Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Trash.Gen Trojaner von avira und HTML/ScrInject.B Trojaner von ESET gefunden (https://www.trojaner-board.de/196602-tr-trash-gen-trojaner-avira-html-scrinject-b-trojaner-eset-gefunden.html)

Fred19 10.10.2019 22:35
Adw cleaner 2. Lauf - keine Infections gefunden

Code:
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-10-2019
# Duration: 00:00:27
# OS:      Windows 10 Home
# Scanned:  35164
# Detected: 30


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration  Folder  C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Preinstalled.ASUSSplendid  File  C:\Users\Admin_MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  File  C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  File  C:\Users\Public\Desktop\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  Folder  C:\Program Files (x86)\ASUS\SPLENDID
Preinstalled.ASUSSplendid  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Preinstalled.ASUSWebStorage  File  C:\Users\Public\Desktop\WebStorage.lnk
Preinstalled.ASUSWebStorage  Folder  C:\Program Files (x86)\ASUS\WEBSTORAGE
Preinstalled.ASUSWebStorage  Folder  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\Common Files\NEWTECH INFOSYSTEMS
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\NEWTECH INFOSYSTEMS
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\NEWTECH INFOSYSTEMS\NTI CD & DVD-MAKER 7
Preinstalled.ReaderforPC  File  C:\Users\Public\Desktop\Reader for PC.lnk
Preinstalled.ReaderforPC  Folder  C:\Program Files (x86)\SONY\READERDESKTOP
Preinstalled.ReaderforPC  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}
Preinstalled.SamsungEasyDocumentCreator  Folder  C:\Program Files (x86)\SAMSUNG\EASY DOCUMENT CREATOR
Preinstalled.SamsungEasyDocumentCreator  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Document Creator
Preinstalled.WildTangentGamesBundle  File  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
Preinstalled.WildTangentGamesBundle  Folder  C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle  Folder  C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus
Preinstalled.WildTangentGamesBundle  Registry  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle  Registry  HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


AdwCleaner_Debug.log - [41641 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
adw cleaner debug Log 2

