Ru
Klíč nalezen: [x64] HKCU\Software\csastats
Klíč nalezen: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: [x64] HKLM\SOFTWARE\Reimage
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [1022 Bajty] - [15/12/2014 12:55:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1098 Bajty] - [15/12/2014 12:56:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [9868 Bajty] - [06/01/2017 07:00:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9941 Bajty] ##########







Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 06.01.17
Čas skenování: 8:32
Logovací soubor: MVB.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.941
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: JARDA-PC\Jarda

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 471977
Uplynulý čas: 3 min, 45 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 23
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Žádná uživatelská akce, [1317], [332494],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Žádná uživatelská akce, [1317], [332494],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Žádná uživatelská akce, [1317], [332494],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Žádná uživatelská akce, [1317], [327205],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Žádná uživatelská akce, [1317], [327206],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Žádná uživatelská akce, [1317], [327193],1.0.941
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\AskPartnerNetwork, Žádná uživatelská akce, [10860], [186876],1.0.941
PUP.Optional.InstallCore, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\csastats, Žádná uživatelská akce, [8], [260986],1.0.941
PUP.Optional.Reimage, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\Reimage, Žádná uživatelská akce, [1317], [357494],1.0.941
PUP.Optional.ProductSetup, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP, Žádná uživatelská akce, [16993], [242047],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Žádná uživatelská akce, [1317], [327193],1.0.941
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, Žádná uživatelská akce, [78], [186209],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Žádná uživatelská akce, [1317], [336077],1.0.941
PUP.Optional.Reimage, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Žádná uživatelská akce, [1317], [327203],1.0.941
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, Žádná uživatelská akce, [1317], [327193],1.0.941
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Žádná uživatelská akce, [10860], [186877],1.0.941
PUP.Optional.Reimage, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR, Žádná uživatelská akce, [1317], [327204],1.0.941

Hodnota v registru: 2
PUP.Optional.ProductSetup, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP|TB, Žádná uživatelská akce, [16993], [242047],1.0.941
PUP.Optional.Reimage, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Žádná uživatelská akce, [1317], [327204],1.0.941

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 6
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-Stub, Žádná uživatelská akce, [10860], [175062],1.0.941
PUP.Optional.APNToolBar.Gen, C:\PROGRAM FILES (X86)\AskPartnerNetwork, Žádná uživatelská akce, [10860], [175065],1.0.941
PUP.Optional.APNToolBar.Gen, C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC, Žádná uživatelská akce, [10860], [175064],1.0.941
PUP.Optional.APNToolBar.Gen, C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater, Žádná uživatelská akce, [10860], [175064],1.0.941
PUP.Optional.APNToolBar.Gen, C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar, Žádná uživatelská akce, [10860], [175064],1.0.941
PUP.Optional.APNToolBar.Gen, C:\USERS\JARDA\APPDATA\LOCAL\AskPartnerNetwork, Žádná uživatelská akce, [10860], [175064],1.0.941

Soubor: 2
PUP.Optional.Sputnik, C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE, Žádná uživatelská akce, [3007], [352247],1.0.941
PUP.Optional.SpeedItUp, C:\WINDOWS\REIMAGE.INI, Žádná uživatelská akce, [1421], [329423],1.0.941

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)




Včera večer jsem stáhl TFC a po skončení procesu se PC nerestartoval. Zrestartoval jsem ho manuálně a byla z toho modrá smrt. Win 10 mi nabídly několik možností, zabral bod obnovy. Nestěžuju si, já jen, kdyby to něco znamenalo

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY

64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.

[jarda213]

# AdwCleaner v6.041 - Log vytvořen 06/01/2017 v 10:21:36
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-05.2 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Jarda - JARDA-PC
# Spuštěno z : C:\Users\Jarda\Desktop\adwcleaner_6.041.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Složka nalezena: C:\Users\Jarda\AppData\Local\AskPartnerNetwork
Složka nalezena: C:\ProgramData\apn
Složka nalezena: C:\ProgramData\Thunder Network
Složka nalezena: C:\ProgramData\thunder network
Složka nalezena: C:\Program Files (x86)\AskPartnerNetwork


***** [ Soubory ] *****

Soubor nalezen: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mapsgalaxy.com
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč nalezen: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3D3A8143-CFAC-46F8-B19F-407F46E9E524}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\AskPartnerNetwork
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\CoinisRevShare
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\PRODUCTSETUP
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Reimage
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\csastats
Klíč nalezen: HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AskPartnerNetwork
Klíč nalezen: HKCU\Software\CoinisRevShare
Klíč nalezen: HKCU\Software\PRODUCTSETUP
Klíč nalezen: HKCU\Software\Reimage
Klíč nalezen: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\csastats
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKLM\SOFTWARE\AskPartnerNetwork
Klíč nalezen: HKLM\SOFTWARE\SiteSee
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
Klíč nalezen: [x64] HKCU\Software\AskPartnerNetwork
Klíč nalezen: [x64] HKCU\Software\CoinisRevShare
Klíč nalezen: [x64] HKCU\Software\PRODUCTSETUP
Klíč nalezen: [x64] HKCU\Software\Reimage
Klíč nalezen: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Klíč nalezen: [x64] HKCU\Software\Mail.Ru
Klíč nalezen: [x64] HKCU\Software\csastats
Klíč nalezen: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: [x64] HKLM\SOFTWARE\Reimage
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [1022 Bajty] - [15/12/2014 12:55:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1098 Bajty] - [15/12/2014 12:56:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [10212 Bajty] - [06/01/2017 07:00:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [9944 Bajty] - [06/01/2017 10:21:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10017 Bajty] ##########

[jarda213]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Jarda (Administrator) on p  06.01.2017 at 10:40:22,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\ProgramData\alawarwrapper (Folder)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Jarda\AppData\Local\alawarwrapper (Folder)
Successfully deleted: C:\Users\Jarda\AppData\Roaming\alawarentertainment (Folder)
Successfully deleted: C:\Users\Jarda\AppData\Roaming\worldoftanks (Folder)
Successfully deleted: C:\Users\Jarda\AppData\Roaming\xiaomi (Folder)
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\xiaomi (Folder)

Deleted the following from C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\4a9q8b3f.default-1439315922485\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  06.01.2017 at 10:45:03,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[jarda213]

Část 1.

01/06/17 " 08:32:48.535" 6707234 2ff0 1808 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 98166 records."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [0], error code = [87]. Will continue with the other processes."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [4], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [440], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [612], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [744], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.539" 6707234 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [768], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.540" 6707250 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [884], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.592" 6707296 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [3292], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:48.610" 6707312 2ff0 1808 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [5312], error code = [5]. Will continue with the other processes."
01/06/17 " 08:32:49.820" 6708515 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Init "Linker.cpp" 93 "Initializing linker"
01/06/17 " 08:32:52.250" 6710953 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:32:52.316" 6711015 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\PROGRAMDATA\APN\APN-Stub' => None"
01/06/17 " 08:32:52.316" 6711015 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\ProgramData\APN\APN-Stub' => None"
01/06/17 " 08:32:52.316" 6711015 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:32:52.316" 6711015 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\PROGRAMDATA\APN\APN-Stub'"
01/06/17 " 08:32:52.317" 6711015 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\ProgramData\APN\APN-Stub' => None"
01/06/17 " 08:32:52.683" 6711390 2ff0 2c14 ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:33:02.118" 6720812 2ff0 23ec ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:33:04.380" 6723078 2ff0 1460 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:33:04.380" 6723078 2ff0 1460 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:33:04.844" 6723546 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:04.881" 6723578 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\PROGRAM FILES (X86)\AskPartnerNetwork' => None"
01/06/17 " 08:33:04.881" 6723578 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Program Files (x86)\AskPartnerNetwork' => None"
01/06/17 " 08:33:04.881" 6723578 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\PROGRAM FILES (X86)\AskPartnerNetwork'"
01/06/17 " 08:33:04.882" 6723578 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Program Files (x86)\AskPartnerNetwork' => None"
01/06/17 " 08:33:05.069" 6723765 2ff0 2c14 ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:33:05.070" 6723765 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:05.260" 6723968 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\USERS\JARDA\APPDATA\LOCAL\AskPartnerNetwork' => None"
01/06/17 " 08:33:05.260" 6723968 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork' => None"
01/06/17 " 08:33:05.260" 6723968 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\USERS\JARDA\APPDATA\LOCAL\AskPartnerNetwork'"
01/06/17 " 08:33:05.262" 6723968 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork' => None"
01/06/17 " 08:33:05.447" 6724156 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar' => None"
01/06/17 " 08:33:05.554" 6724250 2ff0 23ec ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:33:05.554" 6724250 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater' => None"
01/06/17 " 08:33:05.564" 6724265 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC' => None"
01/06/17 " 08:33:05.565" 6724265 2ff0 2c14 ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:33:05.571" 6724265 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"

[jarda213]

Část 2.


