Jump to content
CCleaner Community Forums

APMichael

Experienced Members
  • Content Count

    645
  • Joined

  • Last visited

Everything posted by APMichael

  1. Modified entries: Revised those Detect lines. [Active Setup Temp Folder*] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders [Age of Empires*] Section=Games Detect1=HKLM\Software\Microsoft\Games\Age of Empires Detect2=HKLM\Software\Microsoft\Microsoft Games\Age of Empires Detect3=HKLM\Software\Microsoft\microsoft games\age of empires 3 [Auslogics Registry Cleaner*] LangSecRef=3024 Detect1=HKCU\Software\Auslogics\Registry Cleaner Detect2=HKLM\Software\Auslogics\Registry Cleaner\3.x Detect3=HKLM\Software\Auslogics\Registry Cleaner\4.x Detect4=HKLM\Software\Auslogics\Registry Cleaner\5.X [Bitcoin*] LangSecRef=3022 Detect1=HKCU\Software\Bitcoin Detect2=HKCU\Software\Bitcoin Core Detect3=HKLM\SOFTWARE\Bitcoin Core [Copernic DesktopSearch4 Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Copernic\DesktopSearch4 [Crysis 3*] Section=Games Detect=HKLM\Software\Crytek\Crysis 3 [CyberLink PhotoDirector*] LangSecRef=3023 Detect1=HKCU\Software\CyberLink\PhotoDirector3 Detect2=HKLM\Software\CyberLink\PhotoDirector4 Detect3=HKLM\SOFTWARE\CyberLink\PhotoDirector6 Detect4=HKCU\Software\Cyberlink\PowerDirector7 Detect5=HKCU\Software\CyberLink\PowerDirector10 Detect6=HKCU\Software\CyberLink\PowerDirector11 Detect7=HKCU\Software\CyberLink\PowerDirector12 Detect8=HKCU\Software\CyberLink\PowerDirector13 [Dragon Age: Origins*] Section=Games Detect1=HKCU\Software\BioWare\Dragon Age Detect2=HKLM\Software\BioWare\Dragon Age [DVBDream*] LangSecRef=3024 Detect=HKLM\SOFTWARE\DVBDream [Forte Agent*] LangSecRef=3025 Detect=HKLM\SOFTWARE\Forte [FossaMail Corrupt SQLites*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Crash Reports*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Extensions Log*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Log*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Maintenance Service*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Minidumps*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Net Predictions*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Startup Cache*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail TestPilot Error Logs*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail Update Logs*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [FossaMail webappsstore.sqlite*] LangSecRef=3030 Detect=HKLM\SOFTWARE\Mozilla\FossaMail [Hedgewars VideoTemp*] Section=Games Detect=HKLM\SOFTWARE\Hedgewars [HitmanPro*] LangSecRef=3024 Detect1=HKCU\Software\HitMan Pro Detect2=HKCU\Software\HitMan Pro 2 Detect3=HKCU\Software\HitMan Pro 3 Detect4=HKLM\SOFTWARE\HitmanPro [League of Legends*] Section=Games Detect1=HKCU\Software\Bugsplat\lol_beta_riotgames_com Detect2=HKCU\Software\Riot Games Detect3=HKLM\Software\Riot Games [Logitech Desktop Messenger*] LangSecRef=3024 Detect1=HKCU\Software\Logitech\DesktopMessenger Detect2=HKLM\SOFTWARE\Logitech\DesktopMessenger Detect3=HKLM\SOFTWARE\Logitech\Logitech Desktop Messenger [Microsoft XNA Game Studio*] Section=Games Detect=HKLM\Software\Microsoft\XNA [Midori - Cache*] LangSecRef=3022 Detect=HKLM\Software\Midori [Midori - Cookies*] LangSecRef=3022 Detect=HKLM\Software\Midori [Midori - History*] LangSecRef=3022 Detect=HKLM\Software\Midori [Midori - Session*] LangSecRef=3022 Detect=HKLM\Software\Midori [Neostar CMS Station Client Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\company\Neostar CMS [Nero*] LangSecRef=3021 Detect1=HKLM\Software\Nero\Nero 11\Nero11Suite Detect2=HKLM\Software\Nero\Nero 12\Nero12Suite [OpenOffice.org Setup Files*] LangSecRef=3021 Detect1=HKLM\Software\OpenOffice Detect2=HKLM\Software\OpenOffice.org [OpenOffice.org*] LangSecRef=3021 Detect1=HKLM\Software\OpenOffice Detect2=HKLM\Software\OpenOffice.org [Samsung Magician Logs*] LangSecRef=3021 Detect=HKLM\Software\Samsung Magician [Seagate SeaTools for Windows Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\SeaToolsforWindows [TrendMicro RUBotted Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\TrendMicro\RUBotted [UltraDefrag Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltraDefrag DetectFile=%WinDir%\UltraDefrag\ultradefrag.exe [Windows Live Writer Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Microsoft\Windows Live Writer [Wistron Corp Launch Manager Logs*] LangSecRef=3024 Detect=HKLM\SOFTWARE\Wistron Corp\Launch Manager [Wondershare PDF Editor*] LangSecRef=3021 Detect=HKLM\Software\Wondershare\Wondershare PDF Editor [Wondershare Video Converter Ultimate More*] LangSecRef=3023 Detect=HKLM\SOFTWARE\Wondershare\Wondershare Video Converter Ultimate [XnView More*] LangSecRef=3023 Detect1=HKCU\Software\XnView Detect2=HKLM\Software\XnView
  2. No, CC doesn't remove the .cab files! (winsys.ini: FileKey15=%windir%\Logs|*.log|RECURSE) Modified entry: [CBS Logs*] LangSecRef=3025 Detect=HKLM\Software\Microsoft\Windows Default=False FileKey1=%WinDir%\Logs\CBS|*.cab
  3. Yes, the key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WbemPerf" is a Windows default key. Only the mentioned subkeys (\001 to \004) are created by the malware.
  4. I don't know the game. It looks like there's a special German version available. But Detect4 and 5 are not necessary, because CC checks "Wow6432Node" automatically. I found many entries with an unnecessary "Wow6432Node" Detect, using the following regular expression: ^Detect.+\\Wow6432Node\\.+
  5. Thanks for the update! Missed post: #6485 I found some more entries with a wrong or inconsistent VirtualStore path. And fixed them: [Multi-Edit 2008 11.04*] LangSecRef=3021 Detect=HKCU\Software\Multi Edit Software\Multi-Edit\11.0 Default=False FileKey1=%AppData%\Multi Edit Software\Multi-Edit\11\Config.04|*.bak FileKey2=%AppData%\Multi Edit Software\Multi-Edit\11\Config.04\Tmp|*.* FileKey3=%LocalAppData%\VirtualStore\Program Files*\Multi-Edit 2008\Config|*.tmp FileKey4=%ProgramFiles%\Multi-Edit 2008\Config|*.tmp [My Horse and Me*] Section=Games Detect1=HKLM\SOFTWARE\My Horse and Me 2 Detect2=HKLM\SOFTWARE\Atari\Mein Pferd und ich Demo Detect3=HKLM\SOFTWARE\Atari\Mein Pferd und ich Detect4=HKLM\SOFTWARE\Wow6432Node\Atari\Mein Pferd und ich Demo Detect5=HKLM\SOFTWARE\Wow6432Node\Atari\Mein Pferd und ich Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Atari\Mein Pferd und ich*\System|++ Finish log.txt;++ Start log.txt;*.log|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Atari\My Horse and Me|++ Finish log.txt;++ Start log.txt;*.log|RECURSE FileKey3=%LocalAppData%\VirtualStore\Program