Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Log-Analyse und Auswertung: TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 10.10.2019, 22:35   #1
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Adw cleaner 2. Lauf - keine Infections gefunden

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-10-2019
# Duration: 00:00:27
# OS:       Windows 10 Home
# Scanned:  35164
# Detected: 30


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1} 
Preinstalled.ASUSSplendid   File   C:\Users\Admin_MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   File   C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   File   C:\Users\Public\Desktop\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID 
Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} 
Preinstalled.ASUSWebStorage   File   C:\Users\Public\Desktop\WebStorage.lnk 
Preinstalled.ASUSWebStorage   Folder   C:\Program Files (x86)\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191} 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\Common Files\NEWTECH INFOSYSTEMS 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\NEWTECH INFOSYSTEMS 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\NEWTECH INFOSYSTEMS\NTI CD & DVD-MAKER 7 
Preinstalled.ReaderforPC   File   C:\Users\Public\Desktop\Reader for PC.lnk 
Preinstalled.ReaderforPC   Folder   C:\Program Files (x86)\SONY\READERDESKTOP 
Preinstalled.ReaderforPC   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562} 
Preinstalled.SamsungEasyDocumentCreator   Folder   C:\Program Files (x86)\SAMSUNG\EASY DOCUMENT CREATOR 
Preinstalled.SamsungEasyDocumentCreator   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Document Creator 
Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus 
Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 


AdwCleaner_Debug.log - [41641 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
adw cleaner debug Log 2