01/06/17 " 08:33:05.572" 6724281 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\PROGRAMDATA\APN\APN-STUB and C:\ProgramData\APN\APN-Stub"
01/06/17 " 08:33:05.573" 6724281 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:05.575" 6724281 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\USERS\JARDA\APPDATA\LOCAL\ASKPARTNERNETWORK and C:\Users\Jarda\AppData\Local\AskPartnerNetwork"
01/06/17 " 08:33:05.576" 6724281 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:05.577" 6724281 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK and C:\Program Files (x86)\AskPartnerNetwork"
01/06/17 " 08:33:05.644" 6724343 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:05.739" 6724437 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:05.739" 6724437 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:05.739" 6724437 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:33:05.814" 6724515 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:05.814" 6724515 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:05.938" 6724640 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:05.938" 6724640 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:33:06.543" 6725250 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:06.543" 6725250 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} and HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}"
01/06/17 " 08:33:06.543" 6725250 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:06.676" 6725375 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:33:06.676" 6725375 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:33:06.714" 6725421 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE' => None"
01/06/17 " 08:33:06.714" 6725421 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE' => None"
01/06/17 " 08:33:06.727" 6725421 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1' => None"
01/06/17 " 08:33:06.727" 6725421 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1' => None"
01/06/17 " 08:33:06.775" 6725484 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:33:06.775" 6725484 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:33:07.000" 6725703 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.000" 6725703 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.001" 6725703 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.001" 6725703 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.012" 6725718 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.012" 6725718 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:33:07.328" 6726031 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:07.328" 6726031 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484} and HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 08:33:07.329" 6726031 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:07.329" 6726031 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} and HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}"
01/06/17 " 08:33:07.330" 6726031 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:07.835" 6726531 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' => None"
01/06/17 " 08:33:07.835" 6726531 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' => None"
01/06/17 " 08:33:30.252" 6748953 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:33:30.685" 6749390 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE' => None"
01/06/17 " 08:33:30.685" 6749390 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: File 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE' => None"
01/06/17 " 08:33:30.685" 6749390 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:34:19.025" 6797734 2ff0 100c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 31.173.243.6, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:34:19.031" 6797734 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 31.173.243.6, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:34:20.777" 6799484 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:34:21.745" 6800453 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:35:55.618" 6894328 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:35:55.653" 6894359 2ff0 2c14 ERROR CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListed "RulesWhiteLister.cpp" 210 "Unexpected MBStatus 9"
01/06/17 " 08:35:55.679" 6894375 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\WINDOWS\REIMAGE.INI' => None"
01/06/17 " 08:35:55.679" 6894375 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: File 'C:\Windows\Reimage.ini' => None"
01/06/17 " 08:35:55.679" 6894375 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:36:17.027" 6915734 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:17.064" 6915765 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:17.064" 6915765 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:17.281" 6915984 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:17.292" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:36:17.292" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:36:17.293" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:17.300" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\CSASTATS' => None"
01/06/17 " 08:36:17.300" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\CSASTATS' => None"
01/06/17 " 08:36:17.300" 6916000 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:36:17.301" 6916000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:17.331" 6916031 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE' => None"
01/06/17 " 08:36:17.336" 6916031 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\REIMAGE' => None"
01/06/17 " 08:36:17.338" 6916046 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:17.401" 6916109 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP|TB' => None"
01/06/17 " 08:36:17.402" 6916109 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\PRODUCTSETUP|TB' => None"
01/06/17 " 08:36:17.402" 6916109 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP' => None"
01/06/17 " 08:36:17.402" 6916109 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\PRODUCTSETUP' => None"
01/06/17 " 08:36:17.402" 6916109 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:36:18.556" 6917250 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:18.556" 6917265 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:18.556" 6917265 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:18.785" 6917484 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:18.791" 6917500 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' => None"
01/06/17 " 08:36:18.791" 6917500 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' => None"
01/06/17 " 08:36:18.791" 6917500 2ff0 2c14 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:36:18.860" 6917562 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:18.875" 6917578 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\REIMAGE\REIMAGE REPAIR' => None"
01/06/17 " 08:36:18.875" 6917578 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\REIMAGE\REIMAGE REPAIR' => None"
01/06/17 " 08:36:19.028" 6917734 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:19.043" 6917750 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\REIMAGE - WINDOWS PROBLEM RELIEF.' => None"
01/06/17 " 08:36:19.044" 6917750 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\REIMAGE - WINDOWS PROBLEM RELIEF.' => None"
01/06/17 " 08:36:21.944" 6920640 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:21.944" 6920640 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE and HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE"
01/06/17 " 08:36:21.965" 6920671 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:21.965" 6920671 2ff0 2c14 INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1 and HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1"
01/06/17 " 08:36:22.025" 6920734 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:22.026" 6920734 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:22.026" 6920734 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:36:22.177" 6920875 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:22.178" 6920875 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:36:22.178" 6920875 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:36:24.298" 6923000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:36:24.299" 6923000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE' => None"
01/06/17 " 08:36:24.299" 6923000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE' => None"
01/06/17 " 08:36:24.300" 6923000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR' => None"
01/06/17 " 08:36:24.300" 6923000 2ff0 2c14 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017083250358\SOFTWARE\REIMAGE\PC REPAIR' => None"
01/06/17 " 08:36:26.749" 6925453 2ff0 1808 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 08:36:26.749" 6925453 2ff0 1808 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::UnInit "Linker.cpp" 131 "Un-initializing linker"
01/06/17 " 08:36:27.899" 6926593 2ff0 1808 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 08:36:29.356" 6928062 2ff0 1808 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::PerformScan "Scanner.cpp" 865 "Scan completed."
01/06/17 " 08:36:29.356" 6928062 2ff0 1808 INFO MBAMShimImpl MBAMShimImpl::PrepareUpdate "MBAMShimImpl.cpp" 95 "MBAMCore preparing update"
01/06/17 " 08:36:29.510" 6928218 2ff0 1808 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 173 "MBAMCore was successfully shutdown."
01/06/17 " 08:36:29.511" 6928218 2ff0 1808 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "MBAMShimImpl.cpp" 131 "MBAMCore finishing update"
01/06/17 " 08:36:29.541" 6928250 2ff0 1808 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>."
01/06/17 " 08:36:29.609" 6928312 2ff0 1808 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 19915 records."
01/06/17 " 08:36:30.358" 6929062 2ff0 1808 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 675435 records."
01/06/17 " 08:36:31.952" 6930656 2ff0 1808 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 338579 records."
01/06/17 " 08:36:32.256" 6930953 2ff0 1808 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 144 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
01/06/17 " 08:41:05.157" 7203859 2ff0 2d24 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::StartScan "Scanner.cpp" 472 "Starting a Threat scan, clientID = MbamUI"
01/06/17 " 08:41:05.159" 7203859 2ff0 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3091 "Signature successfully validated"
01/06/17 " 08:41:05.327" 7204031 2ff0 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3095 "DB manifest successfully validated"
01/06/17 " 08:41:05.327" 7204031 2ff0 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 3213 "Validated DB manifest - success"
01/06/17 " 08:41:05.327" 7204031 2ff0 04c0 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Update "UpdateControllerImplHelper.cpp" 325 "Update - Starting check for updates"
01/06/17 " 08:41:05.327" 7204031 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 413 "DoUpdate - Starting check for updates (manual)"
01/06/17 " 08:41:05.327" 7204031 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 415 "Checking for: Installer=[No], SDK/Ctlr=[No], DB/CLS=[Yes]"
01/06/17 " 08:41:05.327" 7204031 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 924 "Installer package --> [mbam-c.installer.consumer], current version: [3.0.5]"
01/06/17 " 08:41:05.327" 7204031 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 937 "SDK/Controller package --> [mbam-c.ctlr.64bit], current version: [1.0.43]"
01/06/17 " 08:41:05.327" 7204031 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 950 "DB/ClsEng package --> [mbam-c.dbcls.64bit], current version: [1.0.941]"
01/06/17 " 08:41:06.244" 7204953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 445 "Checked for updates - no updates available"
01/06/17 " 08:41:06.244" 7204953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 456 "Update check is complete."
01/06/17 " 08:41:08.849" 7207546 2ff0 04c0 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 98166 records."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [0], error code = [87]. Will continue with the other processes."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [4], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [440], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [612], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [744], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.853" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [768], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.856" 7207562 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [884], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.904" 7207609 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [3292], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:08.923" 7207625 2ff0 04c0 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [5312], error code = [5]. Will continue with the other processes."
01/06/17 " 08:41:09.690" 7208390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Init "Linker.cpp" 93 "Initializing linker"
01/06/17 " 08:41:11.761" 7210468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:11.764" 7210468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\PROGRAMDATA\APN\APN-Stub' => None"
01/06/17 " 08:41:11.764" 7210468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\ProgramData\APN\APN-Stub' => None"
01/06/17 " 08:41:11.764" 7210468 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:41:11.764" 7210468 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\PROGRAMDATA\APN\APN-Stub'"
01/06/17 " 08:41:11.765" 7210468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\ProgramData\APN\APN-Stub' => None"
01/06/17 " 08:41:11.987" 7210687 2ff0 1adc ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:41:21.692" 7220390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:21.775" 7220484 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\PROGRAM FILES (X86)\AskPartnerNetwork' => None"
01/06/17 " 08:41:21.775" 7220484 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Program Files (x86)\AskPartnerNetwork' => None"
01/06/17 " 08:41:21.775" 7220484 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\PROGRAM FILES (X86)\AskPartnerNetwork'"
01/06/17 " 08:41:21.777" 7220484 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Program Files (x86)\AskPartnerNetwork' => None"
01/06/17 " 08:41:21.972" 7220671 2ff0 1adc ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:41:21.973" 7220671 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:22.050" 7220750 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\USERS\JARDA\APPDATA\LOCAL\AskPartnerNetwork' => None"
01/06/17 " 08:41:22.050" 7220750 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork' => None"
01/06/17 " 08:41:22.050" 7220750 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::AddDIRContents "PreCleanEngine.cpp" 533 "Traversing through dir 'C:\USERS\JARDA\APPDATA\LOCAL\AskPartnerNetwork'"
01/06/17 " 08:41:22.059" 7220765 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork' => None"
01/06/17 " 08:41:22.638" 7221343 2ff0 2888 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:41:22.812" 7221515 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar' => None"
01/06/17 " 08:41:23.019" 7221718 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater' => None"
01/06/17 " 08:41:23.242" 7221937 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): Folder 'C:\Users\Jarda\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC' => None"
01/06/17 " 08:41:23.243" 7221953 2ff0 1adc ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::EnumerateDirContent "SwissArmyShimLoader.cpp" 352 "FindFirstFile failed; status=13"
01/06/17 " 08:41:23.247" 7221953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:23.249" 7221953 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\PROGRAMDATA\APN\APN-STUB and C:\ProgramData\APN\APN-Stub"
01/06/17 " 08:41:23.249" 7221953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:23.251" 7221953 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\USERS\JARDA\APPDATA\LOCAL\ASKPARTNERNETWORK and C:\Users\Jarda\AppData\Local\AskPartnerNetwork"
01/06/17 " 08:41:23.252" 7221953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:23.253" 7221953 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK and C:\Program Files (x86)\AskPartnerNetwork"
01/06/17 " 08:41:25.476" 7224171 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:25.560" 7224265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.561" 7224265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.561" 7224265 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:41:25.683" 7224390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.683" 7224390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.773" 7224468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.773" 7224468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}' => None"
01/06/17 " 08:41:25.914" 7224609 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:25.914" 7224609 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} and HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}"
01/06/17 " 08:41:25.915" 7224625 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:26.051" 7224750 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:41:26.051" 7224750 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:41:26.139" 7224843 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE' => None"
01/06/17 " 08:41:26.139" 7224843 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE' => None"
01/06/17 " 08:41:26.289" 7224984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1' => None"
01/06/17 " 08:41:26.289" 7224984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1' => None"
01/06/17 " 08:41:26.334" 7225031 2ff0 0764 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:41:26.334" 7225031 2ff0 0764 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:41:26.465" 7225171 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:41:26.496" 7225203 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}' => None"
01/06/17 " 08:41:26.497" 7225203 2ff0 28cc ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 08:41:26.760" 7225468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:26.760" 7225468 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:26.852" 7225546 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:26.852" 7225546 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:27.012" 7225718 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:27.012" 7225718 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}' => None"
01/06/17 " 08:41:27.284" 7225984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:27.284" 7225984 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484} and HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 08:41:27.285" 7225984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:27.285" 7225984 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} and HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}"
01/06/17 " 08:41:27.286" 7225984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:27.341" 7226046 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' => None"
01/06/17 " 08:41:27.341" 7226046 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' => None"
01/06/17 " 08:41:59.781" 7258484 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:41:59.867" 7258562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE' => None"
01/06/17 " 08:41:59.867" 7258562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: File 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE' => None"
01/06/17 " 08:41:59.867" 7258562 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:44:46.574" 7425281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"

