Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

program msln not found at system startup after several malware


  • Please log in to reply
44 replies to this topic

#1 jens_bleeby

jens_bleeby

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 08 June 2015 - 11:16 AM

At first: greeting to the bleepingcomputer forum from Hamburg, Germany!

I tried already to me for some time to get rid of my problem by reading in this forum but without success.

 

I`m using Windows 7 home premium 64 bit, internet 11 and Norton 360.

 

The problem starts with an internet site ask me to install the latest flashplayer because mine was outdated.

OK, I`ve Norton 360 with realtimescan etc. so I thought nothing could go wrong.

 

Suddenly Uniblue driverscanner / speeduppc installation started too! Even I dischecked the boxes in the installationprozess before.

Norton still gave no alert..

To be safe anyhow before trying deinstalling I created restore point from the C:\ drive and export the registry.

 

These uniblue programs seems to change the startpage of the explorer the searchpage let popups appear and redirecting sites.

Norton still remain silent. I try to deinstall these programs but they let them not automatically remove so I decided to let the system check with a tool for damage and remove of those programs. The name is SPYHUNTER

 

That was even a malware program I wasn't able to delete so I decided to installed the next malware detection program:

AD-ADWARE WE it even gets worse.

 

I' not able to restore the exported registry error is:

einige Schluessel sind vom System oder anderen Prozessen geoeffnet!"

(which mean something like "some keys are open by system or other processes!")

same error at safe mode.

 

restore point also not possible. error is:

0X80070003 system kann den angegeben Pfad nicht finden. (System can`t find the path)

 

On the registry changed rights on the keys to full access for admin because "zugriff verweigert" (access denied) on very few folder.

 

since than Norton whants to restart every time after 4 - 5 minutes, the sound and battery systems are having failures.

 

I would appreciate an answer very much, if an info is missing, just give me a short info.

 

Have a nice day, Jens



BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:40 PM

Posted 08 June 2015 - 11:39 AM

Hello, Spyhunter is rogue program and you should uninstall it. http://www.bleepingcomputer.com/forums/t/564529/spy-hunter-malware-tool/

 

I would suggest you to download  AdwCleaner and install it. Download link: http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Click on Scan to start the scan.

 
When the search is complete a list of items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
Click on Clean to remove the selected items. 
When the cleaning process is complete a log of what was removed will be created.  You can copy this log in your topic. Location will be: C:\AdwCleaner[S1].txt
 
If disabling Norton will stop those restart problem, unable it for some time. 

Edited by severac, 08 June 2015 - 11:45 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 08 June 2015 - 11:47 AM

Hi there,

You are running two antivirus solutions - Norton and Ad-Aware (they use the AV engine from BitDefender). I suggest that you uninstall one of the two.

Please run this so I can know what is going on.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#4 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 09 June 2015 - 04:54 AM

Hi Alex, thanks for quick result! I was able to create both files, unfortunately I`m running a german system so some sentences are on german.
I switched off Norton now.

MiniToolBox by Farbar Version: 11-05-2015 01
Ran by Ulli (administrator) on 08-06-2015 at 20:07:50
Running from "C:\downloads\software"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: Aspire 5742 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Auflsungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11n-Netzwerkadapter = Drahtlosnetzwerkverbindung (Connected)
Broadcom NetLink ™ Gigabit Ethernet = LAN-Verbindung (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

Hostname . . . . . . . . . . . . : Ulli-PC
Primres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : Speedport_W_723V_1_37_000

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix: Speedport_W_723V_1_37_000
Beschreibung. . . . . . . . . . . : Broadcom 802.11n-Netzwerkadapter
Physikalische Adresse . . . . . . : 18-F4-6A-51-5E-AC
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::a17c:14ba:9d0b:ff0c%13(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.2.103(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Montag, 8. Juni 2015 19:18:31
Lease luft ab. . . . . . . . . . : Montag, 29. Juni 2015 19:18:44
Standardgateway . . . . . . . . . : 192.168.2.1
DHCP-Server . . . . . . . . . . . : 192.168.2.1
DHCPv6-IAID . . . . . . . . . . . : 421065834
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1C-81-4B-69-1C-75-08-1E-11-87
DNS-Server . . . . . . . . . . . : fe80::1%13
192.168.2.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: Speedport_W_723V_1_36_000
Beschreibung. . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physikalische Adresse . . . . . . : 1C-75-08-1E-11-87
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.Speedport_W_723V_1_37_000:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: Speedport_W_723V_1_37_000
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 9:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:509c:564e:3c29:906:3f57:fd98(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::3c29:906:3f57:fd98%11(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.Speedport_W_723V_1_36_000:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::1

