Prosím o kontrolu logu

nneser · Příspěvekod **nneser** » 06 říj 2025 23:29

NTB při načítání webu vypíše, že není přiipojeno k internetu a po chvíli načte...

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:26:04, on 06.10.2025
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.26100.1882)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\Pentablet\PenTablet.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe
C:\Users\lalaz\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\141.0.3537.57\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [ExpressVPNNotificationService] "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
O4 - HKLM\..\Run: [Adobe CCXProcess] C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
O4 - HKCU\..\Run: [HPSEU_Host_Launcher] C:\System.sav\util\HPSEU\HpseuHostLauncher.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\lalaz\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EPSDNMON] "C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIREE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-342 343 345 Series"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RiotClient] C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_A92EFFA7DAFA2979DDE0691AADA10F8E] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [HPSEU_Host_Launcher] C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [HPCC_InstallationBooster] C:\System.sav\util\HPCC\HpccLauncher.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [OMENCC_InstallationBooster] C:\system.sav\util\OMENCC_InstallationBooster.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [OMENCC_InstallationBooster] C:\system.sav\util\OMENCC_InstallationBooster.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.11.60.0_x64__v10z8vjag6ke6\SysWin32Process\HPCC.Bg.BackgroundSys.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #1] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.11.60.0_x64__v10z8vjag6ke6\SysWin32Process\HPCC.Bg.BackgroundSys.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Gen Digital Inc. - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8d38a8081cfb8dcd\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_c42e1 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @oem81.inf,%ServiceDisplayName%;Intel(R) Dynamic Tuning Technology Telemetry Service (dptftcs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3ea1838906a8645a\ipfsvc.exe
O23 - Service: DuetUpdater - Kairos - C:\Program Files\Duet\Duet Display\DuetUpdater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\windows\system32\EscSvc64.exe (file missing)
O23 - Service: ExpressVPN Service (ExpressVPNService) - ExpressVPN - C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
O23 - Service: NVIDIA FrameView SDK service (FvSvc) - NVIDIA - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
O23 - Service: @%systemroot%\system32\GameInputSvc.exe,-101 (GameInputSvc) - Unknown owner - C:\WINDOWS\System32\GameInputSvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\140.0.7339.208\elevation_service.exe
O23 - Service: Intern aktualiza n slu ba Google (GoogleUpdaterInternalService142.0.7416.0) (GoogleUpdaterInternalService142.0.7416.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe
O23 - Service: Aktualiza n slu ba Google (GoogleUpdaterService142.0.7416.0) (GoogleUpdaterService142.0.7416.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe
O23 - Service: Slu ba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Slu ba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Comm Recovery (HP Comm Recover) - HP Inc. - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service: HP One Agent Service (hp-one-agent-service) - HP Inc; HP Development Company, L.P. - C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe
O23 - Service: @oem44.inf,%ServiceAppHelperDesc%;HP App Helper HSA Service (HPAppHelperCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_b1bfb66eda7ba5ab\x64\AppHelperCap.exe
O23 - Service: HP Display Control Service by Portrait Displays (HPDCService) - HP Inc. - C:\Program Files\Portrait Displays\HP Display Control Service\DisplayControlService.exe
O23 - Service: @oem44.inf,%ServiceDiagsDesc%;HP Diagnostics HSA Service (HPDiagsCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_b1bfb66eda7ba5ab\x64\DiagsCap.exe
O23 - Service: @oem44.inf,%ServiceNetworkDesc%;HP Network HSA Service (HPNetworkCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_b1bfb66eda7ba5ab\x64\NetworkCap.exe
O23 - Service: HP Print Scan Doctor Service (HPPrintScanDoctorService) - HP Inc. - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: @oem44.inf,%ServiceSysInfoDesc%;HP System Info HSA Service (HPSysInfoCap) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_b1bfb66eda7ba5ab\x64\SysInfoCap.exe
O23 - Service: @oem30.inf,%hpanalyticscomp%;HP Insights Analytics (HpTouchpointAnalyticsService) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_0f2b4c962c16d743\x64\TouchpointAnalyticsClientService.exe
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_07bea76bdbdaf3eb\OneApp.IGCC.WinService.exe
O23 - Service: @oem67.inf,%PlatformLicenseManagerServiceName%;Intel(R) Platform License Manager Service (Intel(R) Platform License Manager Service) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Intel - C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_33284f5d2f7b1562\\AS\\IAS\\IntelAudioService.exe
O23 - Service: @oem100.inf,%ServiceDisplayName%;Intel(R) Innovation Platform Framework Service (ipfsvc) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\localkdcsvc.dll,-1 (LocalKdc) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\midisrv.exe,-101 (midisrv) - Unknown owner - C:\WINDOWS\system32\midisrv.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_faa7ec917cf45083\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ReFsDedupSvc.exe,-100 (refsdedupsvc) - Unknown owner - C:\WINDOWS\System32\ReFsDedupSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73b5b27e95d29468\RtkAudUService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sound Research SECOMN Service (SECOMNService) - Unknown owner - C:\WINDOWS\System32\SECOMN64.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: @oem189.inf,%SynTPEnhService.SVCDESC%;SynTPEnhService (SynTPEnhService) - Unknown owner - C:\WINDOWS\System32\SynTPEnhService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: vgc - Riot Games, Inc. - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) Management Engine WMI Provider Registration (WMIRegistrationService) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17849 bytes

Reklama

Příspěvekod **jaro3** » 06 říj 2025 23:58

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/
https://www.majorgeeks.com/files/detail ... eaner.html
https://www.majorgeeks.com/mg/get/temp_ ... ner,1.html

Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož. A vlož sem.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
(Po skončení scanu klikni na vidličku save result a vyber export to TXT. Po chvilce se objeví okno a uložíš si log v txt kam chceš. Pak ho zkopíruj a vlož sem).

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na https://www.virustotal.com/#/home/uploadVirustotal
C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.11.60.0_x64__v10z8vjag6ke6\SysWin32Process\HPCC.Bg.BackgroundSys.exe
C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.11.60.0_x64__v10z8vjag6ke6\SysWin32Process\HPCC.Bg.BackgroundSys.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

https://www.virustotal.com/#/home/upload

Další zítra odpoledne.

nneser · Příspěvekod **nneser** » 08 říj 2025 16:15

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-08-2025
# Duration: 00:00:17
# OS: Windows 11 (Build 26100.6725)
# Scanned: 32107
# Detected: 17