[jarda213]

Část 3.


01/06/17 " 08:44:46.580" 7425281 2ff0 1adc ERROR CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListed "RulesWhiteLister.cpp" 210 "Unexpected MBStatus 9"
01/06/17 " 08:44:46.935" 7425640 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\WINDOWS\REIMAGE.INI' => None"
01/06/17 " 08:44:46.935" 7425640 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: File 'C:\Windows\Reimage.ini' => None"
01/06/17 " 08:44:46.935" 7425640 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:45:04.053" 7442750 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:04.053" 7442750 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE and HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE"
01/06/17 " 08:45:04.073" 7442781 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:04.073" 7442781 2ff0 1adc INFO CleanControllerImpl PreCleanEngine::GetCleanItemsAndProcessedPaths "PreCleanEngine.cpp" 391 "Ignoring clean item because it is a duplicate, HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1 and HKLM\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE.1"
01/06/17 " 08:45:04.137" 7442843 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:04.138" 7442843 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:04.138" 7442843 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:04.291" 7443000 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:04.291" 7443000 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:45:04.291" 7443000 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:45:05.269" 7443968 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.281" 7443984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:05.281" 7443984 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:05.549" 7444250 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.556" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:45:05.556" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\ASKPARTNERNETWORK' => None"
01/06/17 " 08:45:05.557" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.563" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\CSASTATS' => None"
01/06/17 " 08:45:05.564" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\CSASTATS' => None"
01/06/17 " 08:45:05.564" 7444265 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:45:05.564" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.565" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE' => None"
01/06/17 " 08:45:05.565" 7444265 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\REIMAGE' => None"
01/06/17 " 08:45:05.577" 7444281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.578" 7444281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP|TB' => None"
01/06/17 " 08:45:05.579" 7444281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\PRODUCTSETUP|TB' => None"
01/06/17 " 08:45:05.579" 7444281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\PRODUCTSETUP' => None"
01/06/17 " 08:45:05.579" 7444281 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\PRODUCTSETUP' => None"
01/06/17 " 08:45:05.579" 7444281 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:45:05.858" 7444562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:05.859" 7444562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE' => None"
01/06/17 " 08:45:05.860" 7444562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegValue 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE' => None"
01/06/17 " 08:45:05.860" 7444562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\REIMAGE\PC REPAIR' => None"
01/06/17 " 08:45:05.860" 7444562 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\REIMAGE\PC REPAIR' => None"
01/06/17 " 08:45:20.257" 7458953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:20.258" 7458953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:20.258" 7458953 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL' => None"
01/06/17 " 08:45:20.459" 7459156 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:20.460" 7459156 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' => None"
01/06/17 " 08:45:20.460" 7459156 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' => None"
01/06/17 " 08:45:20.460" 7459156 2ff0 1adc INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 08:45:20.532" 7459234 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:20.532" 7459234 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\REIMAGE\REIMAGE REPAIR' => None"
01/06/17 " 08:45:20.532" 7459234 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\REIMAGE\REIMAGE REPAIR' => None"
01/06/17 " 08:45:20.680" 7459375 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 08:45:20.681" 7459390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\REIMAGE - WINDOWS PROBLEM RELIEF.' => None"
01/06/17 " 08:45:20.681" 7459390 2ff0 1adc INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKU\S-1-5-21-3592017923-1309911898-1257044881-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01062017084110314\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\REIMAGE - WINDOWS PROBLEM RELIEF.' => None"
01/06/17 " 08:45:23.231" 7461937 2ff0 04c0 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 08:45:23.231" 7461937 2ff0 04c0 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::UnInit "Linker.cpp" 131 "Un-initializing linker"
01/06/17 " 08:45:24.255" 7462953 2ff0 04c0 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 08:45:25.651" 7464359 2ff0 04c0 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::PerformScan "Scanner.cpp" 865 "Scan completed."
01/06/17 " 08:45:25.651" 7464359 2ff0 04c0 INFO MBAMShimImpl MBAMShimImpl::PrepareUpdate "MBAMShimImpl.cpp" 95 "MBAMCore preparing update"
01/06/17 " 08:45:25.808" 7464515 2ff0 04c0 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 173 "MBAMCore was successfully shutdown."
01/06/17 " 08:45:25.828" 7464531 2ff0 04c0 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "MBAMShimImpl.cpp" 131 "MBAMCore finishing update"
01/06/17 " 08:45:25.969" 7464671 2ff0 04c0 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>."
01/06/17 " 08:45:26.065" 7464765 2ff0 04c0 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 19915 records."
01/06/17 " 08:45:26.921" 7465625 2ff0 04c0 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 675435 records."
01/06/17 " 08:45:28.615" 7467312 2ff0 04c0 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 338579 records."
01/06/17 " 08:45:28.962" 7467671 2ff0 04c0 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 144 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
01/06/17 " 08:52:38.369" 7897078 2ff0 1e84 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 08:56:48.592" 8147296 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:56:48.597" 8147296 2ff0 2d68 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:56:50.570" 8149265 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:56:51.532" 8150234 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:57:13.658" 8172359 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 62173, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:57:14.650" 8173359 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:59:12.661" 8291359 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 62482, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:59:13.884" 8292593 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 08:59:17.679" 8296375 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 62525, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 08:59:18.642" 8297343 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:02:18.768" 8477468 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 62901, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:02:20.097" 8478796 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:05:18.901" 8657609 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 63692, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:05:20.157" 8658859 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:08:21.021" 8839718 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 64415, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:08:22.255" 8840953 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:11:22.149" 9020843 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 64969, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:11:23.363" 9022062 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:14:55.271" 9233968 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 65521, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:14:55.287" 9233984 2ff0 1b2c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 65521, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:14:56.464" 9235171 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:14:57.417" 9236125 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:17:58.401" 9417109 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 49415, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:17:59.610" 9418312 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:19:18.440" 9497140 2ff0 1b2c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:19:18.454" 9497156 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:19:19.648" 9498343 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:19:20.748" 9499453 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:19:49.471" 9528171 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 49727, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:19:50.453" 9529156 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:20:49.503" 9588203 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 49832, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:20:50.694" 9589390 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:20:53.492" 9592187 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 49835, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:20:54.422" 9593125 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:22:54.574" 9713281 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 50130, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:22:55.796" 9714500 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:24:09.196" 9787890 2ff0 2580 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 09:24:17.728" 9796437 2ff0 25f4 ERROR UpdateControllerCOM mb::policiescontroller::PoliciesControllerEventsSink::ConfigOptionChanged "PoliciesControllerEventsSink.cpp" 332 "Invalid policy config option 19"
01/06/17 " 09:24:17.728" 9796437 2ff0 25f4 ERROR CloudController mb::policiescontroller::PoliciesControllerEventsSink::ConfigOptionChanged "PoliciesControllerEventsSink.cpp" 332 "Invalid policy config option 19"
01/06/17 " 09:24:17.728" 9796437 2ff0 25f4 ERROR TelemController mb::policiescontroller::PoliciesControllerEventsSink::ConfigOptionChanged "PoliciesControllerEventsSink.cpp" 332 "Invalid policy config option 19"
01/06/17 " 09:24:17.728" 9796437 2ff0 25f4 ERROR CleanController mb::policiescontroller::PoliciesControllerEventsSink::ConfigOptionChanged "PoliciesControllerEventsSink.cpp" 332 "Invalid policy config option 19"
01/06/17 " 09:24:41.570" 9820265 2ff0 19c4 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 09:24:53.711" 9832406 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 50330, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:24:54.891" 9833593 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:26:49.872" 9948578 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 31.41.82.138, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:26:49.949" 9948656 2ff0 28dc INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 31.41.82.138, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:26:49.954" 9948656 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 31.41.82.138, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:26:51.673" 9950375 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:26:52.761" 9951468 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:26:53.706" 9952406 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:27:53.946" 10012640 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 50993, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:27:55.142" 10013843 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:30:54.086" 10192781 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.118.90.54, , 51399, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:30:55.305" 10194000 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:32:59.900" 10318609 2ff0 0a6c INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 09:41:05.245" 10803953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 413 "DoUpdate - Starting check for updates (automatic)"
01/06/17 " 09:41:05.245" 10803953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 415 "Checking for: Installer=[Yes], SDK/Ctlr=[Yes], DB/CLS=[Yes]"