Name: google.com
Addresses: 2a00:1450:4001:803::1003
173.194.112.99
173.194.112.100
173.194.112.102
173.194.112.101
173.194.112.110
173.194.112.105
173.194.112.98
173.194.112.97
173.194.112.96
173.194.112.103
173.194.112.104


Ping wird ausgefhrt fr google.com [173.194.112.99] mit 32 Bytes Daten:
Antwort von 173.194.112.99: Bytes=32 Zeit=32ms TTL=57
Antwort von 173.194.112.99: Bytes=32 Zeit=31ms TTL=57

Ping-Statistik fr 173.194.112.99:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 31ms, Maximum = 32ms, Mittelwert = 31ms
Server: UnKnown
Address: fe80::1

Name: yahoo.com
Addresses: 98.138.253.109
206.190.36.45
98.139.183.24


Ping wird ausgefhrt fr yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Antwort von 98.138.253.109: Bytes=32 Zeit=153ms TTL=52
Antwort von 98.138.253.109: Bytes=32 Zeit=159ms TTL=52

Ping-Statistik fr 98.138.253.109:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 153ms, Maximum = 159ms, Mittelwert = 156ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
13...18 f4 6a 51 5e ac ......Broadcom 802.11n-Netzwerkadapter
12...1c 75 08 1e 11 87 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.103 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.2.0 255.255.255.0 Auf Verbindung 192.168.2.103 281
192.168.2.103 255.255.255.255 Auf Verbindung 192.168.2.103 281
192.168.2.255 255.255.255.255 Auf Verbindung 192.168.2.103 281
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.2.103 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.2.103 281
===========================================================================
Stndige Routen:
Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
11 58 ::/0 Auf Verbindung
1 306 ::1/128 Auf Verbindung
11 58 2001::/32 Auf Verbindung
11 306 2001:0:509c:564e:3c29:906:3f57:fd98/128
Auf Verbindung
13 281 fe80::/64 Auf Verbindung
11 306 fe80::/64 Auf Verbindung
11 306 fe80::3c29:906:3f57:fd98/128
Auf Verbindung
13 281 fe80::a17c:14ba:9d0b:ff0c/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
11 306 ff00::/8 Auf Verbindung
13 281 ff00::/8 Auf Verbindung
===========================================================================
Stndige Routen:
Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2015 07:19:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 03:32:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:48:40 AM) (Source: System Restore) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (Uniblue SpeedUpMyPC installation).

Error: (06/08/2015 11:11:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:04:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2015 05:14:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2015 07:22:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:24:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:15:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:10:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/08/2015 07:19:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/08/2015 07:18:27 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎08.‎06.‎2015 um 18:16:05 unerwartet heruntergefahren.

Error: (06/08/2015 03:32:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/08/2015 11:11:08 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/08/2015 11:04:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/07/2015 05:42:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (06/07/2015 05:14:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/05/2015 07:22:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:
%%2

Error: (06/03/2015 04:29:51 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (06/03/2015 03:53:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (06/08/2015 07:19:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 03:32:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:48:40 AM) (Source: System Restore)(User: )
Description: Uniblue SpeedUpMyPC installation0x80070003