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

nneser · Příspěvekod **nneser** » 08 říj 2025 16:16

Date Time Tick Count Process ID Thread ID Log Level Context Tag Function Name File Name Line Number Message
10/08/25 " 15:36:52.634" 431734 278c 41fc INFO LogController CLogController::Start "LogController.cpp" 93 "Started logging"
10/08/25 " 15:36:52.634" 431734 278c 41fc INFO LogController CLogController::Start "LogController.cpp" 95 "Local time zone: 'StÅednÃ Evropa (letnÃ Äas)' (UTC+02:00)"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 471 "Service Controller starting controller initialization"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 472 "Product code MBAM-C"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 473 "Product version 5.4.1.215"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 474 "Product build consumer"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 475 "MBAMService.exe version 3.2.0.1429"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 476 "OS Version Windows 11 (Build 26100.6725)"
10/08/25 " 15:36:52.666" 431765 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 481 "Service start requested with startTray set to: 1"
10/08/25 " 15:36:52.714" 431812 278c 41fc WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::LoadConfig "PoliciesConfigHandler.cpp" 422 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json. Using default values."
10/08/25 " 15:36:52.714" 431812 278c 41fc WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::FixLanguageCode "PoliciesConfigHandler.cpp" 1605 "Fixing display language code. Old: en_US, New: en-US"
10/08/25 " 15:36:54.065" 433171 278c 41fc INFO PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::ShellExtensionControl "PoliciesConfigHandler.cpp" 1265 "Shell extension registered."
10/08/25 " 15:36:54.068" 433171 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartPoliciesController "ServiceControllerImplementation.cpp" 2731 "Policies Controller Started"
10/08/25 " 15:36:54.068" 433171 278c 41fc INFO LicenseControllerCOM CLicenseController::Start "LicenseController.cpp" 103 "CLicenseController::Start"
10/08/25 " 15:36:54.144" 433250 278c 41fc INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseControllerImplV2::Initialize "LicenseControllerImplV2.cpp" 118 "Successfully initialized the LicenseControllerImpl."
10/08/25 " 15:36:54.144" 433250 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartLicenseController "ServiceControllerImplementation.cpp" 2766 "License Controller Started"
10/08/25 " 15:36:54.187" 433281 278c 41fc WARNING UpdateControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json"
10/08/25 " 15:36:54.187" 433281 278c 41fc WARNING UpdateControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:54.187" 433281 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak"
10/08/25 " 15:36:54.187" 433281 278c 41fc WARNING UpdateControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak. - 2"
10/08/25 " 15:36:54.187" 433281 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ReadConfig "UpdateControllerImplHelper.cpp" 511 "Config file C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json not found; using default values"
10/08/25 " 15:36:54.191" 433296 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Initialize "UpdateControllerImplHelper.cpp" 285 "Controller package version is 1.0.0 - config file may have reset"
10/08/25 " 15:36:54.211" 433312 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::SetInitialPackageVersions "UpdateControllerImplHelper.cpp" 3708 "Setting initial package versions"
10/08/25 " 15:36:54.223" 433328 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::UpdateInstalledPkgVersion "UpdateControllerImplHelper.cpp" 3912 "Successfully updated DB/ClsEng package version to: 1.0.103677"
10/08/25 " 15:36:54.230" 433328 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::UpdateInstalledPkgVersion "UpdateControllerImplHelper.cpp" 3928 "Set DB version to: 2025.10.08.10"
10/08/25 " 15:36:54.234" 433328 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Initialize "UpdateControllerImplHelper.cpp" 404 "COMPONENT PACKAGE VERSION: 142.0.5389, DB PACKAGE VERSION: 1.0.103677"
10/08/25 " 15:36:54.264" 433359 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5921 "Signature successfully validated"
10/08/25 " 15:36:54.875" 433968 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5925 "DB manifest successfully validated"
10/08/25 " 15:36:54.875" 433968 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 6317 "Validated DB manifest - success"
10/08/25 " 15:36:54.915" 434015 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDBFiles "UpdateControllerImplHelper.cpp" 6138 "File not found: C:\ProgramData\Malwarebytes\MBAMService\version.dat"
10/08/25 " 15:36:54.926" 434031 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDLLFiles "UpdateControllerImplHelper.cpp" 6164 "File not found: C:\Program Files\Malwarebytes\Anti-Malware\ActionsV5.dll"
10/08/25 " 15:36:54.926" 434031 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDLLFiles "UpdateControllerImplHelper.cpp" 6164 "File not found: C:\Program Files\Malwarebytes\Anti-Malware\MBAMCoreV5.dll"
10/08/25 " 15:36:54.926" 434031 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDLLFiles "UpdateControllerImplHelper.cpp" 6164 "File not found: C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLV5.dll"
10/08/25 " 15:36:54.926" 434031 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDLLFiles "UpdateControllerImplHelper.cpp" 6164 "File not found: C:\Program Files\Malwarebytes\Anti-Malware\igV5.exe"
10/08/25 " 15:36:54.926" 434031 278c 41fc WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CopyDLLFiles "UpdateControllerImplHelper.cpp" 6164 "File not found: C:\Program Files\Malwarebytes\Anti-Malware\sampleV5.dll"
10/08/25 " 15:36:54.928" 434031 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartUpdateController "ServiceControllerImplementation.cpp" 2851 "Update Controller Started"
10/08/25 " 15:36:54.928" 434031 278c 41fc INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::SetMinSupportedCULevel "UpdateControllerImplHelper.cpp" 6923 "Minimum supported Component (CU) package version is: 137.0.5329"
10/08/25 " 15:36:54.928" 434031 278c 41fc INFO CloudController CCloudController::Start "CloudController.cpp" 102 "CCloudController::Initialize"
10/08/25 " 15:36:54.977" 434078 278c 41fc INFO CloudCtrlImpl Initialize "CloudControllerImpl.cpp" 56 "CC Initialize called"
10/08/25 " 15:36:54.977" 434078 278c 41fc WARNING CloudCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json"
10/08/25 " 15:36:54.977" 434078 278c 41fc WARNING CloudCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:54.977" 434078 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak"
10/08/25 " 15:36:54.977" 434078 278c 41fc WARNING CloudCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak. - 2"
10/08/25 " 15:36:54.977" 434078 278c 41fc INFO CloudCtrlImpl CloudControllerImplHelper::ReadConfig "CloudControllerImplHelper.cpp" 4572 "Config file C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json not found; using default values"
10/08/25 " 15:36:55.014" 434109 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartCloudController "ServiceControllerImplementation.cpp" 2922 "Cloud Controller Started"
10/08/25 " 15:36:55.028" 434125 278c 41fc INFO TelemController CTelemetryController::Start_impl "TelemetryController.cpp" 168 "::Initialize"
10/08/25 " 15:36:55.066" 434171 278c 41fc INFO TelemCtrlImpl TelemetryControllerImpl::Initialize "TelemetryControllerImplHelper.cpp" 230 "Telemetry Controller 3.3.0 starting up"
10/08/25 " 15:36:55.082" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json"
10/08/25 " 15:36:55.082" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:55.082" 434187 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak"
10/08/25 " 15:36:55.082" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak. - 2"
10/08/25 " 15:36:55.082" 434187 278c 41fc INFO TelemCtrlImpl TelemetryControllerImpl::ReadConfig "TelemetryControllerImplHelper.cpp" 1041 "Config file C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json not found; using default values"
10/08/25 " 15:36:55.086" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json"
10/08/25 " 15:36:55.086" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:55.086" 434187 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json.bak"
10/08/25 " 15:36:55.086" 434187 278c 41fc WARNING TelemCtrlImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json.bak. - 2"
10/08/25 " 15:36:55.093" 434187 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartTelemetryController "ServiceControllerImplementation.cpp" 2992 "Telemetry Controller Started"
10/08/25 " 15:36:55.106" 434203 278c 41fc INFO CleanController CCleanController::StartV2 "CleanController.cpp" 161 "Initializing CleanController"
10/08/25 " 15:36:55.148" 434250 278c 41fc INFO CleanControllerImpl CleanControllerImpl::Start "CleanControllerImpl.cpp" 161 "Starting Clean Controller Impl"
10/08/25 " 15:36:55.148" 434250 278c 41fc WARNING CleanControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json"
10/08/25 " 15:36:55.148" 434250 278c 41fc WARNING CleanControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:55.148" 434250 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json.bak"
10/08/25 " 15:36:55.148" 434250 278c 41fc WARNING CleanControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json.bak. - 2"
10/08/25 " 15:36:55.148" 434250 278c 41fc WARNING CleanControllerImpl CleanControllerImpl::ReadConfig "CleanControllerImpl.cpp" 376 "Failed to read config file C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json"
10/08/25 " 15:36:55.148" 434250 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1055 "Initializing system paths and resolving DOR status"
10/08/25 " 15:36:55.162" 434265 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1086 "Processing pending actions"