Code:
ATTFilter
2019-10-10 21:16:43 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:16:45 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:16:45 :  <INFO>      [IRIS] Making request
2019-10-10 21:16:45 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:16:46 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:16:46 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:16:46 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:16:46 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:16:46 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:16:46 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:16:46 :  <INFO>      [IRIS] Failed
2019-10-10 21:16:47 :  <INFO>      [Button clicked] EULA agreed
2019-10-10 21:17:09 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:18:43 :  <INFO>      [Button clicked] Help menu item
2019-10-10 21:18:46 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:19:10 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:19:20 :  <INFO>      [Button clicked] Scan
2019-10-10 21:19:20 :  <INFO>      [Scan] Started
2019-10-10 21:19:20 :  <INFO>      [Database] Downloading database
2019-10-10 21:19:24 :  <INFO>      [Database] Checking integrity
2019-10-10 21:19:24 :  <INFO>      [Database] Found  2586  families
2019-10-10 21:19:24 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 21:19:25 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 21:19:25 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 21:19:25 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "File"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Service"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "URL"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 21:19:32 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 21:19:33 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 21:19:33 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 21:19:34 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:19:36 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:19:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "C:\\Program Files (x86)\\SAMSUNG\\EASY DOCUMENT CREATOR" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Samsung Easy Document Creator" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Users\\Public\\Desktop\\Reader for PC.lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Program Files (x86)\\SONY\\READERDESKTOP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Familie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Admin_MM\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Public\\Desktop\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Program Files (x86)\\ASUS\\SPLENDID" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0969AF05-4FF6-4C00-9406-43599238DE0D}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "C:\\Program Files (x86)\\ASUS\\APRP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8D6B05E0-F457-408C-9D13-549334D8FAE1}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WildTangent Games App - asus.lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES\\APP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES" [ "Folder" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Ext\\Preapproved\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\S-1-5-18\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Users\\Public\\Desktop\\WebStorage.lnk" [ "File" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Program Files (x86)\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Classes\\CLSID\\{6D4133E5-0742-4ADC-8A8C-9303440F7191}" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WebStorage" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32|WebStorage" [ "Registry" ]
2019-10-10 21:19:48 :  <INFO>      [Scan] Item detected:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:19:48 :  <INFO>      [Scan] Item detected:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS\\NTI CD & DVD-MAKER 7" [ "Folder" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\Common Files\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:19:51 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:19:52 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:19:52 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:19:52 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:19:52 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:19:52 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:19:52 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:19:52 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:19:52 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:19:52 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:19:52 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:19:52 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:19:52 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:19:53 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:19:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:19:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:19:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:19:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:19:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:19:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:19:53 :  <INFO>      [Scan] Finished
2019-10-10 21:19:57 :  <INFO>      [Button clicked] Log files menu item
2019-10-10 21:24:17 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:24:24 :  <INFO>      [Button clicked] Next
2019-10-10 21:24:42 :  <INFO>      [Button clicked] Bundleware found ok button
2019-10-10 21:25:03 :  <INFO>      [Button clicked] Clean & repair
2019-10-10 21:25:07 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Started
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "Registry"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "Memory Compression"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "NisSrv.exe"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "SecurityHealthService.exe"   0
2019-10-10 21:25:07 :  <WARNING>   [Cleaning] Unable to Open process -  "SgrmBroker.exe"   0
2019-10-10 21:25:07 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191010.232507"
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Delete Prefetch"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Reset Chromium Policies"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Reset IE Policies"
2019-10-10 21:25:09 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:25:09 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:25:09 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:25:09 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:25:09 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:25:09 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:25:09 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:25:09 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:25:09 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:25:09 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:25:09 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:25:10 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:25:10 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:25:10 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:25:10 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:25:10 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:25:10 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:25:10 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:25:10 :  <INFO>      [Cleaning] Finished
2019-10-10 21:25:32 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-10 21:25:33 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:26:55 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:26:56 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:26:56 :  <INFO>      [IRIS] Making request
2019-10-10 21:26:57 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:26:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:26:57 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:26:57 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:26:57 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:26:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:26:58 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:26:58 :  <INFO>      [IRIS] Failed
2019-10-10 21:27:00 :  <INFO>      [Button clicked] Survey closed
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Sending NPS Survey
2019-10-10 21:27:00 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:27:00 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:27:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:27:01 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:27:10 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:27:11 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:27:11 :  <INFO>      [IRIS] Making request
2019-10-10 21:27:12 :  <INFO>      [Telemetry] Sending hello
2019-10-10 21:27:12 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:12 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:12 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:12 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:12 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:12 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:27:13 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:27:13 :  <INFO>      [IRIS] Failed
2019-10-10 21:27:18 :  <INFO>      [Button clicked] Log files menu item
2019-10-10 21:30:39 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:30:52 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:30:52 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:30:52 :  <INFO>      [IRIS] Making request
2019-10-10 21:30:53 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:30:53 :  <INFO>      [Telemetry] Sending hello
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:30:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:30:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:30:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:30:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:30:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:30:54 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:30:54 :  <INFO>      [IRIS] Failed
2019-10-10 21:31:13 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:31:46 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:31:50 :  <INFO>      [Button clicked] Scan
2019-10-10 21:31:50 :  <INFO>      [Scan] Started
2019-10-10 21:31:50 :  <INFO>      [Database] Downloading database
2019-10-10 21:31:52 :  <INFO>      [Database] Checking integrity
2019-10-10 21:31:52 :  <INFO>      [Database] Found  2586  families
2019-10-10 21:31:52 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 21:31:52 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 21:31:52 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 21:31:52 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "File"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Service"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "URL"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 21:31:59 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 21:32:00 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 21:32:00 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "C:\\Program Files (x86)\\SAMSUNG\\EASY DOCUMENT CREATOR" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Samsung Easy Document Creator" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Users\\Public\\Desktop\\Reader for PC.lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Program Files (x86)\\SONY\\READERDESKTOP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Familie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Admin_MM\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Public\\Desktop\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Program Files (x86)\\ASUS\\SPLENDID" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0969AF05-4FF6-4C00-9406-43599238DE0D}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "C:\\Program Files (x86)\\ASUS\\APRP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8D6B05E0-F457-408C-9D13-549334D8FAE1}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WildTangent Games App - asus.lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES\\APP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES" [ "Folder" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Ext\\Preapproved\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\S-1-5-18\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Users\\Public\\Desktop\\WebStorage.lnk" [ "File" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Program Files (x86)\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Classes\\CLSID\\{6D4133E5-0742-4ADC-8A8C-9303440F7191}" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WebStorage" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32|WebStorage" [ "Registry" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS\\NTI CD & DVD-MAKER 7" [ "Folder" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\Common Files\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:32:17 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:32:18 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:32:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:32:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:32:18 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:32:18 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:32:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:32:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:32:19 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:32:19 :  <INFO>      [Scan] Finished
2019-10-10 21:32:22 :  <INFO>      [Button clicked] No threats detected ok button
2019-10-10 21:32:38 :  <INFO>      [Button clicked] Log files menu item