Error: (06/08/2015 11:11:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 11:04:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2015 05:14:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2015 07:22:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:24:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:15:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 02:10:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2015-06-03 15:49:14.717
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-06-03 15:49:14.679
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.72 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3500 - Acer)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (HKLM\...\{2676D270-8FE3-4C9F-ADDB-6A8D22FE5C4C}) (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}) (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-0d9f62bb-1ea7-4e5d-a7bc-fc93f793ceed) (Version: 2.2.0.98 - WildTangent) Hidden
AntimalwareEngine (HKLM\...\{6E5FAEC8-C3C1-44E8-B8DE-CE3F9568BF85}) (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.72 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-f2ae3808-b5dd-45bc-bbf3-2a5b64a0c2a8) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Chuzzle Deluxe (HKLM-x32\...\WTA-f2f91c67-1cec-4593-9ff6-500782c0058d) (Version: 2.2.0.95 - WildTangent) Hidden
Crazy Chicken Kart 2 (HKLM-x32\...\WTA-ba27115c-db7d-4f39-b9b5-7a6e3f68f734) (Version: 2.2.0.97 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy CD-DA Extractor Free 2010 (HKLM-x32\...\Easy CD-DA Extractor Free 2010) (Version: 2010.6 - Poikosoft)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
FATE (HKLM-x32\...\WTA-00bbf28d-b7c2-491a-9b30-8c70b307c797) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (HKLM-x32\...\WTA-72842094-721d-4538-9627-aef2a20f721a) (Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (HKLM-x32\...\{4736B0ED-F6A1-48EC-A1B7-C053027648F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.)
HQ Video Pro 3.1cV27.05 (HKLM-x32\...\HQ Video Pro 3.1cV27.05) (Version: 1.36.01.22 - HQ VideoV27.05)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (HKLM-x32\...\WTA-63bb75ab-25d9-4503-b0c7-b8d58cb9b9a6) (Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-c267681b-e292-45b2-9cbb-45032782fddb) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (HKLM-x32\...\WTA-09a8511e-bef2-49c7-b2a6-fcb4bb72fb63) (Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-c5a40275-794a-4863-931d-52a304d66790) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-9c16eebb-f910-4c36-baeb-f57837ca3f2e) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
newsXpresso (HKLM-x32\...\{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
Penguins! (HKLM-x32\...\WTA-09ec0734-a3da-4f8c-ae86-918fb95fc647) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-2cf08349-1c36-4a68-bca4-9a12388688ee) (Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (HKLM-x32\...\WTA-d305c20a-b0cd-4743-b836-2f937139991f) (Version: 2.2.0.97 - WildTangent) Hidden
Pota Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Slingo Deluxe (HKLM-x32\...\WTA-44d1f273-e063-4777-bfa1-c1cd52567fee) (Version: 2.2.0.95 - WildTangent) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
teXXas (HKLM-x32\...\{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}) (Version: 1 - metaspinner net GmbH)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Torchlight (HKLM-x32\...\WTA-31b09fe2-21f6-4d9a-a54c-e67c64a8d416) (Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-6d7ceed6-9cb6-47bc-bbb8-f56eca352974) (Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.66 - Irrational Number Applications)
Wedding Dash (HKLM-x32\...\WTA-d5722912-227c-409e-b380-0798f182839a) (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\WTA-d927ec1a-0590-4e91-b489-a8bdfee3ec0e) (Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt
Device ID: ROOT\COMPOSITE_BATTERY\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3766.76 MB
Available physical RAM: 2190 MB
Total Pagefile: 7531.72 MB
Available Pagefile: 5711.88 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.56 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:147.75 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:199.73 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\ULLI-PC

Administrator Gast Ulli
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-05-2015 21:15:32 Removed Apple Application Support (32-Bit)
30-05-2015 21:17:14 Removed Apple Application Support (64-Bit)
30-05-2015 21:42:39 AA11
30-05-2015 21:50:36 LavasoftWeCompanion
30-05-2015 22:54:00 Removed iTunes
02-06-2015 13:43:41 LavasoftWeCompanion
02-06-2015 14:41:33 AA11
02-06-2015 17:00:39 Installed iTunes
03-06-2015 10:03:45 Adminpwd
03-06-2015 10:39:33 Installed Microsoft Fix it 50733
03-06-2015 11:17:26 Installed iTunes
05-06-2015 06:00:31 Windows Update

**** End of log ****



Results of screen317's Security Check version 1.003
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter 4
Java 7 Update 75
Java 8 Update 45
Adobe Reader 10.1.14 Adobe Reader out of Date!
Mozilla Firefox 36.0.4 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Good day, Jens

#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 09 June 2015 - 05:07 AM

Hello there,

Do you play WildTangent games?