10/08/25 " 15:36:55.162" 434265 278c 41fc INFO CleanController CCleanController::StartV2::<lambda_1>::operator () "CleanController.cpp" 162 "CleanController initialization complete"
10/08/25 " 15:36:55.162" 434265 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartCleanController "ServiceControllerImplementation.cpp" 3059 "Clean Controller Started"
10/08/25 " 15:36:55.235" 434328 278c 0e14 INFO Actions ActionsManager::ProcessPendingActionsAfterReboot "ActionsManager.cpp" 1107 "Executing pending post cleanup actions"
10/08/25 " 15:36:55.235" 434328 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1204 "Initializing CLS Engine"
10/08/25 " 15:36:55.248" 434343 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1241 "Initializing swiss army SDK"
10/08/25 " 15:36:55.255" 434359 278c 41fc WARNING ScanControllerImpl mb::scancontrollerimpl::ScanConfigHandler::LoadConfig "ScanConfigHandler.cpp" 140 "Could not load config file C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json. Using default values."
10/08/25 " 15:36:55.401" 434500 278c 0e14 INFO SwissarmyDDA DDAInstall "dda.cpp" 270 "Existing driver is not loaded."
10/08/25 " 15:36:55.630" 434734 278c 0e14 INFO SwissarmyDDA DDAInstall "dda.cpp" 284 "Successfully installed swissarmy driver."
10/08/25 " 15:36:55.630" 434734 278c 0e14 INFO SwissarmyShim SwissarmyShimImpl::InstallEx "SwissarmyShimImpl.cpp" 1757 "Swissarmy was successfully installed. DdaContext (0000024534A59F50), Mode (0), DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), LogFile (), BootStart (false)."
10/08/25 " 15:36:55.643" 434750 278c 0e14 INFO CleanControllerImpl CleanDBParser::Parse "CleanDBParser.cpp" 22 "Parsing C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb"
10/08/25 " 15:36:55.646" 434750 278c 0e14 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse "GalaxyRuleParser.cpp" 3004 "Successfully parsed 912 records."
10/08/25 " 15:36:55.647" 434750 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1308 "Loading Hubble cache"
10/08/25 " 15:36:55.662" 434765 278c 41fc INFO SwissarmyShim SwissarmyShimImpl::InstallEx "SwissarmyShimImpl.cpp" 1757 "Swissarmy was successfully installed. DdaContext (0000024534A5AE80), Mode (1), DriverName (MBAMSwissArmy), DeviceFileName (\\.\MBAMSwissArmy), LogFile (), BootStart (false)."
10/08/25 " 15:36:55.679" 434781 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1338 "Loading ARW Predetection cache"
10/08/25 " 15:36:55.679" 434781 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1353 "Loading user white rules"
10/08/25 " 15:36:55.679" 434781 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1365 "Starting white list manager"
10/08/25 " 15:36:55.695" 434796 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1404 "Loading Chrome sync db cache"
10/08/25 " 15:36:55.695" 434796 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1419 "Loading 7z"
10/08/25 " 15:36:55.695" 434796 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1436 "Starting restore engine"
10/08/25 " 15:36:55.695" 434796 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1471 "Initializing Browser SDK"
10/08/25 " 15:36:55.749" 434843 278c 0e14 INFO CleanControllerImpl CleanControllerImpl::ThreadLoop "CleanControllerImpl.cpp" 1529 "Entering into main loop"
10/08/25 " 15:36:55.775" 434875 278c 41fc INFO SPShim SPShimImpl::Initialize "SpShimImpl.cpp" 65 "Initialize Shim - ref count (0)"
10/08/25 " 15:36:55.834" 434937 278c 41fc INFO SPShim SPShimImpl::InitializeInternal "SpShimImpl.cpp" 126 "SelfProtection dll was successfully loaded. SpFilePath=<C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll>."
10/08/25 " 15:36:55.834" 434937 278c 41fc INFO SelfProtectionSDK SpUserImpl::SetLogging "SpUserImpl.cpp" 52 "Start Logging TMF file path C:\Program Files\Malwarebytes\Anti-Malware\sdk\MbamChameleon.tmf"
10/08/25 " 15:36:56.814" 435921 278c 41fc INFO SelfProtectionSDK SpUserImpl::Install "SpUserImpl.cpp" 126 "SelfProtection driver was successfully installed. Path=<C:\Program Files\Malwarebytes\Anti-Malware> Mode=<1>."
10/08/25 " 15:36:56.814" 435921 278c 41fc INFO SelfProtectionSDK SpUserImpl::Install "SpUserImpl.cpp" 160 "SelfProtection StartDriver was already started - 0"
10/08/25 " 15:36:56.814" 435921 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartScanController "ServiceControllerImplementation.cpp" 3094 "Scan Controller Started"
10/08/25 " 15:36:56.862" 435968 278c 41fc INFO RTPControllerImpl mb::rtpcontrollerimpl::RTPControllerImpl::InitializeImpl "RTPControllerImplHelper.cpp" 351 "Initializing RtpControllerImpl.dll (3.3.0.1228)"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc INFO RTP mb::rtpcontrollerimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 224 "ParallelAMEDDSThreadPool: Growing thread pool"
10/08/25 " 15:36:56.887" 435984 278c 41fc WARNING RTPControllerImpl mb::rtpcontrollerimpl::RTPConfigHandler::LoadConfig "RTPConfigHandler.cpp" 173 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json. Using default values."
10/08/25 " 15:36:56.903" 436000 278c 41fc INFO RTPControllerImpl mb::rtpcontrollerimpl::AppControl::AppControlImpl::Initialize "AppControlImpl.cpp" 38 "Starting AppControlImpl"
10/08/25 " 15:36:56.910" 436015 278c 41fc INFO RTPControllerImpl mb::rtpcontrollerimpl::AppControl::AppControlImpl::Initialize::<lambda_1>::operator () "AppControlImpl.cpp" 39 "Exiting AppControlImpl::Initialize()"
10/08/25 " 15:36:56.910" 436015 278c 41fc INFO RTPControllerImpl mb::rtpcontrollerimpl::SilentBlock::SilentBlockImpl::Initialize "SilentBlockImpl.cpp" 40 "Starting SilentBlockImpl"
10/08/25 " 15:36:56.915" 436015 278c 41fc INFO RTPControllerImpl mb::rtpcontrollerimpl::SilentBlock::SilentBlockImpl::Initialize::<lambda_1>::operator () "SilentBlockImpl.cpp" 41 "Exiting SilentBlockImpl::Initialize()"
10/08/25 " 15:36:56.915" 436015 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartRtpController "ServiceControllerImplementation.cpp" 3146 "RTP Controller Started"
10/08/25 " 15:36:56.915" 436015 278c 41fc INFO MWACControllerCOM CMWACController::InitializeV2 "MWACController.cpp" 348 "Initializing MWAC Controller"
10/08/25 " 15:36:56.915" 436015 278c 41fc INFO MWACControllerCOM CMWACController::InitializeV2::<lambda_1>::operator () "MWACController.cpp" 349 "MWAC Controller initialization complete"
10/08/25 " 15:36:56.954" 436046 278c 41fc INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::Initialize "MWACControllerImplHelper.cpp" 1126 "Initializing MWACControllerImpl.dll (3.2.0.707)"
10/08/25 " 15:36:56.957" 436062 278c 41fc INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacConfigHandler::CreateMwacConfigFile "MwacConfigHandler.cpp" 427 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json. Using default values."
10/08/25 " 15:36:56.973" 436078 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartMWACController "ServiceControllerImplementation.cpp" 3201 "MWAC Controller Started"
10/08/25 " 15:36:57.068" 436171 278c 41fc INFO ARWConfigHandler mb::arwcontrollerimpl::ArwConfigHandler::LoadConfig "ArwConfigHandler.cpp" 55 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json. Using default values."
10/08/25 " 15:36:57.068" 436171 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartArwController "ServiceControllerImplementation.cpp" 3255 "ARW Controller Started"
10/08/25 " 15:36:57.132" 436234 278c 41fc WARNING AEControllerImpl mb::aecontrollerimpl::AEConfigHandler::LoadConfig "AeConfigHandler.cpp" 205 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json. Using default values."
10/08/25 " 15:36:57.148" 436250 278c 41fc ERROR AeSDKImpl AeSDKImpl::MbaeSetExclusions "AeSDKImpl.cpp" 358 "MbaeSetExclusions failed. status(16)"
10/08/25 " 15:36:57.148" 436250 278c 41fc ERROR AEControllerImpl mb::aecontrollerimpl::AeExclusionsHandler::InitializeExclusions "ExclusionsHandler.cpp" 97 "Could not configure exclusions in MbaeSdk (16)"
10/08/25 " 15:36:57.605" 436703 278c 41fc WARNING AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::UpdateDynamicConfig "AEControllerImplHelper.cpp" 3583 "Did not find any config value pairs in section MACRO4ABUSE3"
10/08/25 " 15:36:55.631" 434729 0004 2f9c INFO MBAMSwissArmy DriverEntry "swissarmy.c" 171 "MBAMSwissArmy service started. (4.4.0.221)"
10/08/25 " 15:36:57.828" 436921 278c 41fc ERROR AeSDKImpl AeSDKImpl::MbaeSetConfig "AeSDKImpl.cpp" 264 "MbaeSetConfig failed - 16"
10/08/25 " 15:36:57.828" 436921 278c 41fc ERROR AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::AeSetOption "AEControllerImplHelper.cpp" 1499 "Error configuring mbae sdk engine (16)"
10/08/25 " 15:36:57.843" 436937 278c 41fc ERROR AeSDKImpl AeSDKImpl::MbaeSetConfig "AeSDKImpl.cpp" 264 "MbaeSetConfig failed - 16"
10/08/25 " 15:36:57.843" 436937 278c 41fc ERROR AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::AeSetOption "AEControllerImplHelper.cpp" 1499 "Error configuring mbae sdk engine (16)"
10/08/25 " 15:36:57.843" 436937 278c 41fc ERROR AeSDKImpl AeSDKImpl::MbaeSetConfig "AeSDKImpl.cpp" 264 "MbaeSetConfig failed - 16"
10/08/25 " 15:36:57.843" 436937 278c 41fc ERROR AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::AeSetOption "AEControllerImplHelper.cpp" 1499 "Error configuring mbae sdk engine (16)"
10/08/25 " 15:36:57.892" 437000 278c 41fc INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::InitializeV2 "AEControllerImplHelper.cpp" 381 "Successfully Initialized AeControllerImpl 3.2.0.406"
10/08/25 " 15:36:57.892" 437000 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartAEController "ServiceControllerImplementation.cpp" 3308 "Anti-Exploit Controller Started"
10/08/25 " 15:36:57.922" 437015 278c 41fc INFO SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::InitializeImpl "SPControllerImplHelper.cpp" 103 "Initializing SPControllerImpl.dll (3.2.0.330)"
10/08/25 " 15:36:57.938" 437031 278c 41fc INFO SelfProtectionSDK SpUserImpl::SetLogCallback "SpUserImpl.cpp" 332 "Enter SetLogCallback Installed = 1 loggingStarted = 1."
10/08/25 " 15:36:57.938" 437031 278c 41fc INFO SelfProtectionSDK SpUserImpl::SetLogCallback "SpUserImpl.cpp" 359 "loggingStarted = 2."