01/06/17 " 09:41:05.247" 10803953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 924 "Installer package --> [mbam-c.installer.consumer], current version: [3.0.5]"
01/06/17 " 09:41:05.247" 10803953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 937 "SDK/Controller package --> [mbam-c.ctlr.64bit], current version: [1.0.43]"
01/06/17 " 09:41:05.247" 10803953 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 950 "DB/ClsEng package --> [mbam-c.dbcls.64bit], current version: [1.0.941]"
01/06/17 " 09:41:06.126" 10804828 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 445 "Checked for updates - no updates available"
01/06/17 " 09:41:06.126" 10804828 2ff0 1810 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 456 "Update check is complete."
01/06/17 " 09:49:18.566" 11297265 2ff0 1b2c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:18.634" 11297343 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:18.638" 11297343 2ff0 1b2c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:18.643" 11297343 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 6881, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:20.006" 11298703 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:49:20.975" 11299671 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:49:21.892" 11300593 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:49:22.879" 11301578 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:49:22.937" 11301640 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 54629, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:23.913" 11302609 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:49:48.958" 11327656 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 54820, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:49:49.965" 11328671 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:51:23.028" 11421734 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 54984, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:51:24.237" 11422937 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:51:26.030" 11424734 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 54987, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:51:27.041" 11425750 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:51:49.047" 11447750 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 55076, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:51:50.046" 11448750 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:51:54.050" 11452750 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 55106, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:51:55.321" 11454015 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:53:54.140" 11572843 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 55349, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:53:55.334" 11574031 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:54:26.144" 11604843 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 55364, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:54:27.341" 11606046 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:55:54.200" 11692906 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 55686, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:55:55.381" 11694078 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:57:14.252" 11772953 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 55902, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:57:14.328" 11773031 2ff0 100c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 55902, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:57:15.432" 11774140 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:57:16.409" 11775109 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:57:26.257" 11784953 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 55992, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:57:27.264" 11785968 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:58:54.347" 11873046 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 56287, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:58:54.351" 11873046 2ff0 1b2c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 56287, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:58:55.561" 11874265 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:58:56.526" 11875234 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:59:20.331" 11899031 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 56385, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:59:21.310" 11900015 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 09:59:29.337" 11908031 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 56453, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 09:59:30.343" 11909046 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:00:26.374" 11965078 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 56798, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:00:27.552" 11966250 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:01:30.414" 12029109 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 56858, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:01:31.566" 12030265 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:01:57.425" 12056125 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 83.149.21.43, , 56866, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:01:58.410" 12057109 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:03:26.478" 12145187 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 57283, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:03:27.660" 12146359 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:03:31.481" 12150187 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 57320, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:03:32.436" 12151140 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:05:32.572" 12271281 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 57716, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:05:33.769" 12272468 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:06:28.594" 12327296 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 57744, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:06:29.585" 12328281 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:07:32.635" 12391343 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 58021, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:07:33.831" 12392531 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:09:28.698" 12507406 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 217.23.187.15, , 58068, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:09:29.876" 12508578 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:10:35.745" 12574453 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 58305, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:10:37.025" 12575734 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:13:37.887" 12756593 2ff0 2c4c INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 58833, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:13:37.891" 12756593 2ff0 2d68 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 829 "Malicious Website Protection, ipblocklist, 212.174.201.187, , 58833, Outbound, C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe"
01/06/17 " 10:13:39.126" 12757828 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:13:40.803" 12759500 2ff0 2b5c INFO MWACControllerCOM CMWACController::TelemetryDataCallback "MWACController.cpp" 1012 "Successfully sent the block event data to telemetry server."
01/06/17 " 10:17:24.425" 12983125 2ff0 1be0 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 10:27:44.469" 13603171 2ff0 1638 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 10:28:46.036" 13664734 2ff0 26f8 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 577 "Stopping Service Controller"
01/06/17 " 10:28:46.036" 13664734 2ff0 26f8 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 600 "Stopping Anti-Exploit Controller"
01/06/17 " 10:28:51.042" 13669750 2ff0 26f8 INFO AeShimImpl AeShimImpl::MbaeStop "AeShimImpl.cpp" 373 "MBAE stopped."
01/06/17 " 10:28:51.336" 13670031 2ff0 26f8 INFO AeShimImpl AeShimImpl::MbaeShutdown "AeShimImpl.cpp" 430 "MBAE Shutdown"
01/06/17 " 10:28:58.867" 13677562 2ff0 26f8 INFO AEControllerModuleLoader CAeControllerModuleLoader::UnloadImplementation "AEControllerModuleLoader.cpp" 108 "Unloaded the Anti-Exploit Controller implementation module."
01/06/17 " 10:28:58.868" 13677562 2ff0 26f8 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 609 "Successfully stopped Anti-Exploit Controller"
01/06/17 " 10:28:58.868" 13677562 2ff0 26f8 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 619 "Stopping ARW Controller"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO LogController CLogController::Start "LogController.cpp" 86 "Started logging"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 198 "Service Controller starting controller initialization"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 199 "Product code MBAM-C"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 200 "Product version 3.0.5.1299"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 201 "Product build consumer"
01/06/17 " 10:46:18.792" 1009468 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 202 "OS Version Windows 10"
01/06/17 " 10:46:19.254" 1009937 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 231 "Policies Controller Started"
01/06/17 " 10:46:19.254" 1009937 23a8 0754 INFO LicenseControllerCOM CLicenseController::Start "LicenseController.cpp" 97 "CLicenseController::Start"
01/06/17 " 10:46:19.608" 1010281 23a8 0754 INFO LicenseControllerCOM CLicenseController::InitializeProxyOptions "LicenseController.cpp" 1904 "Proxy server is disabled"
01/06/17 " 10:46:19.608" 1010281 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 258 "License Controller Started"
01/06/17 " 10:46:19.944" 1010625 23a8 0754 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3091 "Signature successfully validated"
01/06/17 " 10:46:21.169" 1011843 23a8 0754 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3095 "DB manifest successfully validated"
01/06/17 " 10:46:21.169" 1011843 23a8 0754 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 3213 "Validated DB manifest - success"
01/06/17 " 10:46:21.169" 1011843 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 285 "Update Controller Started"
01/06/17 " 10:46:21.182" 1011859 23a8 0754 INFO CloudController CCloudController::Start_impl "CloudController.cpp" 122 "CCloudController::Initialize"
01/06/17 " 10:46:21.980" 1012656 23a8 0754 INFO CloudCtrlImpl Initialize "CloudControllerImpl.cpp" 58 "CC Initialize called"
01/06/17 " 10:46:22.149" 1012828 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 312 "Cloud Controller Started"
01/06/17 " 10:46:22.164" 1012843 23a8 0754 INFO TelemController CTelemetryController::Start_impl "TelemetryController.cpp" 116 "::Initialize"
01/06/17 " 10:46:22.465" 1013140 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 339 "Telemetry Controller Started"
01/06/17 " 10:46:22.479" 1013156 23a8 0754 INFO CleanController CCleanController::Start "CleanController.cpp" 147 "Initializing CleanController"
01/06/17 " 10:46:22.602" 1013281 23a8 0754 INFO CleanControllerImpl CleanControllerImpl::Start "CleanControllerImpl.cpp" 65 "Starting Clean Controller Impl"
01/06/17 " 10:46:23.606" 1014281 23a8 29b8 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 669 "Initializing system paths and resolving DOR status"
01/06/17 " 10:46:23.606" 1014281 23a8 0754 INFO CleanController CCleanController::Start::<lambda_5e408319b82d6f2fb0776947c3041127>::operator () "CleanController.cpp" 148 "CleanController initialization complete"
01/06/17 " 10:46:23.606" 1014281 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 366 "Clean Controller Started"
01/06/17 " 10:46:23.614" 1014296 23a8 29b8 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 690 "Processing pending actions"
01/06/17 " 10:46:23.614" 1014296 23a8 29b8 INFO Actions ActionsManager::ProcessPendingActionsAfterReboot "ActionsManager.cpp" 713 "Executing pending post cleanup actions"
01/06/17 " 10:46:23.614" 1014296 23a8 29b8 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 733 "Initializing CLS Engine"
01/06/17 " 10:46:23.665" 1014343 23a8 29b8 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 769 "Initializing swiss army SDK"
01/06/17 " 10:46:24.234" 1014906 23a8 29b8 INFO CleanControllerImpl CleanDBParser::Parse "CleanDBParser.cpp" 18 "Parsing C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb"
01/06/17 " 10:46:24.235" 1014906 23a8 29b8 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 87 records."