Files*\Atari\W!Games\My Horse and Me|++ Finish log.txt;++ Start log.txt;*.log|RECURSE FileKey4=%ProgramFiles%\Atari\Mein Pferd und ich*\System|++ Finish log.txt;++ Start log.txt;*.log|RECURSE FileKey5=%ProgramFiles%\Atari\My Horse and Me|++ Finish log.txt;++ Start log.txt;*.log|RECURSE FileKey6=%ProgramFiles%\Atari\W!Games\My Horse and Me|++ Finish log.txt;++ Start log.txt;*.log|RECURSE [Warcraft III*] Section=Games Detect=HKLM\Software\Blizzard Entertainment\Warcraft III DetectFile=%ProgramFiles%\Warcraft III\Warcraft III.exe Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Warcraft III|*.log;*.html FileKey2=%LocalAppData%\VirtualStore\Program Files*\Warcraft III\Errors|*.dmp;*.txt FileKey3=%ProgramFiles%\Warcraft III|*.log;*.html FileKey4=%ProgramFiles%\Warcraft III\Errors|*.dmp;*.txt ExcludeKey1=FILE|%ProgramFiles%\Warcraft III|*CustomKeyInfo.txt;*CustomKeysSample.txt [Yahoo Messenger Cache*] LangSecRef=3022 Detect=HKCU\Software\Yahoo\pager Default=False FileKey1=%AppData%\Yahoo!\Messenger|*.*|RECURSE FileKey2=%LocalAppData%\VirtualStore\Program Files*\Yahoo!\Messenger\Cache|*.*|RECURSE [Yahoo Messenger Logs*] LangSecRef=3022 Detect=HKCU\Software\Yahoo\pager Default=False FileKey1=%LocalAppData%\VirtualStore\Program Files*\Yahoo!\Messenger\Cache|*.log;*.tmp FileKey2=%LocalAppData%\VirtualStore\Program Files*\Yahoo!\Messenger\logs|*.log|RECURSE FileKey3=%ProgramFiles%\Yahoo!\Messenger|*.log ExcludeKey1=FILE|%ProgramFiles%\Yahoo!\Messenger\INSTALL.LOG [Yahoo Messenger Profiles*] LangSecRef=3022 Detect=HKCU\Software\Yahoo\pager Default=False Warning=This will also delete your saved chat histories. FileKey1=%LocalAppData%\VirtualStore\Program Files*\Yahoo!\Messenger\Profiles|*.*|RECURSE FileKey2=%ProgramFiles%\Yahoo!\Messenger\Profiles|*.*|RECURSE
  6. Modified entry: Missing pipe symbol | in FileKey1. [Winamp More*] LangSecRef=3023 Detect=HKCU\Software\Winamp Default=False Warning=This removes the current playlist. FileKey1=%APPDATA%\Winamp|Winamp.m3u;Winamp.m3u8
  7. Modified entry: [MakeHuman] needs an asterisk: [MakeHuman*]
  8. I think there was a little misunderstanding about the trailing pipe symbols |. (But the trailing backslashes \ were also unnecessary.) Modified entry: Removed trailing pipe symbol | from RECURSE. [Acrok Video Converter Ultimate*] LangSecRef=3023 Detect=HKCU\Software\Acrok Software\Acrok Video Converter Ultimate Default=False FileKey1=%AppData%\Acrok\Acrok Video Converter Ultimate|*.dmp FileKey2=%AppData%\Acrok\Acrok Video Converter Ultimate\log|*.* FileKey3=%UserProfile%\.BDAccess|*.*|RECURSE Modified entry:Removed trailing pipe symbol | from RECURSE. [MS Office 2013/16 ClickToRun Update Files*] LangSecRef=3021 Detect1=HKCU\Software\Microsoft\Office\15.0 Detect2=HKCU\Software\Microsoft\Office\16.0 Default=False FileKey1=%CommonAppData%\Microsoft\ClickToRun\ProductReleases|*.*|RECURSE And with the following regular expression you can find 38 unnecessary trailing backslashes: ^(FileKey[^\|]+)\\\|You can use Search and Replace: \1\|
  9. The bug still occurs in version 5.36... (Firefox 56.0.1)
  10. You can simply disable the scheduled task "CCleaner Update". Start Task Scheduler > click the task "CCleaner Update" > in the Actions pane, click Disable. (I assume you have to do that after every version update.)