10/08/25 " 15:36:57.938" 437031 278c 41fc INFO SPShim SPShimImpl::Initialize "SpShimImpl.cpp" 65 "Initialize Shim - ref count (1)"
10/08/25 " 15:36:57.954" 437046 278c 41fc WARNING SPControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFileEx "JSONUtilities.h" 87 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\Config\SpConfigFile.json"
10/08/25 " 15:36:57.954" 437046 278c 41fc WARNING SPControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 42 "Failed reading file C:\ProgramData\Malwarebytes\MBAMService\Config\SpConfigFile.json, error 2. Will try reading from the backup if it exists."
10/08/25 " 15:36:57.954" 437046 278c 41fc WARNING FileSystemUtils mb::common::io::FileSystemUtils::Copy "FileSystemUtils.cpp" 101 "File not found: C:\ProgramData\Malwarebytes\MBAMService\Config\SpConfigFile.json.bak"
10/08/25 " 15:36:57.954" 437046 278c 41fc WARNING SPControllerImpl mb::common::json::JSONUtilities::ReadJSONFromFile "JSONUtilities.h" 66 "Copy from backup failed for file C:\ProgramData\Malwarebytes\MBAMService\Config\SpConfigFile.json.bak. - 2"
10/08/25 " 15:36:57.954" 437046 278c 41fc WARNING SPControllerImpl mb::spcontrollerimpl::SpConfigHandler::LoadConfig "SpConfigHandler.cpp" 330 "Config file not found C:\ProgramData\Malwarebytes\MBAMService\Config\SpConfigFile.json. Using default values."
10/08/25 " 15:36:57.954" 437046 278c 41fc INFO SPControllerImpl mb::spcontrollerimpl::SPShimModuleLoader::SPShimSetVerificationMode "SPShimModuleLoader.cpp" 532 "verification mode = 0 ."
10/08/25 " 15:36:57.954" 437046 278c 41fc INFO SPShim SPShimImpl::SetVerificationMode "SpShimImpl.cpp" 543 "Verification mode = 0."
10/08/25 " 15:36:57.954" 437046 278c 41fc INFO SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::InitializeImpl "SPControllerImplHelper.cpp" 200 "Successfully initialized the SPControllerImpl, spFolderPath=[C:\Program Files\Malwarebytes\Anti-Malware]."
10/08/25 " 15:36:57.954" 437046 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartSpController "ServiceControllerImplementation.cpp" 2957 "Self-Protection Controller Started"
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerImpl mb::vpncontrollerimpl::VPNControllerImpl::Initialize "VPNControllerImpl.cpp" 213 "Starting VPNControllerImpl"
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerImpl ConfigHandler<class mb::vpncontrollerimpl::VPNConfig>::LoadConfig "ConfigHandlerImpl.h" 85 "Creating default configuration and saving to C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json."
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerImpl ConfigHandler<class mb::vpncontrollerimpl::VPNConfigServerList>::LoadConfig "ConfigHandlerImpl.h" 85 "Creating default configuration and saving to C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json."
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerImpl Initialize_LoadConfig "VPNControllerImpl.cpp" 158 "Migrated provider to Malwarebytes backend"
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerImpl mb::vpncontrollerimpl::VPNControllerImpl::Initialize::<lambda_1>::operator () "VPNControllerImpl.cpp" 214 "Exiting VPNControllerImpl::Initialize()"
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO VPNControllerCOM CVPNController::Start "VPNController.cpp" 131 "VPNController Implementation DLL has been successfully loaded and initialized."
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartVPNController "ServiceControllerImplementation.cpp" 3428 "VPN Controller Started"
10/08/25 " 15:36:58.002" 437109 278c 41fc INFO ServiceControllerImpl ServiceControllerImplementation::StartV2 "ServiceControllerImplementation.cpp" 617 "Start Service Controller complete"
10/08/25 " 15:36:58.018" 437125 278c 433c INFO ServiceControllerImpl ServiceControllerImplementation::PowerSourceNotificationImpl "ServiceControllerImplementation.cpp" 3860 "Notifying controllers of power source change. System is on battery."
10/08/25 " 15:36:58.018" 437125 278c 433c INFO ServiceControllerImpl ServiceControllerImplementation::PowerIdleNotificationImpl "ServiceControllerImplementation.cpp" 3841 "Notifying controllers of power idle change. System is not idle."
10/08/25 " 15:36:58.724" 437828 278c 2014 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::BackendCheck "BackendAPIs.cpp" 3270 "Attempting Check"
10/08/25 " 15:36:56.817" 435920 278c 41fc INFO MBAMChameleon RegisterALEResourceAssignmnentCallout "IG2ProtNet.c" 1667 "ALE Resource Assignment callout(797d6309-4a5e-4fcc-b57b-6627959006aa) registered succesfully!"
10/08/25 " 15:36:56.817" 435920 278c 41fc INFO MBAMChameleon RegisterALEResourceAssignmnentCallout "IG2ProtNet.c" 1667 "ALE Resource Assignment callout(2d21ccdb-0383-4ba4-81ed-7a7d58971107) registered succesfully!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon ProcsSetState "IG2ProtProcs.c" 636 "Process Protection status changed to: 0x00000001(true)!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon RegSetState "IG2ProtReg.c" 291 "Registry Protection status changed to: 0x00000001(true)!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon FsSetState "IG2ProtFs.c" 563 "File System Protection status changed to: 0x00000001(true)!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon NetSetState "IG2ProtNet.c" 1755 "Network Protection status changed to: 0x00000001(true)!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon ObjSetState "IG2ProtObj.c" 325 "Object Manager Protection status changed to: 0x00000001(true)!"
10/08/25 " 15:36:56.818" 435921 278c 41fc INFO MBAMChameleon DispatchIoctl "watchdog-common.c" 2376 "Initialized IG"
10/08/25 " 15:37:00.313" 439406 278c 1fb0 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::POSTRequestImpl "BackendAPIs.cpp" 1961 "X-Correlation-Id: f479bdb2-8a76-4706-91e8-9f9c88f7a485"
10/08/25 " 15:37:03.127" 442234 278c 37e8 INFO ServiceControllerImpl ServiceControllerImplementation::StartApp "ServiceControllerImplementation.cpp" 112 "Starting 'C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe' in session 0x1"
10/08/25 " 15:37:05.426" 444531 278c 2e10 WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::LoadClientData "PoliciesConfigHandler.cpp" 1485 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json"
10/08/25 " 15:37:05.428" 444531 278c 2e10 WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::LoadClientData "PoliciesConfigHandler.cpp" 1485 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\UI_ApplicationSettings.json"
10/08/25 " 15:37:11.610" 450703 278c 2014 WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 426 "HTTP POST - connection timed out (during receive)"
10/08/25 " 15:37:11.610" 450703 278c 2014 WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "HttpConnection.cpp" 1887 "Exception details: text=Timeout"
10/08/25 " 15:37:11.611" 450718 278c 2014 WARNING LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::ProcessHolocronRequestError "BackendAPIs.cpp" 2612 "Received a [-22] response from Holocron. This isn't one of the expected httpStatus returns."
10/08/25 " 15:37:11.611" 450718 278c 2014 WARNING LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::ProcessNetworkError "BackendAPIs.cpp" 3469 "General network error"
10/08/25 " 15:37:11.611" 450718 278c 2014 ERROR LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::Register "BackendAPIs.cpp" 2653 "Registration Request Failed: GeneralNetworkError"
10/08/25 " 15:37:11.611" 450718 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::BackendCheck "BackendAPIs.cpp" 3270 "Attempting Check"
10/08/25 " 15:37:15.198" 454296 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::POSTRequestImpl "BackendAPIs.cpp" 1961 "X-Correlation-Id: 4497bcf3-7bcb-4941-b021-57e3fdee75a9"
10/08/25 " 15:37:15.230" 454328 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::LicenseState "LicenseConfigHandler.cpp" 1395 "License state changed."
10/08/25 " 15:37:15.230" 454328 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::SendLicenseStateChangedNotification "LicenseConfigHandler.cpp" 1784 "Called License state changed callback."
10/08/25 " 15:37:15.230" 454328 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::LicenseConfigHandler::LicenseState "LicenseConfigHandler.cpp" 1403 "LicenseStateChangedNotification Sent with license state [1]."
10/08/25 " 15:37:15.230" 454328 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::Register "BackendAPIs.cpp" 2672 "Registration successful"
10/08/25 " 15:37:15.230" 454328 278c 0e64 INFO ScanControllerImpl mb::scancontrollerimpl::ScanScheduler::UpdateScheduledScans "ScanScheduler.cpp" 1461 "License state changed from Unknown to Free."
10/08/25 " 15:37:15.230" 454328 278c 0e64 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::SetLicenseState "MWACControllerImplHelper.cpp" 5347 "Entering SetLicenseState Current State is [Not Available]; New License State is [Free]"
10/08/25 " 15:37:15.230" 454328 278c 0e64 INFO SPControllerImpl mb::spcontrollerimpl::SPControllerImpl::SetLicenseState "SPControllerImplHelper.cpp" 1424 "Setting SpLicenseState to [1]"
10/08/25 " 15:37:17.549" 456656 278c 2bc0 INFO LicenseControllerImpl mb::licensecontrollerimpl::BackendAPIs::POSTRequestImpl "BackendAPIs.cpp" 1961 "X-Correlation-Id: 8ade869a-8b8f-4fe0-96b7-6b2d07e6df27"
10/08/25 " 15:37:17.794" 456890 278c 2e10 ERROR RTPControllerImpl mb::rtpcontrollerimpl::MBAMShimModuleLoader::MBAMShimClearEngineCaches "MBAMShimModuleLoader.cpp" 388 "Cannot clear engine caches! MBAMShim is not loaded."
10/08/25 " 15:37:18.796" 457890 278c 06e4 WARNING PoliciesControllerImpl mb::policiescontrollerimpl::PoliciesConfigHandler::LoadClientData "PoliciesConfigHandler.cpp" 1485 "Could not open file for reading C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json"
10/08/25 " 15:38:54.010" 553109 278c 433c INFO ServiceControllerImpl ServiceControllerImplementation::PowerIdleNotificationImpl "ServiceControllerImplementation.cpp" 3841 "Notifying controllers of power idle change. System is idle."