[jarda213]

Část 4.


01/06/17 " 10:46:24.235" 1014906 23a8 29b8 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 791 "Entering into main loop"
01/06/17 " 10:46:24.274" 1014953 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 393 "Scan Controller Started"
01/06/17 " 10:46:24.986" 1015656 23a8 0754 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>."
01/06/17 " 10:46:25.054" 1015734 23a8 0754 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 19915 records."
01/06/17 " 10:46:25.779" 1016453 23a8 0754 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 675435 records."
01/06/17 " 10:46:27.388" 1018062 23a8 0754 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 338579 records."
01/06/17 " 10:46:27.688" 1018359 23a8 0754 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 144 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
01/06/17 " 10:46:27.698" 1018375 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 423 "RTP Controller Started"
01/06/17 " 10:46:27.948" 1018625 23a8 0754 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::IsLicenseStateValid "MWACControllerImplHelper.cpp" 351 "license state is: Trial"
01/06/17 " 10:46:27.948" 1018625 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 454 "MWAC Controller Started"
01/06/17 " 10:46:28.245" 1018921 23a8 11ec INFO MWACShimImpl MwacShimImpl::InitializeInternal "MWACShimImpl.cpp" 96 "MWAC dll was successfully loaded. MWACFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll>."
01/06/17 " 10:46:28.245" 1018921 23a8 11ec INFO MwacLibImpl mb::Mwac::Globals::StopDriverService "MwacLib.Globals.cpp" 839 "Service deleted. MBAMWebProtection"
01/06/17 " 10:46:28.346" 1019031 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 488 "ARW Controller Started"
01/06/17 " 10:46:28.607" 1019281 23a8 0c74 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwRulesHandler::LoadConfig "RulesHandler.cpp" 39 "Config file not found C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\ArwRulesConfig.json. Using default values."
01/06/17 " 10:46:28.625" 1019296 23a8 0c74 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::StartArwProtection "ArwControllerImplHelper.cpp" 642 "Anti-Ransomware protection has been started."
01/06/17 " 10:46:28.804" 1019484 23a8 0754 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::LoadAeSdk "AEControllerImplHelper.cpp" 229 "Load and initialize the MbaeSdk"
01/06/17 " 10:46:29.104" 1019781 23a8 0754 INFO AeShimImpl AeShimImpl::InitializeInternal "AeShimImpl.cpp" 205 "mbae-api-na.dll was successfully loaded. aePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll>."
01/06/17 " 10:46:29.109" 1019781 23a8 11ec INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 410713 records."
01/06/17 " 10:46:31.067" 1021750 23a8 0754 INFO AeShimImpl AeShimImpl::InitializeInternal "AeShimImpl.cpp" 220 "Successfully Initialized MBAE"
01/06/17 " 10:46:31.067" 1021750 23a8 0754 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::Initialize "AEControllerImplHelper.cpp" 205 "Start with Anti-Exploit enabled."
01/06/17 " 10:46:31.067" 1021750 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeSetConfig "AeShimImpl.cpp" 249 "Successfully configured MBAE."
01/06/17 " 10:46:31.182" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeSetExclusions "AeShimImpl.cpp" 337 "Successfully set exclusion list"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winrar.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winzip.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (7z.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (7zFM.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (7zG.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (S7Z.exe)"
01/06/17 " 10:46:31.183" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (7zextractor.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (Winzip32.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (Winzip64.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (wzdisktools.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winzipss.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (cmd.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winhlp32.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (wscript.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (quicktimeplayer.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winamp.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (vlc.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (mplayer2.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (wmplayer.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (powerpnt.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (excel.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (excelc.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winword.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (winwordc.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (mspub.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (soffice.bin)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (foxitreader.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (foxit reader.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (Foxit PhantomPDF.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (FoxitPhantomPDF.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (acrord32.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (acrobat.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (java.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (javaw.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (javaws.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (dragon.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (waterfox.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (tor.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (tbb-firefox.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (palemoon.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (cyberfox.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (icedragon.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (seamonkey.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (maxthon.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (mxapploader.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (opera.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (opera_plugin_wrapper.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (opera_wrapper_32.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (iexplore.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (MicrosoftEdge.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (MicrosoftEdgeCP.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (chrome.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (old_chrome.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (firefox.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (plugin-container.exe)"
01/06/17 " 10:46:31.184" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (FlashPlayerPlugin*.exe)"
01/06/17 " 10:46:31.185" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (helpctr.exe)"
01/06/17 " 10:46:31.185" 1021859 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeAddProtectedApp "AeShimImpl.cpp" 286 "Successfully added protected app (mbae-test.exe)"
01/06/17 " 10:46:33.737" 1024421 23a8 11ec INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InitializeMwacSdk "MWACControllerImplHelper.cpp" 621 "Initialization succeeded"
01/06/17 " 10:46:38.295" 1028968 23a8 0754 INFO AeShimImpl AeShimImpl::MbaeStart "AeShimImpl.cpp" 358 "MBAE started."
01/06/17 " 10:46:38.295" 1028968 23a8 0754 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::StartProtectionImpl "AEControllerImplHelper.cpp" 480 "Protection Started"
01/06/17 " 10:46:38.295" 1028968 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 518 "Anti-Exploit Controller Started"
01/06/17 " 10:46:38.367" 1029046 23a8 0754 WARNING SPControllerImpl mb::spcontrollerimpl::SPShimModuleLoader::SPShimSetLogCallback "SPShimModuleLoader.cpp" 292 "Cannot set log callback at this time. SpShim is not loaded."
01/06/17 " 10:46:38.367" 1029046 23a8 0754 WARNING SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::SetLogCallback "SPControllerImplHelper.cpp" 215 "Failed to set the log callback in Shim."
01/06/17 " 10:46:38.468" 1029140 23a8 2960 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 10:46:38.624" 1029296 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 545 "Self-Protection Controller Started"
01/06/17 " 10:46:38.624" 1029296 23a8 0754 INFO ServiceControllerImpl ServiceControllerImplementation::Start "ServiceControllerImplementation.cpp" 547 "Start Service Controller complete"
01/06/17 " 10:46:48.701" 1039375 23a8 0174 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::StartScan "Scanner.cpp" 472 "Starting a Threat scan, clientID = MbamUI"
01/06/17 " 10:46:48.704" 1039375 23a8 13e8 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3091 "Signature successfully validated"
01/06/17 " 10:46:48.868" 1039546 23a8 13e8 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 3095 "DB manifest successfully validated"
01/06/17 " 10:46:48.868" 1039546 23a8 13e8 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 3213 "Validated DB manifest - success"
01/06/17 " 10:46:48.868" 1039546 23a8 13e8 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Update "UpdateControllerImplHelper.cpp" 325 "Update - Starting check for updates"
01/06/17 " 10:46:48.868" 1039546 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 413 "DoUpdate - Starting check for updates (manual)"
01/06/17 " 10:46:48.868" 1039546 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 415 "Checking for: Installer=[No], SDK/Ctlr=[No], DB/CLS=[Yes]"
01/06/17 " 10:46:50.314" 1040984 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 924 "Installer package --> [mbam-c.installer.consumer], current version: [3.0.5]"
01/06/17 " 10:46:50.314" 1040984 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 937 "SDK/Controller package --> [mbam-c.ctlr.64bit], current version: [1.0.43]"
01/06/17 " 10:46:50.314" 1040984 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 950 "DB/ClsEng package --> [mbam-c.dbcls.64bit], current version: [1.0.941]"
01/06/17 " 10:46:51.187" 1041859 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 445 "Checked for updates - no updates available"