Perform a clean boot using instructions in here, then uninstall the following software from Programs and Features:

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)

If you run into any issues, let me know.

Do you recognize these software?

teXXas (HKLM-x32\...\{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}) (Version: 1 - metaspinner net GmbH)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.66 - Irrational Number Applications)

After that please run this.

AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Regards,
Alex

#6 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 09 June 2015 - 05:24 AM

Hi serverac,

downloaded the adware vers 4.06 and run it:

# AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 12:10:02
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ulli - ULLI-PC
# Gestarted von : C:\downloads\software\AdwCleaner.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\Ulli\AppData\Local\WebShield
Ordner Gefunden : C:\WebShield

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49249;hxxps=127.0.0.1:49249
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\ArenaHD
Schlüssel Gefunden : HKCU\Software\HighDefAction
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\YorkNewCin
Schlüssel Gefunden : [x64] HKCU\Software\ArenaHD
Schlüssel Gefunden : [x64] HKCU\Software\HighDefAction
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gefunden : [x64] HKCU\Software\YorkNewCin
Schlüssel Gefunden : HKLM\SOFTWARE\ArenaHD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\HighDefAction
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
Schlüssel Gefunden : HKLM\SOFTWARE\YorkNewCin
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\ArenaHD
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\HighDefAction
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\YorkNewCin
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v36.0.4 (x86 de)

[lf6wvnqz.default] - Zeile Gefunden : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[lf6wvnqz.default] - Zeile Gefunden : user_pref("extensions.crossrider.bic", "14dd48b5e571f1a62457780dd56754ed");

*************************

AdwCleaner[R3].txt - [4391 Bytes] - [09/06/2015 12:10:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [4450 Bytes] ##########

My problem is, I should UNCHECK THE ELEMENTS I WANT TO KEEP. I've "some" problems in the registry to determine which value I still need e.g.

#7 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 09 June 2015 - 06:29 AM

Hi Alex, my post with the log from adwcleaner overlapped with an answer to serverac.

I reproduced a clean boot as suggested and ad- aware suddenly reappears with icons on desktop. Tried to deinstall via programs and features is not possible, I got this error

 

"At deinstallation an error uccurred maybe the program is already uninstalled. Do you want to remove Ad-Aware Antivirus from the list of programs and Functions?"

So I wasn't able to deinstall both of them.

 

______

By the way, how can I paste screenshots?

 

Same on Spyhunter 4

 

So far, Jens



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 09 June 2015 - 06:32 AM

Hello,

Please download Revo Uninstaller Portable Free, use Advanced Mode to search for anything related to Ad-Aware and SpyHunter, then let Revo Uninstaller remove those.

Let me know if it works or not.

Regards,
Alex

#9 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 10 June 2015 - 04:24 PM

Dear Alex,

 

I was run revo uninstaller free portable and it shows a lot installed programs. I was easily able to uninstall spyhunter 4. But AD-AWARE from LAVASOFT where not listed at all that's strange! I took al look with the fileexlorer and saw the Lavasoft folder but was unable to delete it. Message was: You need Administrator rights do you want to proceed? (Translated from german OS). This is the only account here. Deleting was not possible than.

The thing is, that I`m logged in as an admin (I thought). Do you know what's wrong here, or better might be easier: what is not wrong here   :thumbsup2:

 

Thanks in advance, Jens

 

postscript

I neither my girl are playing WILDTANGENT.

I deinstalled now Webshield I didn`t know but that wasn`t going before on normal deinstall routine and texxas I`m using for online tv program.



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 10 June 2015 - 04:37 PM

Ad-Aware doesn't have any removal tools... sucks. You can leave that for now.