nneser · Příspěvekod **nneser** » 08 říj 2025 16:16

10/08/25 " 15:39:54.241" 613343 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 743 "Normal database mode"
10/08/25 " 15:39:54.243" 613343 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5921 "Signature successfully validated"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5925 "DB manifest successfully validated"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 6317 "Validated DB manifest - success"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 848 "DoUpdate - Starting check for updates (automatic)"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 858 "Checking for: Installer=[Yes], CU/SU/UI=[Yes], DB/CLS=[No]"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1606 "Installer package --> [mbam-c.installer.consumer], current version: [5.4.1]"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1660 "SDK/Controller package --> [mbam-c.ctlr.64bitv5], current version: [142.0.5389]"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1698 "DotNet package --> [mb.dotnetruntime.win.x64], current version: [6.0.36]"
10/08/25 " 15:39:55.438" 614531 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1731 "Updater package --> [mbam-c.updatr.64bit], current version: [1.0.0]"
10/08/25 " 15:39:55.450" 614546 278c 0d4c WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 398 "HTTP POST - host not found"
10/08/25 " 15:39:55.450" 614546 278c 0d4c WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "HttpConnection.cpp" 1887 "Exception details: text=Host not found: sirius.mwbsys.com"
10/08/25 " 15:39:55.450" 614546 278c 0d4c WARNING UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckForUpdates "UpdateControllerImplHelper.cpp" 1139 "Network error - unable to connect to server"
10/08/25 " 15:39:55.952" 615046 278c 0d4c ERROR UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckForUpdates "UpdateControllerImplHelper.cpp" 1198 "HTTP status code: -3"
10/08/25 " 15:39:55.952" 615046 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 906 "Checked for updates - no updates available"
10/08/25 " 15:39:55.977" 615078 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 928 "Update check is complete."
10/08/25 " 15:55:02.234" 1521328 278c 433c INFO ServiceControllerImpl ServiceControllerImplementation::PowerIdleNotificationImpl "ServiceControllerImplementation.cpp" 3841 "Notifying controllers of power idle change. System is not idle."
10/08/25 " 15:55:05.237" 1524343 278c 0a30 INFO ScanControllerImpl mb::scancontrollerimpl::ScanControllerImpl::UpdateCheckCompletedNotification "ScanControllerImplHelper.cpp" 4284 "Received update check completed notification."
10/08/25 " 15:55:05.237" 1524343 278c 0a30 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::UpdateCheckCompletedNotification "Scanner.cpp" 10091 "Received update check completed notification. Proceeding with the scan operations."
10/08/25 " 15:55:58.098" 1577203 278c 4734 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::StartScan "Scanner.cpp" 960 "Starting a Threat scan, clientID = MBAM5, clientType = MBClientFullUI."
10/08/25 " 15:55:58.107" 1577203 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::SendScanStartedCCNotification "Scanner.cpp" 11701 "Sending scan started notification to clean controller."
10/08/25 " 15:55:58.108" 1577203 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::InitializeScan "Scanner.cpp" 584 "Checking for def updates.."
10/08/25 " 15:55:58.108" 1577203 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::InitializeScan "Scanner.cpp" 591 "Waiting for update check to complete."
10/08/25 " 15:55:58.108" 1577203 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 743 "Normal database mode"
10/08/25 " 15:55:58.110" 1577203 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5921 "Signature successfully validated"
10/08/25 " 15:55:59.206" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ValidateDBManifest "UpdateControllerImplHelper.cpp" 5925 "DB manifest successfully validated"
10/08/25 " 15:55:59.206" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::CheckDbManifest "UpdateControllerImplHelper.cpp" 6317 "Validated DB manifest - success"
10/08/25 " 15:55:59.207" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 848 "DoUpdate - Starting check for updates (manual)"
10/08/25 " 15:55:59.207" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 858 "Checking for: Installer=[No], CU/SU/UI=[No], DB/CLS=[Yes]"
10/08/25 " 15:55:59.207" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1731 "Updater package --> [mbam-c.updatr.64bit], current version: [1.0.0]"
10/08/25 " 15:55:59.207" 1578312 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::GetInstalledPkgVersions "UpdateControllerImplHelper.cpp" 1806 "DB/ClsEng package --> [mbam-c.dbcls.64bitv5], current version: [1.0.103677]"
10/08/25 " 15:56:05.369" 1584468 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ProcessAvailablePackages "UpdateControllerImplHelper.cpp" 1480 "A New version (1.0.704) of pkg [mbam-c.updatr.64bit] (FULL) is available"
10/08/25 " 15:56:05.369" 1584468 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 864 "Available updates found - beginning download"
10/08/25 " 15:56:05.643" 1584750 278c 49b8 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DownloadComplete "UpdateControllerImplHelper.cpp" 4459 "Download Complete (Successful) for: C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbam-c.updatr.64bit.7z"
10/08/25 " 15:56:05.910" 1585015 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DownloadUpdates "UpdateControllerImplHelper.cpp" 2155 "Successfully downloaded: mbam-c.updatr.64bit"
10/08/25 " 15:56:05.911" 1585015 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ProcessUpdatePackages "UpdateControllerImplHelper.cpp" 2197 "Enter ProcessUpdatePackages"
10/08/25 " 15:56:09.662" 1588765 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 3"
10/08/25 " 15:56:09.665" 1588765 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 3"
10/08/25 " 15:56:09.690" 1588796 278c 4734 ERROR RTPControllerImpl mb::rtpcontrollerimpl::MBAMShimModuleLoader::MBAMShimClearEngineCaches "MBAMShimModuleLoader.cpp" 388 "Cannot clear engine caches! MBAMShim is not loaded."
10/08/25 " 15:56:09.695" 1588796 278c 4734 INFO ScanControllerCOM CScanController::get_KillSwitch "ScanController.cpp" 4453 "Getting Kill Switch value 1"
10/08/25 " 15:56:09.697" 1588796 278c 4734 INFO ScanControllerCOM CScanController::put_KillSwitch "ScanController.cpp" 4475 "Setting Kill Switch value 1"
10/08/25 " 15:56:09.709" 1588812 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 2"
10/08/25 " 15:56:09.711" 1588812 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 0"
10/08/25 " 15:56:09.713" 1588812 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 0"
10/08/25 " 15:56:09.720" 1588828 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 7"
10/08/25 " 15:56:09.721" 1588828 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 7"
10/08/25 " 15:56:09.725" 1588828 278c 4734 ERROR RTPControllerImpl mb::rtpcontrollerimpl::MBAMShimModuleLoader::MBAMShimClearEngineCaches "MBAMShimModuleLoader.cpp" 388 "Cannot clear engine caches! MBAMShim is not loaded."
10/08/25 " 15:56:09.730" 1588828 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 5"
10/08/25 " 15:56:09.731" 1588828 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 4"
10/08/25 " 15:56:09.732" 1588828 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 4"
10/08/25 " 15:56:09.739" 1588843 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 11"
10/08/25 " 15:56:09.746" 1588843 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 9"
10/08/25 " 15:56:09.748" 1588843 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 9"