Alt 10.10.2019, 22:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Schau mal ins Log, da wird eine Menge vorinstallierter Software gefunden. Die bitte deinstallieren, die ist idR nur unnötiger Ballast.
__________________

__________________
Alt 10.10.2019, 22:47   #3
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Habs mir angesehen
Die meiste möchte ich drauflassen wenn es irgendwie geht

Asus Regisrierung war für garantie
Die New tech DVD SW ist eine praktische Brenner SW
Die ereader SW war nicht preinstalled - das ist die von meinem Reader

Das wild Bundle habe ich deinstalliert

Log - ach ja meine Samsung Drucker SW war auch dabei - aber die brauche ich auch

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-10-2019
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [61598 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]
AdwCleaner[S01].txt - [5101 octets] - [10/10/2019 23:32:17]
AdwCleaner[S02].txt - [5162 octets] - [10/10/2019 23:37:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
__________________
Alt 10.10.2019, 22:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


adwcleaner bitte zwecks Kontrolle wiederholen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2019, 23:07   #5
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Adw wiederholt - hier das Log - findet nur mehr die preinstalled pakete die ich gerne drauf lassen möchte:

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-11-2019
# Duration: 00:00:26
# OS:       Windows 10 Home
# Scanned:  35164
# Detected: 21


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1} 
Preinstalled.ASUSSplendid   File   C:\Users\Admin_MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   File   C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   File   C:\Users\Public\Desktop\Eye Care Switcher.Lnk 
Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID 
Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} 
Preinstalled.ASUSWebStorage   File   C:\Users\Public\Desktop\WebStorage.lnk 
Preinstalled.ASUSWebStorage   Folder   C:\Program Files (x86)\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191} 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage 
Preinstalled.ASUSWebStorage   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\Common Files\NEWTECH INFOSYSTEMS 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\NEWTECH INFOSYSTEMS 
Preinstalled.GatewayMyBackup   Folder   C:\Program Files (x86)\NEWTECH INFOSYSTEMS\NTI CD & DVD-MAKER 7 
Preinstalled.ReaderforPC   File   C:\Users\Public\Desktop\Reader for PC.lnk 
Preinstalled.ReaderforPC   Folder   C:\Program Files (x86)\SONY\READERDESKTOP 
Preinstalled.ReaderforPC   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562} 
Preinstalled.SamsungEasyDocumentCreator   Folder   C:\Program Files (x86)\SAMSUNG\EASY DOCUMENT CREATOR 
Preinstalled.SamsungEasyDocumentCreator   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Document Creator 


AdwCleaner_Debug.log - [76660 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]
AdwCleaner[S01].txt - [5101 octets] - [10/10/2019 23:32:17]
AdwCleaner[S02].txt - [5162 octets] - [10/10/2019 23:37:03]
AdwCleaner[C02].txt - [3232 octets] - [10/10/2019 23:41:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########