Please uninstall this to get rid of WildTangent:

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)

Please re-run AdwCleaner and choose Cleaning (or whatever the equivalent is in German). After that click on Logfile and post the cleaning log here.

After that please run these.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#11 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 10 June 2015 - 05:15 PM

# AdwCleaner v4.206 - Bericht erstellt 11/06/2015 um 00:02:29
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ulli - ULLI-PC
# Gestarted von : C:\downloads\software\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInternetEnhancer
Ordner Gelöscht : C:\Program Files (x86)\WaInternetEnhancer
Ordner Gelöscht : C:\Users\Ulli\AppData\Local\WebShield

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\HighDefAction
Schlüssel Gelöscht : HKCU\Software\ArenaHD
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : HKLM\SOFTWARE\ArenaHD
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ArenaHD
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49249;hxxps=127.0.0.1:49249
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v36.0.4 (x86 de)

[lf6wvnqz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[lf6wvnqz.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14dd48b5e571f1a62457780dd56754ed");

*************************

AdwCleaner[R3].txt - [4581 Bytes] - [09/06/2015 12:10:02]
AdwCleaner[R4].txt - [4677 Bytes] - [10/06/2015 23:59:48]
AdwCleaner[S1].txt - [3651 Bytes] - [11/06/2015 00:02:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3710 Bytes] ##########

Hi Alex,

at first the latest scan log from adwcleaner with disabled Norton.

The both others I will try as soon as possible,

greetings Jens

#12 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 10 June 2015 - 05:51 PM

Hi again,

and here is the log from rtfm ;-) jrt.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ulli on 11.06.2015 at 0:35:42,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_BA9226F4-E3ED928D.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
Successfully deleted: [File] C:\Windows\system32\LavasoftTcpService64.dll
Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Ulli\appdata\local\{4E2047C3-F00D-4FC0-A346-3882C7B8BB9B}
Successfully deleted: [Empty Folder] C:\Users\Ulli\appdata\local\{9A2C0060-8B79-40D3-8CF8-89A519B07699}
Successfully deleted: [Empty Folder] C:\Users\Ulli\appdata\local\{AF03C291-E93A-4DC3-94AB-A8B41F31A8FC}
Successfully deleted: [Empty Folder] C:\Users\Ulli\appdata\local\{E040701C-CFB3-4448-9921-EFC198F96B57}
Successfully deleted: [Empty Folder] C:\Users\Ulli\appdata\local\{F39B3B5F-0B81-4705-9660-F1DC2C62C0AC}



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2015 at 0:38:44,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The emergency kit log will follow shortly.

Have fun and thanks for time!



#13 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 11 June 2015 - 02:54 AM

Good moorning Alex from HH!
 
As requested the EEK log:

Emsisoft Emergency Kit - Version 9.0
Letztes Update: 11.06.2015 01:01:39
Benutzerkonto: Ulli-PC\Ulli

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn: 11.06.2015 01:06:15
Value: HKEY_USERS\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d-4.exe gefunden: Gen:Application.Heur.zv1@m05WOQaO (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/232.js gefunden: Adware.JS.Agent.AM (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/339.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/180.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/179.js gefunden: Adware.JS.Agent.AN (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/200.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/242.js gefunden: Adware.JS.Agent.AM (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/231.js gefunden: Adware.JS.Agent.AM (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/263.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/380.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/262.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/223.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/184.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi -> extensionData/plugins/102.js gefunden: Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\Uninstall.exe gefunden: Gen:Application.Heur.hqX@l0xq8Rfi (
C:\ProgramData\FRxNyEoLt\dat\NftgVTJNIvE.dll gefunden: Adware.PullUpdate.T (
C:\ProgramData\FRxNyEoLt\dat\veIbTZifVN.dll gefunden: Adware.PullUpdate.T (

Gescannt 229175
Gefunden 20

Scan-Ende: 11.06.2015 02:21:42
Scan-Zeit: 1:15:27

C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\Uninstall.exe Quarantäne Gen:Application.Heur.hqX@l0xq8Rfi (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d.xpi Quarantäne Adware.JS.Crossrider.B (
C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\f41b1580-0ee1-4ded-9ddb-bb71138dff8d-4.exe Quarantäne Gen:Application.Heur.zv1@m05WOQaO (
Value: HKEY_USERS\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)

Quarantäne 6

 

remark from me: for being able to remove 2 files the notebook needed to restart.