01/06/17 " 10:46:51.187" 1041859 23a8 1614 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 456 "Update check is complete."
01/06/17 " 10:46:55.192" 1045875 23a8 13e8 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 98166 records."
01/06/17 " 10:47:11.131" 1061812 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486d-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.170" 1061843 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486d-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.170" 1061843 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486e-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.170" 1061843 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486f-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.226" 1061906 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486d-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.226" 1061906 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2908 "Failed to Get partition info for \\?\Volume{b243486e-ea50-11e3-97c7-806e6f6e6963}\, ErrorCode=(4294967295)"
01/06/17 " 10:47:11.280" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [0], error code = [87]. Will continue with the other processes."
01/06/17 " 10:47:11.281" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [4], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.281" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [460], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.281" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [632], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.281" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [764], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.281" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [772], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.282" 1061953 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [908], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.318" 1062000 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [3288], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.321" 1062000 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [4892], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.329" 1062000 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [6216], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:11.329" 1062000 23a8 13e8 WARNING ScanControllerImpl mb::scancontrollerimpl::ScanLocations::EnumerateProcesses "ScanLocations.cpp" 138 "Failed to get the process data for pid [6556], error code = [5]. Will continue with the other processes."
01/06/17 " 10:47:29.382" 1080062 23a8 17b4 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 10:47:29.431" 1080109 23a8 2b94 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 10:47:31.358" 1082031 23a8 2744 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 10:47:31.358" 1082031 23a8 2744 ERROR MBAMCoreImpl MBAMCoreImpl::ClassifyLoadPoint "MBAMCoreImpl.cpp" 452 "Cannot classify load point. FilePath member is invalid."
01/06/17 " 10:47:31.668" 1082343 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Init "Linker.cpp" 93 "Initializing linker"
01/06/17 " 10:47:32.901" 1083578 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 10:47:33.098" 1083781 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' (rootkit) => None"
01/06/17 " 10:47:33.098" 1083781 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}' (rootkit) => None"
01/06/17 " 10:47:33.099" 1083781 23a8 2424 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 10:47:38.806" 1089484 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 10:47:38.819" 1089500 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' (rootkit) => None"
01/06/17 " 10:47:38.819" 1089500 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}' (rootkit) => None"
01/06/17 " 10:48:15.135" 1125812 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE' (rootkit) => None"
01/06/17 " 10:48:15.136" 1125812 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 10:48:15.191" 1125875 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): File 'C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE' (rootkit) => None"
01/06/17 " 10:48:15.191" 1125875 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: File 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE' (rootkit) => None"
01/06/17 " 10:48:15.191" 1125875 23a8 2424 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 10:55:32.133" 1562812 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::FindLinkedTraces "Linker.cpp" 207 "Finding linked traces"
01/06/17 " 10:55:32.167" 1562843 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::IsObjectWhiteListed "WhiteListManager.cpp" 163 "White list status (not cached): RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' (rootkit) => None"
01/06/17 " 10:55:32.167" 1562843 23a8 2424 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManagerCache::IsObjectWhiteListed "WhiteListManagerCache.cpp" 55 "White list status from cache: RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0' (rootkit) => None"
01/06/17 " 10:55:32.167" 1562843 23a8 2424 INFO Actions ActionsManager::GetDetectedThreats "ActionsManager.cpp" 407 "Getting detected threats from actions"
01/06/17 " 10:55:40.889" 1571562 23a8 13e8 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 10:55:40.889" 1571562 23a8 13e8 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::UnInit "Linker.cpp" 131 "Un-initializing linker"
01/06/17 " 10:55:42.499" 1573171 23a8 13e8 INFO CleanControllerImpl mb::cleanctlrimpl::linker::Linker::Shutdown "Linker.cpp" 144 "Shutting down linker, waiting for it to complete"
01/06/17 " 10:55:44.463" 1575140 23a8 13e8 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::PerformScan "Scanner.cpp" 865 "Scan completed."
01/06/17 " 10:55:44.463" 1575140 23a8 13e8 INFO MBAMShimImpl MBAMShimImpl::PrepareUpdate "MBAMShimImpl.cpp" 95 "MBAMCore preparing update"
01/06/17 " 10:55:44.607" 1575281 23a8 13e8 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 173 "MBAMCore was successfully shutdown."
01/06/17 " 10:55:44.629" 1575312 23a8 13e8 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "MBAMShimImpl.cpp" 131 "MBAMCore finishing update"
01/06/17 " 10:55:44.846" 1575531 23a8 13e8 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 62 "MBAMCore was successfully loaded. CoreFilePath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll>."
01/06/17 " 10:55:44.968" 1575640 23a8 13e8 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 19915 records."
01/06/17 " 10:55:45.759" 1576437 23a8 13e8 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 675435 records."
01/06/17 " 10:55:47.467" 1578140 23a8 13e8 INFO GalaxyRuleParser mb::common::galaxyrules::FileParser::ParseStream "GalaxyRuleParser.cpp" 2326 "Successfully parsed 338579 records."
01/06/17 " 10:55:47.890" 1578562 23a8 13e8 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 144 "MBAMCore was successfully initialized. CoreFolderPath=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>. DefsFolderPath=<C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE>."
01/06/17 " 10:56:40.035" 1630718 23a8 2880 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "AEControllerImplHelper.cpp" 2075 "App Injected (Mozilla Firefox (and add-ons))"
01/06/17 " 10:57:22.403" 1673078 23a8 29b8 INFO CleanControllerImpl Cleaner::Clean "Cleaner.cpp" 54 "Start of clean, client 'MbamUI', detection results 'C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ScanResults\0b0a189e-d3f5-11e6-a64c-d43d7eecf40d.json'"
01/06/17 " 10:57:22.738" 1673421 23a8 29b8 INFO CleanControllerImpl DOREngine::PreCleanIsRebootRequired "DOREngine.cpp" 117 "Must reboot, special file C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE"
01/06/17 " 10:57:22.738" 1673421 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::QuarantineRegKey "QuarantineEngine.cpp" 512 "Quarantining HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}"
01/06/17 " 10:57:23.040" 1673718 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::QuarantineRegKey "QuarantineEngine.cpp" 512 "Quarantining HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 10:57:23.073" 1673750 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::QuarantineFile "QuarantineEngine.cpp" 373 "Quarantining C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE"
01/06/17 " 10:57:23.220" 1673890 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::QuarantineRegKey "QuarantineEngine.cpp" 512 "Quarantining HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0"
01/06/17 " 10:57:23.253" 1673937 23a8 29b8 INFO CleanControllerImpl Cleaner::RemediateAndWriteMetadata "Cleaner.cpp" 307 "Starting cleaning of RegKey HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}"
01/06/17 " 10:57:23.254" 1673937 23a8 29b8 INFO CleanControllerImpl RemovalEngine::RemoveRegKey "RemovalEngine.cpp" 383 "Cleaning reg key HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, anti - rootkit = true"
01/06/17 " 10:57:23.255" 1673937 23a8 29b8 INFO CleanControllerImpl RemovalEngine::LogCleanResult "RemovalEngine.cpp" 1526 "Scheduling DOR cleaning for reg key HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}"
01/06/17 " 10:57:23.255" 1673937 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::CopyMetadataToQuarantine "QuarantineEngine.cpp" 134 "Copying quarantine metadata for HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}"
01/06/17 " 10:57:23.324" 1674000 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::LogQuarantineResult "QuarantineEngine.cpp" 636 "Completed quarantining and DOR queueing RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}'"
01/06/17 " 10:57:23.324" 1674000 23a8 29b8 INFO CleanControllerImpl Cleaner::RemediateAndWriteMetadata "Cleaner.cpp" 307 "Starting cleaning of RegKey HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 10:57:23.324" 1674000 23a8 29b8 INFO CleanControllerImpl RemovalEngine::RemoveRegKey "RemovalEngine.cpp" 383 "Cleaning reg key HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, anti - rootkit = true"
01/06/17 " 10:57:23.328" 1674000 23a8 29b8 INFO CleanControllerImpl RemovalEngine::LogCleanResult "RemovalEngine.cpp" 1526 "Scheduling DOR cleaning for reg key HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 10:57:23.328" 1674000 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::CopyMetadataToQuarantine "QuarantineEngine.cpp" 134 "Copying quarantine metadata for HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}"