  11. ROCKNROLL sorts the FileKeys alphabetical. I think he just forgot to correct the numbers: [Java More*] LangSecRef=3022 Detect1=HKLM\SOFTWARE\JavaSoft\Java Plug-in Detect2=HKLM\SOFTWARE\JavaSoft\Java Runtime Environment Detect3=HKLM\SOFTWARE\JavaSoft\Java Web Start Default=False FileKey1=%AppData%\Sun\Java\Deployment\SystemCache|*.*|RECURSE FileKey2=%CommonAppData%\Oracle\Java\.oracle_jre_usage|*.* FileKey3=%LocalAppData%\Sun\Java\Deployment\cache|*.*|RECURSE FileKey4=%LocalAppData%\Sun\Java\Deployment\SystemCache|*.*|RECURSE FileKey5=%LocalAppData%\VirtualStore\Program Files*\Java\jre*|*PATCH.ERR FileKey6=%LocalAppData%\VirtualStore\Program Files*\Java\jre*\lib\security|*.bak FileKey7=%LocalLowAppData%\Sun\Java\Deployment\SystemCache|*.*|RECURSE FileKey8=%ProgramFiles%\Java\jre*|*PATCH.ERR FileKey9=%ProgramFiles%\Java\jre*\lib\security|*.bak FileKey10=%SystemDrive%\Users\*\.oracle_jre_usage|*.*|REMOVESELF FileKey11=%WinDir%\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\Cache|*.*|RECURSE FileKey12=%WinDir%\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\Cache|*.*|RECURSE
  12. Modified entry (FileKey 5+6): [Adobe Flash Player More*] LangSecRef=3023 Detect=HKCU\Software\Macromedia\FlashPlayer DetectFile=%AppData%\Adobe\Flash Player Default=False FileKey1=%AppData%\Adobe\Flash Player\AFCache|*.*|RECURSE FileKey2=%AppData%\Adobe\Flash Player\AssetCache|*.*|RECURSE FileKey3=%AppData%\Adobe\Flash Player\Icon Cache|*.*|RECURSE FileKey4=%AppData%\Adobe\Flash Player\NativeCache|*.*|RECURSE FileKey5=%WinDir%\System32\Macromed\Flash|FlashInstall*.log;install.log FileKey6=%WinDir%\SysWOW64\Macromed\Flash|FlashInstall*.log;install.log
  13. I agree too. If we start adding TEMP entries this will unnecessarily blow up the winapp2.ini file.
  14. Strange, I don't know any other option which cleans the Windows Vault (Credential Manager).
  15. Did you uncheck following option? Cleaner > Windows > Windows Explorer > Network Passwords
  16. Please check the following threads: https://forum.piriform.com/index.php?showtopic=48688 and https://forum.piriform.com/index.php?showtopic=48754
  17. Thanks for your reply. Affected bookmarks: https://www.amazon.de/Blu-ray-Shop-DVD/b/ref=sd_allcat_blu?ie=UTF8&node=514450 http://www.areadvd.de/#start
  18. I can confirm that the bug still occurs. Some of the favicons still disappear.
  19. Please check the following thread: https://forum.piriform.com/index.php?showtopic=48688&p=285717
  20. @mta: Thanks! JFYI: It still occurs with CCleaner 5.33 and Firefox 55.0.2. The option "Firefox: Internet History" manipulates the files "places.sqlite" and "favicons.sqlite". (You can see that on their file dates.)
  21. Can a mod move this thread to "CCleaner Bug Reporting" please?
  22. Sorry, I was wrong. The Firefox bug with the cache files is just a part of the problem. WebHD is absolutely right: CCleaners option "Firefox: Internet History" makes most of the favicons disappear! (CCleaner shows no files and 0 kB.)
  23. Yes, an exception for the file types *.sqlite-shm and *.sqlite-wal helps. (The bug affects all opened database files, not only the favicons.) It is correct that Firefox deletes those cache files on closing, because prior to that Firefox transfers the contents into the database files. Unfortunately, sometimes Firefox 55 closes without doing that.
  24. Firefox 55 added a new database file for the favicons (favicons.sqlite). Therefore, you have to visit every bookmarked website again to get the favicons back. CCleaners option "Firefox: Internet Cache" deletes the cache files (favicons.sqlite-shm, favicons.sqlite-wal) of this new file. After cleaning the cache many favicons are gone again. Edit: This is a bug in Firefox 55. Firefox usually transfers the cache into the database file and then deletes the cache files on closing. But the new Firefox 55 doesn't do that sometimes.
×
×
  • Create New...