Alt 10.10.2019, 23:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-4090024248-729372955-4264872595-1005\...\Winlogon: [Shell] C:\Windows\explorer.exe [4612520 2019-10-10] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {02B523C5-FE67-4EB6-A859-12FB2818AFA3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> Keine Datei <==== ACHTUNG
Task: {14969BF5-683A-4384-90C7-56DAB157F4AF} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> Keine Datei <==== ACHTUNG
Task: {1AE9A89E-9C5B-4421-ADD1-6A85B3370E87} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> Keine Datei <==== ACHTUNG
Task: {57678E62-98CC-44AD-9C69-8459C0B48AA4} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {69C36DAE-C76C-4B56-9595-F991B91CB89D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> Keine Datei <==== ACHTUNG
Task: {B9B89DAB-F085-468A-81B5-6CF8B908B5D3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> Keine Datei <==== ACHTUNG
Task: {BDEAFA5F-68C5-4072-A40D-83B2A30B0F0E} - \{8E7153B0-662E-4DC0-8C24-76B74437E1CA} -> Keine Datei <==== ACHTUNG
Task: {BEF30B6E-1976-41A1-8F3B-65445A9E6B71} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> Keine Datei <==== ACHTUNG
Task: {F6D7D5E1-059C-45A7-BBBB-FA07920587B2} - \{E8BECBC0-4042-46E6-9D6E-119A20462443} -> Keine Datei <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
--> TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden

Alt 10.10.2019, 23:13   #7
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Hi - ich habe das farbar inzw. nochmal getestet - das ist immer noch instabil wie nur was.

Die meisten scans bleiben stecken und das Tool hängt sich auf!

Ich habe es nur im abgesicherten Modus zum laufen gebracht. - soll ich es dort versuchen?

Was würde passieren wenn es sich während des Fixes aufhängt?

LG
Fred

Alt 10.10.2019, 23:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Dann lass das Tool weg. Normalerweise läut FRST stabil und problemfrei.

Kontrollscans mit Malwarebytes + ESET Online Scanner bitte.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.10.2019, 05:35   #9
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Alles klar - beide Scanner laufen.

Ich poste die Ergebnisse dann morgen früh.
Danke!
Und eine gute Nacht


ergbnisse malware
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 11.10.19
Scan-Zeit: 00:20
Protokolldatei: 2cf5d606-ebac-11e9-9988-d017c21fd07f.json

-Softwaredaten-
Version: 3.8.3.2965
Komponentenversion: 1.0.627
Version des Aktualisierungspakets: 1.0.12847
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.418)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-T0SUMFR\Familie

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 685353
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 11 Min., 17 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

Ergebnisse ESET

Code:
ATTFilter
11.10.2019 06:23:54
Geprüfte Dateien: 1205796
Infizierte Dateien: 0
Gesäuberte Bedrohungen: 0
Prüfdauer gesamt: 03:52:31
Prüfstatus: Abgeschlossen


17:36:24 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\Modules\
17:36:24 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\OldModules\
17:36:24 DeleteEstsApi: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 DeleteApiStgFile: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 DeletePeriodicNotifyFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\
17:36:25 Call m_esets_charon_send
17:36:25 Call m_esets_charon_destroy
00:21:47 Updating
00:21:47 Update Init
00:21:48 Update Download
00:23:00 esets_scanner_reload returned 0
00:23:00 g_uiModuleBuild: 43061
00:23:00 Update Finalize
00:23:00 Call m_esets_charon_send
00:23:00 Call m_esets_charon_destroy
00:23:01 Updated modules version: 43061
00:23:12 Call m_esets_charon_setup_create
00:23:12 Call m_esets_charon_create
00:23:12 m_esets_charon_create OK
00:23:12 Call m_esets_charon_start_send_thread
00:23:12 Call m_esets_charon_setup_set
00:23:12 m_esets_charon_setup_set OK
00:23:12 Scanner engine: 43061
06:25:05 # product=EOS
# version=8
# flags=0
# av=0
# fw=7
# admin=1
# esetonlinescanner_deu.exe=3.1.10.0
# EOSSerial=32711764db35624dbee7ca001c436ed6
# engine=43061
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2019-10-11 04:25:05
# local_time=2019-10-11 06:25:05 (+0100, Mitteleuropäische Sommerzeit   )
# country="Austria"
# lang=1031
# osver=10.0.18362 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 88 25607 17800868 0 0
# scanned=1205796
# found=0
# cleaned=0
# scan_time=13951
# scan_type=2
# flow=2019-10-11 00:21:11|scr|eula|2019-10-11 00:21:13|promo|eis|2019-10-11 00:21:13|scr|welcome|2019-10-11 00:21:14|scr|consents|2019-10-11 00:21:18|scr|scan_type|2019-10-11 00:21:40|scr|pua|2019-10-11 00:21:47|scr|updating|2019-10-11 00:23:01|scr|scanning|2019-10-11 04:15:33|scr|no_threats|2019-10-11 06:23:55|click|save_report|2019-10-11 06:24:24|scr|periodic_offer|2019-10-11 06:24:35|scr|upsell|2019-10-11 06:24:39|scr|thanks
# periodic=0,0
# stats_enabled=1
06:25:06 Call m_esets_charon_send
06:25:06 Call m_esets_charon_destroy