10/08/25 " 15:56:09.755" 1588859 278c 4734 INFO RTPControllerCOM CRTPController::get_KillSwitch "RTPController.cpp" 3595 "Getting Kill Switch value 10"
10/08/25 " 15:56:09.757" 1588859 278c 4734 INFO RTPControllerCOM CRTPController::put_KillSwitch "RTPController.cpp" 3621 "Setting Kill Switch value 10"
10/08/25 " 15:56:09.769" 1588875 278c 4734 INFO ArwControllerCOM CArwController::get_KillSwitch "ArwController.cpp" 1020 "Getting Kill Switch value 1"
10/08/25 " 15:56:09.770" 1588875 278c 4734 INFO ArwControllerCOM CArwController::put_KillSwitch "ArwController.cpp" 1042 "Setting Kill Switch value 1"
10/08/25 " 15:56:09.784" 1588890 278c 0d4c INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoUpdate "UpdateControllerImplHelper.cpp" 928 "Update check is complete."
10/08/25 " 15:56:09.786" 1588890 278c 0a30 INFO ScanControllerImpl mb::scancontrollerimpl::ScanControllerImpl::UpdateCheckCompletedNotification "ScanControllerImplHelper.cpp" 4284 "Received update check completed notification."
10/08/25 " 15:56:09.786" 1588890 278c 0a30 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::UpdateCheckCompletedNotification "Scanner.cpp" 10091 "Received update check completed notification. Proceeding with the scan operations."
10/08/25 " 15:56:09.786" 1588890 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::InitializeScan "Scanner.cpp" 612 "Checking for def updates..Done."
10/08/25 " 15:56:09.953" 1589046 278c 30d4 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "MBAMShimImpl.cpp" 156 "MBAMCore v3.1.0.168 was successfully loaded. CoreFilePath=<C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll>."
10/08/25 " 15:56:10.225" 1589328 278c 30d4 INFO DDSScanner DDSScanner::SetIGFiltersOverride "DDSScanner.cpp" 1891 "IGFiltersOverride = false."
10/08/25 " 15:56:12.533" 1591640 278c 30d4 INFO DDSIG IGSDK_Initialize "IGSDK.cpp" 552 "SDK Initialized (0)"
10/08/25 " 15:56:12.533" 1591640 278c 30d4 INFO DDSScanner DDSScanner::Initialize "DDSScanner.cpp" 223 "DDSIG SDk initialized successfully."
10/08/25 " 15:56:12.533" 1591640 278c 30d4 INFO DDSIG DdsGetSdkVersion "DdsMbSdk" 769 "MBAMService-DdsMbSdk(769) - 2025/10/08 - 15:56:12 - #4# - StaticIG: SigGetSigFileVersion(0): '1.0.6.30' - 30 - 0 - 12500 - 10124"
10/08/25 " 15:56:12.533" 1591640 278c 30d4 INFO DDSScanner DDSScanner::Initialize "DDSScanner.cpp" 232 "DDSIG Sdk Version: 1.0.6.38."
10/08/25 " 15:56:12.533" 1591640 278c 30d4 INFO DDSScanner DDSScanner::Initialize "DDSScanner.cpp" 247 "DDSIG Sig File Version: 03560393."
10/08/25 " 15:56:12.560" 1591656 278c 30d4 INFO DDSScanner DDSScanner::Initialize "DDSScanner.cpp" 263 "IG Sdk config set successfully."
10/08/25 " 15:56:12.579" 1591671 278c 30d4 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "MBAMCoreImpl.cpp" 184 "MBAMCore was successfully initialized. CoreFolderPath=<C:\Program Files\Malwarebytes\Anti-Malware>. DefsFolderPath=<C:\ProgramData\Malwarebytes\MBAMService>."
10/08/25 " 15:56:13.344" 1592437 278c 30d4 INFO DDSScanner DDSScanner::SetIGFiltersOverride "DDSScanner.cpp" 1891 "IGFiltersOverride = false."
10/08/25 " 15:56:13.436" 1592531 278c 30d4 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse "GalaxyRuleParser.cpp" 3004 "Successfully parsed 15396 records."
10/08/25 " 15:56:13.436" 1592531 278c 30d4 INFO DDSScanner DDSScanner::SetIGFiltersOverride "DDSScanner.cpp" 1891 "IGFiltersOverride = false."
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"", Krn Path:""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"""
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon AddProcessToIsolationList "DispatchIOCTL.c" 892 "New process added to isolation list. PID:0000000000003CD4, Path:C:\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\sec""."
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\sec"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\SEC"""
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\sec"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.bin""."
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.bin"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\SEC\*.BIN"""
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.bin"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.txt""."
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.txt"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\SEC\*.TXT"""
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.txt"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.ext""."
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.ext"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\SEC\*.EXT"""
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\sec\*.ext"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(0000000000003CD4) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"") filter for callout 2d21ccdb-0383-4ba4-81ed-7a7d58971107"
10/08/25 " 15:56:12.695" 1591798 278c 4410 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(0000000000003CD4) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"") filter for callout 797d6309-4a5e-4fcc-b57b-6627959006aa"
10/08/25 " 15:56:12.749" 1591852 3cd4 0c5c WARNING MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 1002 "FILE SYSTEM OPERATION BLOCKED! Path (\Device\HarddiskVolume3\Windows\Temp\MBI4A23.tmp), DesiredAccess (0x00120089), Options (0x02000060), Process (0000000000003CD4)(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe)"
10/08/25 " 15:56:12.749" 1591852 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe)."
10/08/25 " 15:56:12.749" 1591852 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe)."
10/08/25 " 15:56:12.752" 1591855 3cd4 0c5c INFO MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 506 "New process([0000000000004890]""\??\c:\windows\SysWOW64\help.exe"") attempted to launch."
10/08/25 " 15:56:12.752" 1591855 3cd4 0c5c INFO MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 518 "Process([0000000000003CD4]""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"") attempting to launch new process [0000000000004890]""\??\c:\windows\SysWOW64\help.exe""."
10/08/25 " 15:56:12.752" 1591855 3cd4 0c5c WARNING MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 559 "PROCESS OPERATION BLOCKED!! New process(0000000000004890) to be created. Launcher Process PID:0000000000003CD4"
10/08/25 " 15:56:12.755" 1591858 3cd4 0c5c INFO MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 506 "New process([0000000000004A44]""\??\c:\windows\SysWOW64\help.exe"") attempted to launch."
10/08/25 " 15:56:12.755" 1591858 3cd4 0c5c INFO MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 518 "Process([0000000000003CD4]""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe"") attempting to launch new process [0000000000004A44]""\??\c:\windows\SysWOW64\help.exe""."
10/08/25 " 15:56:12.755" 1591858 3cd4 0c5c WARNING MBAMChameleon IgProcessCreateNotifyRoutineExUnload "IG2ProtProcs.c" 559 "PROCESS OPERATION BLOCKED!! New process(0000000000004A44) to be created. Launcher Process PID:0000000000003CD4"
10/08/25 " 15:56:12.761" 1591864 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.761" 1591864 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.763" 1591866 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.763" 1591866 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.765" 1591868 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.765" 1591868 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.771" 1591874 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.771" 1591874 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.771" 1591874 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.771" 1591874 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D})."
10/08/25 " 15:56:12.777" 1591880 3cd4 251c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D})."
10/08/25 " 15:56:12.777" 1591880 3cd4 251c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."