Code:
2019-10-10 21:16:43 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:16:45 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:16:45 :  <INFO>      [IRIS] Making request
2019-10-10 21:16:45 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:16:46 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:16:46 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:16:46 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:16:46 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:16:46 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:16:46 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:16:46 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:16:46 :  <WARNING>  [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:16:46 :  <INFO>      [IRIS] Failed
2019-10-10 21:16:47 :  <INFO>      [Button clicked] EULA agreed
2019-10-10 21:17:09 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:18:43 :  <INFO>      [Button clicked] Help menu item
2019-10-10 21:18:46 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:19:10 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:19:20 :  <INFO>      [Button clicked] Scan
2019-10-10 21:19:20 :  <INFO>      [Scan] Started
2019-10-10 21:19:20 :  <INFO>      [Database] Downloading database
2019-10-10 21:19:24 :  <INFO>      [Database] Checking integrity
2019-10-10 21:19:24 :  <INFO>      [Database] Found  2586  families
2019-10-10 21:19:24 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 21:19:25 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 21:19:25 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 21:19:25 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "File"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Service"
2019-10-10 21:19:25 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "URL"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 21:19:32 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 21:19:32 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 21:19:33 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 21:19:33 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 21:19:33 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 21:19:34 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:19:36 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:41 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:19:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:19:43 :  <INFO>      [Scan] Item detected:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:44 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "C:\\Program Files (x86)\\SAMSUNG\\EASY DOCUMENT CREATOR" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Samsung Easy Document Creator" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Users\\Public\\Desktop\\Reader for PC.lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Program Files (x86)\\SONY\\READERDESKTOP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Familie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Admin_MM\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Public\\Desktop\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Program Files (x86)\\ASUS\\SPLENDID" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0969AF05-4FF6-4C00-9406-43599238DE0D}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "C:\\Program Files (x86)\\ASUS\\APRP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8D6B05E0-F457-408C-9D13-549334D8FAE1}" [ "Registry" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WildTangent Games App - asus.lnk" [ "File" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES\\APP" [ "Folder" ]
2019-10-10 21:19:45 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES" [ "Folder" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Ext\\Preapproved\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\S-1-5-18\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" [ "Registry" ]
2019-10-10 21:19:46 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Users\\Public\\Desktop\\WebStorage.lnk" [ "File" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Program Files (x86)\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Classes\\CLSID\\{6D4133E5-0742-4ADC-8A8C-9303440F7191}" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WebStorage" [ "Registry" ]
2019-10-10 21:19:47 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32|WebStorage" [ "Registry" ]
2019-10-10 21:19:48 :  <INFO>      [Scan] Item detected:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:19:48 :  <INFO>      [Scan] Item detected:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS\\NTI CD & DVD-MAKER 7" [ "Folder" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\Common Files\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:19:50 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:19:51 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:19:52 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:19:52 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:19:52 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:19:52 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:19:52 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:19:52 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:19:52 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:19:52 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:19:52 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:19:52 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:19:52 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:19:52 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:19:53 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:19:53 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:19:53 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:19:53 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:19:53 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:19:53 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:19:53 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:19:53 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:19:53 :  <INFO>      [Scan] Finished
2019-10-10 21:19:57 :  <INFO>      [Button clicked] Log files menu item
2019-10-10 21:24:17 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:24:24 :  <INFO>      [Button clicked] Next
2019-10-10 21:24:42 :  <INFO>      [Button clicked] Bundleware found ok button
2019-10-10 21:25:03 :  <INFO>      [Button clicked] Clean & repair
2019-10-10 21:25:07 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Started
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "[System Process]"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "System"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "Registry"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "Memory Compression"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "NisSrv.exe"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "SecurityHealthService.exe"  0
2019-10-10 21:25:07 :  <WARNING>  [Cleaning] Unable to Open process -  "SgrmBroker.exe"  0
2019-10-10 21:25:07 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20191010.232507"
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "C:\\Windows\\System32\\drivers\\swdumon.sys" [ "File" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Documents\\Downloaded Installers" [ "Folder" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "Avira SafeSearch Plus" [ "Chromium" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.SlimCleanerPlus" ,  "HKCU\\Software\\Microsoft\\Internet Explorer\\DOMStorage\\cdn.castplatform.com" [ "Registry" ]
2019-10-10 21:25:07 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "C:\\Users\\Admin_MM\\AppData\\Local\\Downloaded Installations\\{DAD82379-C684-4D04-83D5-2B9934A9C362}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "C:\\Windows\\Installer\\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}" [ "Folder" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UpgradeCodes\\04A063A0BBEACF54EAEF493C49D9E3F6" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Features\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Classes\\Installer\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Chip" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\E49AC3054380EEC4DA29AB71FAE408A9" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\EdpDomStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.VLCUpdaterDE" ,  "HKU\\S-1-5-21-4090024248-729372955-4264872595-1005\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\Children\\001\\Internet Explorer\\DOMStorage\\vlc.de" [ "Registry" ]
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Delete Prefetch"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Reset Chromium Policies"
2019-10-10 21:25:08 :  <INFO>      [Engine Additional Action]  "Reset IE Policies"
2019-10-10 21:25:09 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:25:09 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:25:09 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:25:09 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:25:09 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:25:09 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:25:09 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:25:09 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:25:09 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:25:09 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:25:09 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:25:09 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:25:10 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:25:10 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:25:10 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:25:10 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:25:10 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:25:10 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:25:10 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:25:10 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:25:10 :  <INFO>      [Cleaning] Finished
2019-10-10 21:25:32 :  <INFO>      [Button clicked] Dialog button clicked [ 6 ]
2019-10-10 21:25:33 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:26:55 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:26:56 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:26:56 :  <INFO>      [IRIS] Making request