Alt 11.10.2019, 07:56   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


Dann wären wir durch!

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2019, 16:19   #11
Fred19
 
TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Standard

Vielen dank für die Hilfe


Danke für dei Hilfe cosinus!!

LG
Fred

Antwort
Seite 2 von 2 1 2

Themen zu TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden
avira, browser, converter, entfernen, fehlalarm, frage, html/scrinject.b trojaner, infizierte, lsass.exe, malwarebytes, modul, nvcontainer.exe, nvidia, programme, prozesse, registry, rootkit, rundll, svchost.exe, system, temp, tr/trash.gen, trojaner, vista, warnung, windows, windowsapps, winlogon.exe, wmp


« Eset Online-Scanner findet Variante von Win32/FusionCore.AS.gen auf nagelneuem PC | Ordner mit fragwürdigem Inhalt erstellen sich nach Löschen neu »


Ähnliche Themen: TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden


  1. Eset online scanner hat Trojaner gefunden und FB zickt rum
    Log-Analyse und Auswertung - 07.07.2019 (7)
  2. Eset-Online-Scanner findet HTML/ScrInject.B Trojaner
    Log-Analyse und Auswertung - 20.11.2018 (5)
  3. Win10: Avira findet Trojaner TR/Trash.GEN - Wie beseitigen?
    Log-Analyse und Auswertung - 11.09.2018 (1)
  4. Windows 8.1: Avira findet Trojaner TR/Trash.Gen_Wie entfernen?
    Log-Analyse und Auswertung - 11.09.2018 (26)
  5. TR/Trash.Gen von avira gefunden und Windows XP PC arbeitet langsam
    Log-Analyse und Auswertung - 18.11.2016 (1)
  6. JS/ScrInject.B Trojaner - ESET blockiert fast alle Seiten
    Plagegeister aller Art und deren Bekämpfung - 29.02.2016 (2)
  7. Windows 10 Skype verschickt selbstständig goo.gl links + Eset erkennt HTML/ScrInject.B Trojaner
    Log-Analyse und Auswertung - 30.01.2016 (6)
  8. Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  9. wigon.PB Trojaner und PSW.Agent.NUS Trojaner von ESET im Arbeitsspeicher gefunden
    Log-Analyse und Auswertung - 27.02.2013 (16)
  10. ESET NOD32 erkennt auf meinem Rechner html/scrinject.b.gen - was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  11. Trojaner gefunden über ESET Onlinescanner
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (15)
  12. TR/Trash.Gen Trojan erneut von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (29)
  13. JS/Expack.OY (Antivir) und html/fraud.bg trojan (eset) gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  14. Trojaner/ZbotR.Gen und Trojaner/Trash.Gen auf Pc gefunden!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (10)
  15. Google Seiten falsch weitergeleitet - Trojaner ( TR/Trash.Gen) gefunden!
    Plagegeister aller Art und deren Bekämpfung - 06.12.2010 (29)
  16. HTML/scrinject.BGen Virus
    Plagegeister aller Art und deren Bekämpfung - 29.06.2010 (6)
  17. Trojaner gefunden: TR/Silentbanker.TB + TR/Trash.Gen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2009 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden - Adw cleaner 2. Lauf - keine Infections gefunden Code: Alles auswählen Aufklappen ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-04-2019 # Database: 2019-10-03.2 (Cloud) # Support: - TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden...
Archiv
Du betrachtest: TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22