nneser · Příspěvekod **nneser** » 08 říj 2025 16:16

10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.778" 1591881 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.779" 1591882 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.779" 1591882 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.779" 1591882 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4})."
10/08/25 " 15:56:12.779" 1591882 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{CDC82860-468D-4D4E-B7E7-C298FF23AB2C})."
10/08/25 " 15:56:12.780" 1591883 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{CDC82860-468D-4D4E-B7E7-C298FF23AB2C})."
10/08/25 " 15:56:12.781" 1591884 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\REGISTRY\USER\S-1-5-21-2567312704-179998347-2549302653-1001_Classes\WOW6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917})."
10/08/25 " 15:56:12.781" 1591884 3cd4 0c5c WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 255 "REGISTRY OPERATION BLOCKED!! Due to restricted COM access(0000000000003CD4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\sec\ig.exe) - (\Registry\Machine\Software\Classes\WOW6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917})."
10/08/25 " 15:56:12.783" 1591886 0004 0380 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994540) purged succesfully from Engine Filter."
10/08/25 " 15:56:12.783" 1591886 0004 0380 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994539) purged succesfully from Engine Filter."
10/08/25 " 15:56:24.517" 1603625 278c 30d4 WARNING RegistryUtilities mb::common::system::RegistryUtilities::GetValueStringInternal "RegistryUtilities.cpp" 1174 "Using GetValueString for registry value type (7), Key=SYSTEM\CURRENTCONTROLSET\CONTROL\LSA, Value=Authentication Packages"
10/08/25 " 15:56:24.517" 1603625 278c 30d4 WARNING RegistryUtilities mb::common::system::RegistryUtilities::GetValueStringInternal "RegistryUtilities.cpp" 1174 "Using GetValueString for registry value type (7), Key=SYSTEM\CURRENTCONTROLSET\CONTROL\LSA, Value=Notification Packages"
10/08/25 " 15:56:24.518" 1603625 278c 30d4 WARNING RegistryUtilities mb::common::system::RegistryUtilities::GetValueStringInternal "RegistryUtilities.cpp" 1174 "Using GetValueString for registry value type (7), Key=SYSTEM\CURRENTCONTROLSET\CONTROL\LSA, Value=Security Packages"
10/08/25 " 15:56:49.547" 1628640 278c 48a0 WARNING DDSIG ValidateParams "IGSDK.cpp" 1051 "[idx=2] LargeFile: FileSize cannot be 0"
10/08/25 " 15:58:37.437" 1736531 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":false,""sha256"":""9da5a899b9d55e1d43718ec0ad6368f9e9ef0242a4e88cd5ddb2cc6d7bfa5fb3"",""md5"":""47811d50390a86a17102d7496e6eabb9"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:37.437" 1736531 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DOWNLOADS\HIJACKTHIS (1).EXE' 47811D50390A86A17102D7496E6EABB9 (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:38.339" 1737437 278c 1560 WARNING CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListedEx "RulesWhiteLister.cpp" 387 "Unexpected MBStatus 9 while attempting to white list 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e359e1baa44e11f097ee58ce2ae96eec'"
10/08/25 " 15:58:38.570" 1737671 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d"",""md5"":""ba0ea9249da4ab8f62432617489ae5a6"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:38.570" 1737671 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e359e1baa44e11f097ee58ce2ae96eec' BA0EA9249DA4AB8F62432617489AE5A6 (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:38.678" 1737781 278c 1560 WARNING CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListedEx "RulesWhiteLister.cpp" 387 "Unexpected MBStatus 9 while attempting to white list 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e3e153a2a44e11f088e158ce2ae96eec'"
10/08/25 " 15:58:38.874" 1737968 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""72ffe8859eaa63637f5a62b7c454241db35938f8326f6ccf20352e00f8df2fe5"",""md5"":""32109e2aac377fa07b849f4f4033edc5"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:38.875" 1737968 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e3e153a2a44e11f088e158ce2ae96eec' 32109E2AAC377FA07B849F4F4033EDC5 (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:38.994" 1738093 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::thread::SimpleThreadPool::GrowThreadPool "SimpleThreadPool.cpp" 222 "FileSignatureVerifier: Growing thread pool"
10/08/25 " 15:58:39.008" 1738109 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DOWNLOADS\STEAMSETUP.EXE' 1B54B70BEEF8EB240DB31718E8F7EB5D (shuriken) => Signature:WhiteListed"
10/08/25 " 15:58:39.933" 1739031 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DOWNLOADS\MBSETUP (1).EXE' 07D44299EB8D7F420D8D9EC522245562 (shuriken) => Signature:WhiteListed"
10/08/25 " 15:58:43.668" 1742765 278c 1560 WARNING CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListedEx "RulesWhiteLister.cpp" 387 "Unexpected MBStatus 9 while attempting to white list 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e5139046a44e11f0ab3458ce2ae96eec'"
10/08/25 " 15:58:44.224" 1743328 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""8946105827c27151e3e17f88f7c65d9db99aef1ef7f3e710bda37d2c948d7f16"",""md5"":""61f1a3fc174a0c4ac9b80c15c389b7fe"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:44.224" 1743328 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\ProgramData\Malwarebytes\MBAMService\tmp\e5139046a44e11f0ab3458ce2ae96eec' 61F1A3FC174A0C4AC9B80C15C389B7FE (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"", Krn Path:""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"""
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon AddProcessToIsolationList "DispatchIOCTL.c" 892 "New process added to isolation list. PID:0000000000003BFC, Path:C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02""."
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02"""
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02"
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin""."
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.BIN"""
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin"
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt""."
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.TXT"""
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt"
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext""."
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.EXT"""
10/08/25 " 15:58:44.689" 1743792 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext"
10/08/25 " 15:58:44.690" 1743793 278c 3b80 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(0000000000003BFC) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"") filter for callout 2d21ccdb-0383-4ba4-81ed-7a7d58971107"
10/08/25 " 15:58:44.690" 1743793 278c 3b80 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(0000000000003BFC) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"") filter for callout 797d6309-4a5e-4fcc-b57b-6627959006aa"
10/08/25 " 15:58:44.738" 1743841 3bfc 1b28 WARNING MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 1002 "FILE SYSTEM OPERATION BLOCKED! Path (\Device\HarddiskVolume3\Windows\Temp\MBI9BE3.tmp), DesiredAccess (0x00120089), Options (0x02000060), Process (0000000000003BFC)(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)"
10/08/25 " 15:58:44.738" 1743841 3bfc 1b28 WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(0000000000003BFC):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)."
10/08/25 " 15:58:44.738" 1743841 3bfc 1b28 WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(0000000000003BFC):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)."
10/08/25 " 15:58:44.987" 1744090 3bfc 36a8 INFO MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 963 "FS Create operation from 0000000000003BFC is excluded!! Matched path: \Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\all_memory_dump_final.bin."
10/08/25 " 15:58:44.998" 1744101 0004 0390 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994542) purged succesfully from Engine Filter."
10/08/25 " 15:58:44.998" 1744101 0004 0390 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994541) purged succesfully from Engine Filter."
10/08/25 " 15:58:46.987" 1746093 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DOWNLOADS\MBSETUP (2).EXE' 07D44299EB8D7F420D8D9EC522245562 (shuriken) => Signature:WhiteListed"
10/08/25 " 15:58:52.489" 1751593 278c 1560 WARNING CleanControllerImpl mb::cleanctlrimpl::whitelist::RulesWhiteLister::IsObjectWhiteListedEx "RulesWhiteLister.cpp" 387 "Unexpected MBStatus 9 while attempting to white list 'C:\ProgramData\Malwarebytes\MBAMService\tmp\ea5e7192a44e11f09db458ce2ae96eec'"
10/08/25 " 15:58:52.923" 1752031 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""ae553c3a4f4fec78c4d30db4ee0c775d90bb0b0059780a884afa2df2d255caee"",""md5"":""25128030c18bc1be2472b9d972d310d2"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:52.923" 1752031 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\ProgramData\Malwarebytes\MBAMService\tmp\ea5e7192a44e11f09db458ce2ae96eec' 25128030C18BC1BE2472B9D972D310D2 (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:54.423" 1753531 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""c6592c2061c39ea8ed94d1f6854e16a722dc461f4d5b907b0230452d07d4cce3"",""md5"":""788fcddd88240a85039f7f561093b118"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 15:58:54.423" 1753531 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DESKTOP\TFC.EXE' 788FCDDD88240A85039F7F561093B118 (shuriken) => Hubble:WhiteListed"
10/08/25 " 15:58:54.087" 1753190 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"", Krn Path:""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"""
10/08/25 " 15:58:54.087" 1753190 278c 3b80 INFO MBAMChameleon AddProcessToIsolationList "DispatchIOCTL.c" 892 "New process added to isolation list. PID:00000000000024D4, Path:C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"
10/08/25 " 15:58:54.087" 1753190 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02""."
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02"""
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02"
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin""."
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.BIN"""
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.bin"