2019-10-10 21:26:57 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:26:57 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:26:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:26:57 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:26:57 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:26:57 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:26:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:26:58 :  <WARNING>  [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:26:58 :  <INFO>      [IRIS] Failed
2019-10-10 21:27:00 :  <INFO>      [Button clicked] Survey closed
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Sending NPS Survey
2019-10-10 21:27:00 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:27:00 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:27:00 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:27:00 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:27:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:27:01 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:27:10 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:27:11 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:27:11 :  <INFO>      [IRIS] Making request
2019-10-10 21:27:12 :  <INFO>      [Telemetry] Sending hello
2019-10-10 21:27:12 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:12 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:12 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:27:12 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:27:12 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:27:12 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:27:12 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:27:12 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:27:13 :  <WARNING>  [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:27:13 :  <INFO>      [IRIS] Failed
2019-10-10 21:27:18 :  <INFO>      [Button clicked] Log files menu item
2019-10-10 21:30:39 :  <INFO>      [Application] Closing AdwCleaner
2019-10-10 21:30:52 :  <INFO>      [Application] AdwCleaner  7 . 4 . 1  launched
2019-10-10 21:30:52 :  <INFO>      [MBInstaller] Checking Iris
2019-10-10 21:30:52 :  <INFO>      [IRIS] Making request
2019-10-10 21:30:53 :  <INFO>      [AdwUpgrade] Checking application updates
2019-10-10 21:30:53 :  <INFO>      [Telemetry] Sending hello
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:30:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:30:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Locality Name ("Santa Clara")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc")
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo. Okt 2 00:00:00 2017 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Di. Okt 6 12:00:00 2020 GMT"
2019-10-10 21:30:54 :  <INFO>      [SslCert] ALPN: None
2019-10-10 21:30:54 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:30:54 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:30:54 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:30:54 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2019-10-10 21:30:54 :  <WARNING>  [File Downloader] Error downloading ( QNetworkReply::NetworkError(ContentNotFoundError) )
2019-10-10 21:30:54 :  <INFO>      [IRIS] Failed
2019-10-10 21:31:13 :  <INFO>      [Button clicked] Settings menu item
2019-10-10 21:31:46 :  <INFO>      [Button clicked] Dashboard menu item
2019-10-10 21:31:50 :  <INFO>      [Button clicked] Scan
2019-10-10 21:31:50 :  <INFO>      [Scan] Started
2019-10-10 21:31:50 :  <INFO>      [Database] Downloading database
2019-10-10 21:31:52 :  <INFO>      [Database] Checking integrity
2019-10-10 21:31:52 :  <INFO>      [Database] Found  2586  families
2019-10-10 21:31:52 :  <INFO>      [Database] Database v "2019-10-03.2"
2019-10-10 21:31:52 :  <INFO>      [Loading paths] Local paths loaded
2019-10-10 21:31:52 :  <INFO>      [Loading paths] Chrome paths loaded
2019-10-10 21:31:52 :  <INFO>      [Loading paths] User Keys loaded
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "File"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Folder"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "RegistryKey"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "RegistryValue"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "TaskName"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Service"
2019-10-10 21:31:52 :  <INFO>      [Module initialized]  "Winlogon"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "URL"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "RegAppInit"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "RegClasses"
2019-10-10 21:31:58 :  <INFO>      [Module initialized]  "DNS"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegGuid"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegOther"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegProductID"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegSoftware"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "RegStartup"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "WMI"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "ChromiumExt"
2019-10-10 21:31:59 :  <INFO>      [Module initialized]  "FirefoxExt"
2019-10-10 21:31:59 :  <INFO>      [Module initialize] Scan Browser
2019-10-10 21:32:00 :  <INFO>      [Module initialize] Scan Browser FF
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF start pages loaded
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF search providers loaded
2019-10-10 21:32:00 :  <INFO>      [Module initialize] FF plugin list loaded
2019-10-10 21:32:00 :  <INFO>      [Scan] Exclusions loaded
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "C:\\Program Files (x86)\\SAMSUNG\\EASY DOCUMENT CREATOR" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.SamsungEasyDocumentCreator" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Samsung Easy Document Creator" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Users\\Public\\Desktop\\Reader for PC.lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "C:\\Program Files (x86)\\SONY\\READERDESKTOP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ReaderforPC" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Familie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Admin_MM\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Users\\Public\\Desktop\\Eye Care Switcher.Lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "C:\\Program Files (x86)\\ASUS\\SPLENDID" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSSplendid" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0969AF05-4FF6-4C00-9406-43599238DE0D}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "C:\\Program Files (x86)\\ASUS\\APRP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSProductRegistration" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8D6B05E0-F457-408C-9D13-549334D8FAE1}" [ "Registry" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\WildTangent Games App - asus.lnk" [ "File" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES\\APP" [ "Folder" ]
2019-10-10 21:32:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "C:\\Program Files (x86)\\WILDTANGENT GAMES" [ "Folder" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Ext\\Preapproved\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKU\\S-1-5-18\\Software\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" [ "Registry" ]
2019-10-10 21:32:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.WildTangentGamesBundle" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Users\\Public\\Desktop\\WebStorage.lnk" [ "File" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\Program Files (x86)\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\ASUS\\WEBSTORAGE" [ "Folder" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Classes\\CLSID\\{6D4133E5-0742-4ADC-8A8C-9303440F7191}" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WebStorage" [ "Registry" ]
2019-10-10 21:32:13 :  <INFO>      [Scan] Item detected:  "Preinstalled.ASUSWebStorage" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run32|WebStorage" [ "Registry" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS\\NTI CD & DVD-MAKER 7" [ "Folder" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\Common Files\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:32:16 :  <INFO>      [Scan] Item detected:  "Preinstalled.GatewayMyBackup" ,  "C:\\Program Files (x86)\\NEWTECH INFOSYSTEMS" [ "Folder" ]
2019-10-10 21:32:17 :  <INFO>      [Telemetry] Sending to Influx
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued by ("Let's Encrypt Authority X3")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued to ("telemetry-02.adwc.mb.fr33tux.org")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Locality Name ()
2019-10-10 21:32:18 :  <INFO>      [SslCert] Organization ()
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "So. Aug 18 10:50:38 2019 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa. Nov 16 10:50:38 2019 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:32:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:32:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:32:18 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2019-10-10 21:32:18 :  <INFO>      [Telemetry] Sending to DSE
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued by ("DigiCert SHA2 High Assurance Server CA")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Issued to ("*.malwarebytes.com")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Locality Name ("San Jose")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Organization ("Malwarebytes Inc.")
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do. Feb 22 00:00:00 2018 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi. Apr 22 12:00:00 2020 GMT"
2019-10-10 21:32:18 :  <INFO>      [SslCert] ALPN: Yes
2019-10-10 21:32:18 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2019-10-10 21:32:18 :  <INFO>      [SslCert] KXE:  "ECDH"
2019-10-10 21:32:18 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2019-10-10 21:32:19 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2019-10-10 21:32:19 :  <INFO>      [Scan] Finished
2019-10-10 21:32:22 :  <INFO>      [Button clicked] No threats detected ok button
2019-10-10 21:32:38 :  <INFO>      [Button clicked] Log files menu item