 

good day, Jens!
 



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:40 PM

Posted 11 June 2015 - 03:10 AM

Hi there,

Can you upload those two files to VirusTotal? I will send them to Emsisoft for whitelisting.

After that please run these.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#15 jens_bleeby

jens_bleeby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg, Germany
  • Local time:04:40 PM

Posted 11 June 2015 - 04:50 AM

Dear Alex,

did the scan with Mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.06.2015
Suchlauf-Zeit: 10:57:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.11.01
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ulli

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 382616
Verstrichene Zeit: 24 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.WebShield.A, C:\ProgramData\FRxNyEoLt\rBHpYMjygoS.exe, 2436, , [7df0a019ef9bde5812618770e61b1fe1]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 8
PUP.Optional.WebShield.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rBHpYMjygoS, , [7df0a019ef9bde5812618770e61b1fe1],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HQ Video Pro 3.1cV27.05-nv-ie, , [452809b0b4d60d291cda2acd1be8bc44],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WaInternetEnhancer, , [82ebcdeca5e50531d46e41478382b14f],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [de8f942556347abccf94bb32c43f4cb4],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\HQ Video Pro 3.1cV27.05-nv-ie, , [85e82b8ed4b66ec8c433698ed03340c0],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [ed80d8e112788da9b514f68cd431fe02],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\HQ Video Pro 3.1cV27.05-nv-ie, , [f67789302961f343847307f030d307f9],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1357889443-3804916833-74243169-1000\SOFTWARE\WaInternetEnhancer, , [a4c9a217d0badc5a8ab7ff89df260df3],

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 3
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ Video Pro 3.1cV27.05, , [69042099f2984aecd68a3eaefb08d828],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\dat, , [afbecced4941c373e5c35427bd4920e0],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt, , [afbecced4941c373e5c35427bd4920e0],

Dateien: 12
PUP.Optional.WebShield.A, C:\ProgramData\FRxNyEoLt\rBHpYMjygoS.exe, , [7df0a019ef9bde5812618770e61b1fe1],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\FRxNyEoLt\dat\bPXFGnvlx.dll, , [6c01e6d3d7b3191db706d3508e78f10f],
PUP.Optional.WebShield.A, C:\ProgramData\FRxNyEoLt\dat\eeCabCmyIw.exe, , [f776b900d7b3f83e7cf706f1e819956b],
PUP.Optional.PullUpdate.C, C:\ProgramData\FRxNyEoLt\dat\jxeHVh.dll, , [2e3f0baed2b89a9c8319babf9571f808],
PUP.Optional.WebShield.A, C:\ProgramData\FRxNyEoLt\dat\YVOEFjFBEA.exe, , [84e9b9005b2f171f2a49698e847df40c],
PUP.Optional.Softonic.SID.C, C:\Users\Ulli\Downloads\Setup.exe, , [db926c4d048677bf60fb3c3dbb4bb14f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQ Video Pro 3.1cV27.05\bgNova.html, , [69042099f2984aecd68a3eaefb08d828],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\dat\eeCabCmyIw.exe.config, , [afbecced4941c373e5c35427bd4920e0],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\dat\YVOEFjFBEA.exe.config, , [afbecced4941c373e5c35427bd4920e0],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\info.dat, , [afbecced4941c373e5c35427bd4920e0],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\rBHpYMjygoS.dat, , [afbecced4941c373e5c35427bd4920e0],
PUP.Optional.PullUpdate.A, C:\ProgramData\FRxNyEoLt\rBHpYMjygoS.exe.config, , [afbecced4941c373e5c35427bd4920e0],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

 

In this FRxNyEoLt Folder there is much malware detected. Folder is not existent anymore, (so also I can`t send you a file, but I could sent one directly to now I will work through with ESET.

 

 

greetings, Jens

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users