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt""."
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.TXT"""
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.txt"
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 351 "Received path to add to FS Exclusions list: ""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext""."
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon InitializeDualPath "IG2ProtUtils.c" 380 "Dual path succesfully initialized. Usr Path:""C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext"", Krn Path:""\DEVICE\HARDDISKVOLUME3\USERS\LALAZ\APPDATA\LOCALLOW\IGDUMP\X86_02\*.EXT"""
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon IG2PFS_AddExclusionPath "IG2ProtFs.c" 382 "New path added to File System list: C:\Users\lalaz\AppData\LocalLow\IGDump\X86_02\*.ext"
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(00000000000024D4) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"") filter for callout 2d21ccdb-0383-4ba4-81ed-7a7d58971107"
10/08/25 " 15:58:54.088" 1753191 278c 3b80 INFO MBAMChameleon AddNewPIDAndPathFilter "IG2ProtNet.c" 1586 "Added! New ALE Resource Assignment Filter by PID(00000000000024D4) and Path(""\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe"") filter for callout 797d6309-4a5e-4fcc-b57b-6627959006aa"
10/08/25 " 15:58:54.120" 1753223 24d4 3dc8 WARNING MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 1002 "FILE SYSTEM OPERATION BLOCKED! Path (\Device\HarddiskVolume3\Windows\Temp\MBIC082.tmp), DesiredAccess (0x00120089), Options (0x02000060), Process (00000000000024D4)(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)"
10/08/25 " 15:58:54.120" 1753223 24d4 3dc8 WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(00000000000024D4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)."
10/08/25 " 15:58:54.120" 1753223 24d4 3dc8 WARNING MBAMChameleon IgRegistryNotifyRoutine "IG2ProtReg.c" 261 "REGISTRY OPERATION BLOCKED!! Due to rule for a process(00000000000024D4):(\Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\ig.exe)."
10/08/25 " 15:58:54.122" 1753225 24d4 18f4 INFO MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 963 "FS Create operation from 00000000000024D4 is excluded!! Matched path: \Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\sec_dump_data00577000_00003000_cont_0.bin."
10/08/25 " 15:58:54.123" 1753226 24d4 18f4 INFO MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 963 "FS Create operation from 00000000000024D4 is excluded!! Matched path: \Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\all_memory_dump_cont_0.bin."
10/08/25 " 15:58:54.128" 1753231 24d4 18f4 INFO MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 963 "FS Create operation from 00000000000024D4 is excluded!! Matched path: \Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\all_memory_dump_cont_1.bin."
10/08/25 " 15:58:54.185" 1753288 24d4 18f4 INFO MBAMChameleon cbIG2PFsPreCreate "IG2ProtFs.c" 963 "FS Create operation from 00000000000024D4 is excluded!! Matched path: \Device\HarddiskVolume3\Users\lalaz\AppData\LocalLow\IGDump\X86_02\all_memory_dump_final.bin."
10/08/25 " 15:58:54.191" 1753294 0004 0390 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994544) purged succesfully from Engine Filter."
10/08/25 " 15:58:54.191" 1753294 0004 0390 INFO MBAMChameleon PurgeAddedFilters "IG2ProtNet.c" 1929 "Filter(0x994543) purged succesfully from Engine Filter."
10/08/25 " 15:58:59.024" 1758125 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DESKTOP\MBSETUP.EXE' 07D44299EB8D7F420D8D9EC522245562 (shuriken) => Signature:WhiteListed"
10/08/25 " 16:01:18.183" 1897281 278c 1560 WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "HttpConnection.cpp" 463 "Stale connection"
10/08/25 " 16:01:18.183" 1897281 278c 1560 WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "HttpConnection.cpp" 1901 "Exception details: text=No message received"
10/08/25 " 16:01:19.225" 1898328 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::AreFilesWhiteListed "HubbleWhiteLister.cpp" 528 "Response body from Hubble request: {""results"":[{""reclassify"":true,""sha256"":""ace04c71603e117bbfb53a815c90c45ae3e7eac4786ac181aa8c847a28273ddc"",""md5"":""32657ad59b64a7b362ba4541fa3cc58e"",""send_file"":false,""trust_expires_at"":600,""classification"":""DO_NOT_DETECT"",""trust_always"":false,""reason"":""default""}]}
"
10/08/25 " 16:01:19.225" 1898328 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\PROGRAM FILES (X86)\EASY AUDIO EXTRACTOR\AUDIOEXTRACTOR.EXE' 32657AD59B64A7B362BA4541FA3CC58E (shuriken) => Hubble:WhiteListed"
10/08/25 " 16:01:51.309" 1930406 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleCache::GetValueFromCache::<lambda_1>::operator () "HubbleCache.cpp" 273 "Found hash 'shuriken|8946105827C27151E3E17F88F7C65D9DB99AEF1EF7F3E710BDA37D2C948D7F16' in Hubble cache, white list status = 'WhiteListed'"
10/08/25 " 16:01:51.309" 1930406 278c 1560 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 310 "White list status: File 'C:\USERS\LALAZ\DOWNLOADS\XPPENWIN_3.4.13.231129\XPPENWIN_3.4.13.231129.EXE' 61F1A3FC174A0C4AC9B80C15C389B7FE (shuriken) => Hubble:WhiteListed"
10/08/25 " 16:01:51.450" 1930546 278c 48a0 ERROR PELargeFile mb::common::pe::PELargeFile::LoadNonOverlappingSegment "PELargeFile.cpp" 189 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\FALLEN.ANGELS.1995.RESTORED.1080P.BLURAY.X264-CINEPHILIA.MKV>."
10/08/25 " 16:01:51.450" 1930546 278c 48a0 ERROR PELargeParser mb::common::pe::PELargeParser::ParseFile "PELargeParser.cpp" 314 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\FALLEN.ANGELS.1995.RESTORED.1080P.BLURAY.X264-CINEPHILIA.MKV>."
10/08/25 " 16:01:52.373" 1931468 278c 48a0 ERROR PELargeFile mb::common::pe::PELargeFile::LoadNonOverlappingSegment "PELargeFile.cpp" 189 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\BURNING.2018.CZ.SUB.1080P.MKV>."
10/08/25 " 16:01:52.373" 1931468 278c 48a0 ERROR PELargeParser mb::common::pe::PELargeParser::ParseFile "PELargeParser.cpp" 314 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\BURNING.2018.CZ.SUB.1080P.MKV>."
10/08/25 " 16:01:52.515" 1931609 278c 48a0 ERROR PELargeFile mb::common::pe::PELargeFile::LoadNonOverlappingSegment "PELargeFile.cpp" 189 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\451.STUPNU.FAHRENHEITA_FAHRENHEIT.451_1966.1080P.BDRIP.IGIMIX_CZ.EN.MKV>."
10/08/25 " 16:01:52.515" 1931609 278c 48a0 ERROR PELargeParser mb::common::pe::PELargeParser::ParseFile "PELargeParser.cpp" 314 "Unable to read file. File will not be parsed. FilePath=<C:\USERS\LALAZ\DOWNLOADS\451.STUPNU.FAHRENHEITA_FAHRENHEIT.451_1966.1080P.BDRIP.IGIMIX_CZ.EN.MKV>."
10/08/25 " 16:01:53.654" 1932750 278c 30d4 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ScanEnded "UpdateControllerImplHelper.cpp" 7112 "Scan thread id: 12500"
10/08/25 " 16:01:53.654" 1932750 278c 2498 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ScanEnded::<lambda_1>::operator () "UpdateControllerImplHelper.cpp" 7118 "waiting for scan thread to end"
10/08/25 " 16:01:53.733" 1932828 278c 30d4 INFO DDSIG IGSDK_Shutdown "IGSDK.cpp" 766 "SDK Shutdown (0)"
10/08/25 " 16:01:53.733" 1932828 278c 30d4 INFO MBAMCoreImpl MBAMCoreImpl::Shutdown "MBAMCoreImpl.cpp" 229 "MBAMCore was successfully shutdown."
10/08/25 " 16:01:53.978" 1933078 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::SendScanCompletedCCNotification "Scanner.cpp" 11717 "Sending scan completed notification to clean controller."
10/08/25 " 16:01:53.978" 1933078 278c 30d4 INFO ScanControllerImpl mb::scancontrollerimpl::Scanner::PerformScan "Scanner.cpp" 1422 "Scan completed."
10/08/25 " 16:01:53.978" 1933078 278c 30d4 INFO MBAMShimImpl MBAMShimImpl::PrepareUpdate "MBAMShimImpl.cpp" 244 "MBAMCore preparing update"
10/08/25 " 16:01:53.978" 1933078 278c 30d4 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "MBAMShimImpl.cpp" 287 "MBAMCore finishing update"
10/08/25 " 16:01:53.979" 1933078 278c 2498 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::ScanEnded::<lambda_1>::operator () "UpdateControllerImplHelper.cpp" 7127 "Scan thread ended"
10/08/25 " 16:03:03.245" 693816251 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[LaunchLicenseNotifier-97] Timer should have triggered [00:10:42.3315410] ago"
10/08/25 " 16:03:03.247" 693838990 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[LaunchTrialNotifier-96] Timer should have triggered [00:10:42.3340914] ago"
10/08/25 " 16:03:03.272" 694088438 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[4d481c8f-12d6-4cce-831a-c0e8f4daac89] Timer should have triggered [00:10:42.3525790] ago"
10/08/25 " 16:03:03.291" 694275294 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[c2e3e4f3-bc83-46c2-aafe-450c992f1330] Timer should have triggered [00:10:42.3605065] ago"
10/08/25 " 16:03:03.292" 694288618 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[be2dad55-49b8-40bf-94f3-44eac19b04fe] Timer should have triggered [00:15:42.3628509] ago"
10/08/25 " 16:03:03.347" 694839373 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[TrialLifecycleNotifier-59] Timer should have triggered [00:10:42.4202168] ago"
10/08/25 " 16:03:03.348" 694850793 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[207ba49c-ad98-47ed-960c-de7a4127d5f0] Timer should have triggered [00:10:42.4207400] ago"
10/08/25 " 16:03:03.349" 694854294 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[c3bd4170-31af-462f-83df-e0e0363558a0] Timer should have triggered [00:15:42.4190329] ago"
10/08/25 " 16:03:03.350" 694862088 1860 000d WARNING Malwarebytes "OnNext" """MbamUI.Services.Timers.ISupervisedTimer""" 97 "[7cdda8a7-530a-418a-a002-d339cb8c214e] Timer should have triggered [00:10:42.4304513] ago"
10/08/25 " 16:07:07.234" 2246328 278c 054c INFO MachineID mb::common::system::MachineId::GetDiskSerialNumberInternal2 "MachineId.cpp" 2304 "Calling CreateFileW with path (\\?\C:)."
10/08/25 " 16:07:07.245" 2246343 278c 054c INFO MachineID mb::common::system::MachineId::GetDiskSerialNumberInternal2 "MachineId.cpp" 2304 "Calling CreateFileW with path (\\?\C:)."

nneser · Příspěvekod **nneser** » 08 říj 2025 16:17

https://www.virustotal.com/gui/file/8a6 ... 483a38427e

Příspěvekod **jaro3** » 08 říj 2025 22:50

Kde je log z Malwarebytes' Anti-Malware?
Nikde ho nevidím. Dodej.

+
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online