cosinus 10.10.2019 22:35
Schau mal ins Log, da wird eine Menge vorinstallierter Software gefunden. Die bitte deinstallieren, die ist idR nur unnötiger Ballast.

Fred19 10.10.2019 22:47
Habs mir angesehen
Die meiste möchte ich drauflassen wenn es irgendwie geht

Asus Regisrierung war für garantie
Die New tech DVD SW ist eine praktische Brenner SW
Die ereader SW war nicht preinstalled - das ist die von meinem Reader

Das wild Bundle habe ich deinstalliert

Log - ach ja meine Samsung Drucker SW war auch dabei - aber die brauche ich auch

Code:
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-10-2019
# Duration: 00:00:02
# OS:      Windows 10 Home
# Cleaned:  9
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted      Preinstalled.WildTangentGamesBundle  File  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
Deleted      Preinstalled.WildTangentGamesBundle  Folder  C:\Program Files (x86)\WILDTANGENT GAMES
Deleted      Preinstalled.WildTangentGamesBundle  Folder  C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted      Preinstalled.WildTangentGamesBundle  Registry  HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [61598 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]
AdwCleaner[S01].txt - [5101 octets] - [10/10/2019 23:32:17]
AdwCleaner[S02].txt - [5162 octets] - [10/10/2019 23:37:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

cosinus 10.10.2019 22:59
adwcleaner bitte zwecks Kontrolle wiederholen

Fred19 10.10.2019 23:07
Adw wiederholt - hier das Log - findet nur mehr die preinstalled pakete die ich gerne drauf lassen möchte:

Code:
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-11-2019
# Duration: 00:00:26
# OS:      Windows 10 Home
# Scanned:  35164
# Detected: 21


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration  Folder  C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Preinstalled.ASUSSplendid  File  C:\Users\Admin_MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  File  C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  File  C:\Users\Public\Desktop\Eye Care Switcher.Lnk
Preinstalled.ASUSSplendid  Folder  C:\Program Files (x86)\ASUS\SPLENDID
Preinstalled.ASUSSplendid  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Preinstalled.ASUSWebStorage  File  C:\Users\Public\Desktop\WebStorage.lnk
Preinstalled.ASUSWebStorage  Folder  C:\Program Files (x86)\ASUS\WEBSTORAGE
Preinstalled.ASUSWebStorage  Folder  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WEBSTORAGE
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|WebStorage
Preinstalled.ASUSWebStorage  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WebStorage
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\Common Files\NEWTECH INFOSYSTEMS
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\NEWTECH INFOSYSTEMS
Preinstalled.GatewayMyBackup  Folder  C:\Program Files (x86)\NEWTECH INFOSYSTEMS\NTI CD & DVD-MAKER 7
Preinstalled.ReaderforPC  File  C:\Users\Public\Desktop\Reader for PC.lnk
Preinstalled.ReaderforPC  Folder  C:\Program Files (x86)\SONY\READERDESKTOP
Preinstalled.ReaderforPC  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}
Preinstalled.SamsungEasyDocumentCreator  Folder  C:\Program Files (x86)\SAMSUNG\EASY DOCUMENT CREATOR
Preinstalled.SamsungEasyDocumentCreator  Registry  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Document Creator


AdwCleaner_Debug.log - [76660 octets] - [10/10/2019 23:16:43]
AdwCleaner[S00].txt - [6742 octets] - [10/10/2019 23:19:51]
AdwCleaner[C00].txt - [3118 octets] - [10/10/2019 23:25:09]
AdwCleaner[S01].txt - [5101 octets] - [10/10/2019 23:32:17]
AdwCleaner[S02].txt - [5162 octets] - [10/10/2019 23:37:03]
AdwCleaner[C02].txt - [3232 octets] - [10/10/2019 23:41:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

cosinus 10.10.2019 23:08
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-4090024248-729372955-4264872595-1005\...\Winlogon: [Shell] C:\Windows\explorer.exe [4612520 2019-10-10] (Microsoft Windows -> Microsoft Corporation) <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {02B523C5-FE67-4EB6-A859-12FB2818AFA3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> Keine Datei <==== ACHTUNG
Task: {14969BF5-683A-4384-90C7-56DAB157F4AF} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> Keine Datei <==== ACHTUNG
Task: {1AE9A89E-9C5B-4421-ADD1-6A85B3370E87} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> Keine Datei <==== ACHTUNG
Task: {57678E62-98CC-44AD-9C69-8459C0B48AA4} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {69C36DAE-C76C-4B56-9595-F991B91CB89D} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> Keine Datei <==== ACHTUNG
Task: {B9B89DAB-F085-468A-81B5-6CF8B908B5D3} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> Keine Datei <==== ACHTUNG
Task: {BDEAFA5F-68C5-4072-A40D-83B2A30B0F0E} - \{8E7153B0-662E-4DC0-8C24-76B74437E1CA} -> Keine Datei <==== ACHTUNG
Task: {BEF30B6E-1976-41A1-8F3B-65445A9E6B71} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> Keine Datei <==== ACHTUNG
Task: {F6D7D5E1-059C-45A7-BBBB-FA07920587B2} - \{E8BECBC0-4042-46E6-9D6E-119A20462443} -> Keine Datei <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Fred19 10.10.2019 23:13
Hi - ich habe das farbar inzw. nochmal getestet - das ist immer noch instabil wie nur was.