01/06/17 " 10:57:23.332" 1674015 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::LogQuarantineResult "QuarantineEngine.cpp" 636 "Completed quarantining and DOR queueing RegKey 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}'"
01/06/17 " 10:57:23.332" 1674015 23a8 29b8 INFO CleanControllerImpl Cleaner::RemediateAndWriteMetadata "Cleaner.cpp" 307 "Starting cleaning of File C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE"
01/06/17 " 10:57:23.332" 1674015 23a8 29b8 INFO CleanControllerImpl RemovalEngine::RemoveFile "RemovalEngine.cpp" 1151 "Cleaning file C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE, anti-rootkit = true"
01/06/17 " 10:57:23.394" 1674078 23a8 29b8 INFO CleanControllerImpl RemovalEngine::LogCleanResult "RemovalEngine.cpp" 1526 "Scheduling DOR cleaning for file C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE"
01/06/17 " 10:57:23.394" 1674078 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::CopyMetadataToQuarantine "QuarantineEngine.cpp" 134 "Copying quarantine metadata for C:\USERS\JARDA\APPDATA\ROAMING\ICQM\ICQ\DLL\MAILRUSPUTNIK.EXE"
01/06/17 " 10:57:23.398" 1674078 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::LogQuarantineResult "QuarantineEngine.cpp" 636 "Completed quarantining and DOR queueing File 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE'"
01/06/17 " 10:57:23.398" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RemediateAndWriteMetadata "Cleaner.cpp" 307 "Starting cleaning of RegKey HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0"
01/06/17 " 10:57:23.398" 1674078 23a8 29b8 INFO CleanControllerImpl RemovalEngine::RemoveRegKey "RemovalEngine.cpp" 383 "Cleaning reg key HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0, anti - rootkit = true"
01/06/17 " 10:57:23.399" 1674078 23a8 29b8 INFO CleanControllerImpl RemovalEngine::LogCleanResult "RemovalEngine.cpp" 1526 "Scheduling DOR cleaning for reg key HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0"
01/06/17 " 10:57:23.399" 1674078 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::CopyMetadataToQuarantine "QuarantineEngine.cpp" 134 "Copying quarantine metadata for HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0"
01/06/17 " 10:57:23.402" 1674078 23a8 29b8 INFO CleanControllerImpl QuarantineEngine::LogQuarantineResult "QuarantineEngine.cpp" 636 "Completed quarantining and DOR queueing RegKey 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0'"
01/06/17 " 10:57:23.402" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RebuildSystemRegistryValues "Cleaner.cpp" 436 "Rebuilding system registry values."
01/06/17 " 10:57:23.402" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RebuildRegistryValueEx "Cleaner.cpp" 419 "Successfully rebuilt registry value at HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, from '' to 'C:\WINDOWS\system32\userinit.exe'."
01/06/17 " 10:57:23.403" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RebuildRegistryValueEx "Cleaner.cpp" 419 "Successfully rebuilt registry value at HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages, from 'scecli^^' to 'scecli'."
01/06/17 " 10:57:23.403" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RebuildRegistryValueEx "Cleaner.cpp" 419 "Successfully rebuilt registry value at HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages, from 'kerberos^msv1_0^schannel^wdigest^tspkg^pku2u^^' to 'kerberos^msv1_0^schannel^wdigest^tspkg^pku2u'."
01/06/17 " 10:57:23.403" 1674078 23a8 29b8 INFO CleanControllerImpl Cleaner::RebuildRegistryValueEx "Cleaner.cpp" 419 "Successfully rebuilt registry value at HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages, from 'msv1_0^^' to 'msv1_0'."
01/06/17 " 10:57:23.426" 1674109 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::InstallEarlyBootStart "SwissArmySDKWrapper.cpp" 70 "Installing early boot start"
01/06/17 " 10:57:23.458" 1674140 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::ScheduleDeleteRegistryKey "SwissArmySDKWrapper.cpp" 213 "Scheduling delete registry key: 'HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}'"
01/06/17 " 10:57:23.459" 1674140 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::InstallEarlyBootStart "SwissArmySDKWrapper.cpp" 70 "Installing early boot start"
01/06/17 " 10:57:23.490" 1674171 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::ScheduleDeleteRegistryKey "SwissArmySDKWrapper.cpp" 213 "Scheduling delete registry key: 'HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}'"
01/06/17 " 10:57:23.543" 1674218 23a8 29b8 ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::BreakFile "SwissArmyShimLoader.cpp" 251 "BreakFile failed for C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE; status=1"
01/06/17 " 10:57:23.543" 1674218 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::ScheduleBreakFile "SwissArmySDKWrapper.cpp" 85 "Scheduling break file: 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE'"
01/06/17 " 10:57:23.543" 1674218 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::ScheduleDeleteFile "SwissArmySDKWrapper.cpp" 181 "Scheduling delete file: 'C:\Users\Jarda\AppData\Roaming\ICQM\ICQ\dll\MAILRUSPUTNIK.EXE'"
01/06/17 " 10:57:23.544" 1674218 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::InstallEarlyBootStart "SwissArmySDKWrapper.cpp" 70 "Installing early boot start"
01/06/17 " 10:57:23.574" 1674250 23a8 29b8 INFO CleanControllerImpl mb::swissarmyclientutils::SwissArmySDKWrapper::ScheduleDeleteRegistryKey "SwissArmySDKWrapper.cpp" 213 "Scheduling delete registry key: 'HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WARTHUNDER0'"
01/06/17 " 10:57:23.580" 1674265 23a8 29b8 INFO CleanControllerImpl Cleaner::ExecutePostCleanupActions "Cleaner.cpp" 563 "Executing post-cleanup actions"
01/06/17 " 10:57:23.580" 1674265 23a8 29b8 INFO Actions ActionsManager::ProcessThreatActions "ActionsManager.cpp" 625 "Executing post cleanup actions"
01/06/17 " 10:57:23.687" 1674359 23a8 29b8 INFO CleanControllerImpl Cleaner::Clean "Cleaner.cpp" 254 "Completed clean from client MbamUI, detection results C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ScanResults\0b0a189e-d3f5-11e6-a64c-d43d7eecf40d.json, status DORRequired"
01/06/17 " 10:58:25.874" 1736546 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 577 "Stopping Service Controller"
01/06/17 " 10:58:25.874" 1736546 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 600 "Stopping Anti-Exploit Controller"
01/06/17 " 10:58:30.976" 1741656 23a8 0670 INFO AeShimImpl AeShimImpl::MbaeStop "AeShimImpl.cpp" 373 "MBAE stopped."
01/06/17 " 10:58:31.070" 1741750 23a8 0670 INFO AeShimImpl AeShimImpl::MbaeShutdown "AeShimImpl.cpp" 430 "MBAE Shutdown"
01/06/17 " 10:58:36.586" 1747265 23a8 0670 INFO AEControllerModuleLoader CAeControllerModuleLoader::UnloadImplementation "AEControllerModuleLoader.cpp" 108 "Unloaded the Anti-Exploit Controller implementation module."
01/06/17 " 10:58:36.586" 1747265 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 609 "Successfully stopped Anti-Exploit Controller"
01/06/17 " 10:58:36.586" 1747265 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 619 "Stopping ARW Controller"
01/06/17 " 10:58:36.680" 1747359 23a8 0670 INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::StopProtection "ArwControllerImplHelper.cpp" 768 "Anti-Ransomware protection has been stopped."
01/06/17 " 10:58:36.680" 1747359 23a8 20b8 ERROR ArwSDK "" 0 "{Thread: 0x00000670, Tick: 0x001AA99F} [ArwLib::Globals::Impl_Stop] ARCE & ARDE are already stopped."
01/06/17 " 10:58:36.680" 1747359 23a8 0670 NONE ArwSDK "" 0 "ArwSdk: Logging stopped."
01/06/17 " 10:58:36.726" 1747406 23a8 0670 INFO ArwControllerCOM CArwControllerModuleLoader::UnloadImplementation "ArwControllerModuleLoader.cpp" 84 "Unloaded the Anti-Ransomware Controller implementation module."
01/06/17 " 10:58:36.726" 1747406 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 628 "Successfully stopped ARW Controller"
01/06/17 " 10:58:36.726" 1747406 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 633 "Stopping MWAC Controller"
01/06/17 " 10:58:36.773" 1747453 23a8 0670 ERROR MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::Shutdown "MWACControllerImplHelper.cpp" 400 "Failed to shutdown the driver!"
01/06/17 " 10:58:36.930" 1747609 23a8 0670 ERROR MWACControllerCOM CMWACController::Stop_impl "MWACController.cpp" 415 "Failed to shutdown the MWAC Controller impl module!"
01/06/17 " 10:58:37.148" 1747828 23a8 0670 INFO MwacControllerCOM CMwacControllerModuleLoader::UnloadImplementation "MWACControllerModuleLoader.cpp" 96 "Unloaded the Web Access Controller implementation module."
01/06/17 " 10:58:37.148" 1747828 23a8 0670 INFO MWACControllerCOM CMWACController::Stop_impl "MWACController.cpp" 427 "The MWAC Controller impl is unloaded."
01/06/17 " 10:58:37.148" 1747828 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 642 "Successfully stopped MWAC Controller"
01/06/17 " 10:58:37.148" 1747828 23a8 0670 INFO ServiceControllerImpl ServiceControllerImplementation::Stop "ServiceControllerImplementation.cpp" 647 "Stopping RTP Controller"
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR Driver Driver::Driver "Driver.cpp" 34 "OpenSCManager failed - 1115"
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR RealtimeProtectionSDK RtpUserImpl::Stop "RtpUserImpl.cpp" 249 "Could not open driver service."
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR RTPControllerImpl mb::rtpcontrollerimpl::RtpShimModuleLoader::Stop "RTPShimLoader.cpp" 209 "Failed to stop Rtp SDK; status=6"
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR RTPControllerImpl mb::rtpcontrollerimpl::RTPControllerImpl::StopProtection "RTPControllerImplHelper.cpp" 473 "Failed to stop the RTP SDK!"
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR Driver Driver::Driver "Driver.cpp" 34 "OpenSCManager failed - 1115"
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR RealtimeProtectionSDK RtpUserImpl::Stop "RtpUserImpl.cpp" 249 "Could not open driver service."
01/06/17 " 10:58:37.164" 1747843 23a8 0670 ERROR RTPControllerImpl mb::rtpcontrollerimpl::RtpShimModuleLoader::Uninstall "RTPShimLoader.cpp" 150 "Failed to uninstall Rtp SDK; status=6"
01/06/17 " 10:58:37.320" 1748000 23a8 0670 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 173 "MBAMCore was successfully shutdown."