Die meisten scans bleiben stecken und das Tool hängt sich auf!

Ich habe es nur im abgesicherten Modus zum laufen gebracht. - soll ich es dort versuchen?

Was würde passieren wenn es sich während des Fixes aufhängt?

LG
Fred

cosinus 10.10.2019 23:18
Dann lass das Tool weg. Normalerweise läut FRST stabil und problemfrei.

Kontrollscans mit Malwarebytes + ESET Online Scanner bitte.

Fred19 11.10.2019 05:35
Alles klar - beide Scanner laufen.

Ich poste die Ergebnisse dann morgen früh.
Danke!
Und eine gute Nacht
:dankeschoen:

ergbnisse malware
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 11.10.19
Scan-Zeit: 00:20
Protokolldatei: 2cf5d606-ebac-11e9-9988-d017c21fd07f.json

-Softwaredaten-
Version: 3.8.3.2965
Komponentenversion: 1.0.627
Version des Aktualisierungspakets: 1.0.12847
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.418)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-T0SUMFR\Familie

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 685353
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 11 Min., 17 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

Ergebnisse ESET

Code:
11.10.2019 06:23:54
Geprüfte Dateien: 1205796
Infizierte Dateien: 0
Gesäuberte Bedrohungen: 0
Prüfdauer gesamt: 03:52:31
Prüfstatus: Abgeschlossen


17:36:24 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\Modules\
17:36:24 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\OldModules\
17:36:24 DeleteEstsApi: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 DeleteApiStgFile: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 DeletePeriodicNotifyFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner
17:36:25 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Admin_MM\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\
17:36:25 Call m_esets_charon_send
17:36:25 Call m_esets_charon_destroy
00:21:47 Updating
00:21:47 Update Init
00:21:48 Update Download
00:23:00 esets_scanner_reload returned 0
00:23:00 g_uiModuleBuild: 43061
00:23:00 Update Finalize
00:23:00 Call m_esets_charon_send
00:23:00 Call m_esets_charon_destroy
00:23:01 Updated modules version: 43061
00:23:12 Call m_esets_charon_setup_create
00:23:12 Call m_esets_charon_create
00:23:12 m_esets_charon_create OK
00:23:12 Call m_esets_charon_start_send_thread
00:23:12 Call m_esets_charon_setup_set
00:23:12 m_esets_charon_setup_set OK
00:23:12 Scanner engine: 43061
06:25:05 # product=EOS
# version=8
# flags=0
# av=0
# fw=7
# admin=1
# esetonlinescanner_deu.exe=3.1.10.0
# EOSSerial=32711764db35624dbee7ca001c436ed6
# engine=43061
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2019-10-11 04:25:05
# local_time=2019-10-11 06:25:05 (+0100, Mitteleuropäische Sommerzeit  )
# country="Austria"
# lang=1031
# osver=10.0.18362 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 88 25607 17800868 0 0
# scanned=1205796
# found=0
# cleaned=0
# scan_time=13951
# scan_type=2
# flow=2019-10-11 00:21:11|scr|eula|2019-10-11 00:21:13|promo|eis|2019-10-11 00:21:13|scr|welcome|2019-10-11 00:21:14|scr|consents|2019-10-11 00:21:18|scr|scan_type|2019-10-11 00:21:40|scr|pua|2019-10-11 00:21:47|scr|updating|2019-10-11 00:23:01|scr|scanning|2019-10-11 04:15:33|scr|no_threats|2019-10-11 06:23:55|click|save_report|2019-10-11 06:24:24|scr|periodic_offer|2019-10-11 06:24:35|scr|upsell|2019-10-11 06:24:39|scr|thanks
# periodic=0,0
# stats_enabled=1
06:25:06 Call m_esets_charon_send
06:25:06 Call m_esets_charon_destroy

cosinus 11.10.2019 07:56
Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Fred19 12.10.2019 16:19
Vielen dank für die Hilfe
 
Danke für dei Hilfe cosinus!!

LG
Fred:applaus:


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:31 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131