[jarda213]

RogueKiller V12.9.1.0 (x64) [Jan 2 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.14393) 64 bits version
Spuštěno : Normální režim
Uživatel : Jarda [Práva správce]
Started from : C:\Users\Jarda\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 01/06/2017 13:37:00 (Duration : 00:32:54)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Win -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Win -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Microsoft\Windows\CurrentVersion\Run | MyComGames : "C:\Users\Jarda\AppData\Local\MyComGames\MyComGames.exe" -autostart [7] -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3592017923-1309911898-1257044881-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7FF6FD6A-3DD8-4CBA-9AFD-D2E6FFB38E9E}C:\users\jarda\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\jarda\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Edge=TRUE|Defer=App| [7] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3FA9C8D7-879C-46FF-81A2-53829A7A1282}C:\users\jarda\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\jarda\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe|Edge=TRUE|Defer=App| [7] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{DAC5600C-844C-461D-AAE6-2857AA922EE7}C:\users\jarda\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\jarda\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe| [7] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0B67816D-B1BB-4EC3-B85A-7EAE33665E79}C:\users\jarda\appdata\local\mycomgames\mycomgames.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\jarda\appdata\local\mycomgames\mycomgames.exe|Name=mycomgames.exe|Desc=mycomgames.exe| [7] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 4 ¤¤¤
[Hj.Shortcut][Soubor] C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://www.imperiaonline.org/?ref_ad=src123 -> Nalezeno
[Hj.Shortcut][Soubor] C:\Users\Jarda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://www.imperiaonline.org/?ref_ad=src123 -> Nalezeno
[PUP.HackTool][Složka] C:\Windows\AutoKMS -> Nalezeno
[Hj.Shortcut][Soubor] C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://www.imperiaonline.org/?ref_ad=src123 -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[PUP.Gen2][Firefox:Addon] 4a9q8b3f.default-1439315922485 : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
[PUM.HomePage][Firefox:Config] 4a9q8b3f.default-1439315922485 : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno
[PUM.SearchEngine][Firefox:Config] 4a9q8b3f.default-1439315922485 : user_pref("browser.search.selectedEngine", "Seznam"); -> Nalezeno
[PUM.SearchEngine][Firefox:Config] 4a9q8b3f.default-1439315922485 : user_pref("browser.search.defaultenginename", "Seznam"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 03813ca88c684c402ef47e4a460b7f0e
[BSP] 956b7dd5cdbc122b4bca262048a375c7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 249450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 511080448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512002048 | Size: 703867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jarda213]

System Information (local)
--------------------------------------------------------------------------------

Computer name: JARDA-PC
Windows version: Windows 10 , 10.0, build: 14393
Windows dir: C:\WINDOWS
Hardware: MS-7816, MSI, B85-G43 (MS-7816)
CPU: GenuineIntel Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 8514441216 bytes total




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Thu 5.1.2017 23:46:38 your computer crashed
crash dump file: C:\WINDOWS\Minidump\010617-28828-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x14A6F0)
Bugcheck code: 0xEF (0xFFFFC806C76F0080, 0x0, 0x0, 0x0)
Error: CRITICAL_PROCESS_DIED
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a critical system process died.
There is a possibility this problem was caused by a virus or other malware.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 5.1.2017 23:46:38 your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntdll.sys (ntdll!NtTerminateProcess+0x14)
Bugcheck code: 0xEF (0xFFFFC806C76F0080, 0x0, 0x0, 0x0)
Error: CRITICAL_PROCESS_DIED
Bug check description: This indicates that a critical system process died.
There is a possibility this problem was caused by a virus or other malware.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntdll.sys .
Google query: ntdll.sys CRITICAL_PROCESS_DIED



On Sat 12.11.2016 20:52:40 your computer crashed
crash dump file: C:\WINDOWS\Minidump\111216-33593-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x14A510)
Bugcheck code: 0x19 (0x22, 0xFFFFD3012453F000, 0x0, 0x0)
Error: BAD_POOL_HEADER
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sat 12.11.2016 20:49:15 your computer crashed
crash dump file: C:\WINDOWS\Minidump\111216-32375-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x14A510)
Bugcheck code: 0x1A (0x3F, 0x1F9576, 0xB388B18B, 0x2F6895D5)
Error: MEMORY_MANAGEMENT
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 9.10.2016 17:02:30 your computer crashed
crash dump file: C:\WINDOWS\Minidump\100916-32468-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x14A2B0)
Bugcheck code: 0x19 (0x22, 0xFFFFBF01603CD000, 0x0, 0x0)
Error: BAD_POOL_HEADER
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. This problem might also be caused because of overheating (thermal issue).
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.