Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware due to opened E-mail


  • Please log in to reply
8 replies to this topic

#1 Silke

Silke

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 30 March 2016 - 03:38 AM

Hello,

 

first of all I am new, so please forgive me if I work wrong on this platform.

 

I have the problem that I stupidly downloaded an attached Zip to an E-mail. I opened the Zip but not the file because it was suspicious, it had no size (MB) at all.

The mail was about paying a bill and I thought it is real because they had my address also.

After I googled it and found out it is a Trojan. I don't remember the name of the Mail, but it was about an online shop or something like that. 

 

 

I reinstalled windows like 3 times, because I downloaded several anti virus programs. (Malwarebytes, Spybot, Avast, AVG, ESET, SpyHunter)

 

On my Laptop Windows 10, I7 ASUS (just bought it new in February) i have from beginning MC Affee installed.

 

I did not install all this programs at the same time, that's why i reinstalled the system so there is nothing of them left when I install the new one. 

 

Malwarebytes, Avast, AVG, MC Affe did not show anything, but Spybot and ESET and SpyHunter showed me something.

 

SpyHunter: Mysearchdial Toolbar and MBR infection/rootkit are detected

Soybot: HKUS\S-1-5-21-1491114596.. (more numbers)

ESET: I don't remember what it found

 

 

Current situation:

 

I reset my PC again, let MC Affee run without internet connection. It always shows no Issues detected but the boot records are 6. Also I tried to let it run in the safe mode, but it is not scanning. 

 

I don't know if I am overreacting or not, but please give me some advice. 

 

Thanks already :)

 

Current now: :D

 

AVG is installed and found a Tracking cookie, even though everything was reset several times.

But there are several Locked and Password Protected documents. 

What does that mean?


Edited by Silke, 30 March 2016 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:05 AM

Posted 30 March 2016 - 09:05 AM

Silke:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.

I am sorry to hear that you have had issues with your computer. I suggest that we run a few preliminary scans to determine if your computer might be compromised.

 


:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 

 

:step2: Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

 

I would like you to paste the logs from both scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 Silke

Silke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 30 March 2016 - 11:56 AM

Hello Phil, 

 

thank you a lot for your help

 

Here are my reports:

 

ESET:

 

C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting

C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting
 
 
 
Malwarebytes:
 
At Malwarebytes the self protection and the rootkits are disabled. Does that mean something?
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/03/2016
Scan Time: 18:18
Logfile: Malwarebytes_Scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.30.07
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Silke
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336359
Time Elapsed: 5 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

Kind Regards,

 

Silke 



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:05 AM

Posted 31 March 2016 - 09:37 AM

Silke:
 
Thank you for your logs.  You do not need to enable Malwarebytes Self-Protection, unless you believe that your computer is infected.

 

 
:step1: Please enable the rootkit scan and re-run a Malwarebytes scan.  So far, nothing serious has shown up.
 

 

Don't worry about AVG reporting "password protected" files, if that is what is reporting such files.  You can access your own files, can't you?  Some system and program files are "protected" and that is commonly reported by some anti-virus scanners.  It is no cause for concern.
 

 

:step2: Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please paste the results of both scan logs into your next response. Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 Silke

Silke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 31 March 2016 - 11:58 AM

Hey Phil, 

 

thank you for replying so quickly again :)

 

Here are my logs.

 

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/03/2016
Scan Time: 18:21
Logfile: Malwarebytes_Scan_Rootkit enabled.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.31.04
Rootkit Database: v2016.03.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Silke
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353930
Time Elapsed: 9 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
AdwCleaner:
 
# AdwCleaner v5.108 - Logfile created 31/03/2016 at 18:49:33
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Silke - DESKTOP-2CE789T
# Running from : C:\Users\Silke\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : WtuSystemSupport
Service Found : vToolbarUpdater40.2.8
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\avg web tuneup
Folder Found : C:\Program Files (x86)\avg web tuneup
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\avg web tuneup
Folder Found : C:\Users\Silke\AppData\Local\avg web tuneup
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\AVG Web TuneUp
Key Found : HKLM\SOFTWARE\AVG Web TuneUp
Key Found : HKLM\SOFTWARE\AVG Tuneup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp
Key Found : [x64] HKLM\SOFTWARE\AVG Web TuneUp
Key Found : HKU\S-1-5-21-2483191687-2339272038-3517182080-1001\Software\AVG Web TuneUp
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={833214A7-C53A-40F5-8C7D-A51479D04ABD}&mid=ad477c82287c47ccb86dfd1f9a5e6625-df0f5709b9cb8ea40d7e4f085512c0e3b8008455&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-30 13:28:52&v=4.2.8.608&pid=wtu&sg=&sap=hp
Data Found : HKU\S-1-5-21-2483191687-2339272038-3517182080-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={833214A7-C53A-40F5-8C7D-A51479D04ABD}&mid=ad477c82287c47ccb86dfd1f9a5e6625-df0f5709b9cb8ea40d7e4f085512c0e3b8008455&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216piz&pr=fr&d=2016-03-30 13:28:52&v=4.2.8.608&pid=wtu&sg=&sap=hp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2483191687-2339272038-3517182080-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [4966 bytes] - [31/03/2016 18:49:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5039 bytes] ##########
 
 
Kind regards 
 
Silke :)


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:05 AM

Posted 31 March 2016 - 12:52 PM

Silke:
 
Thank you for your logs.  It seems that there is nothing serious hiding in your computer.  AdwCleaner shows a number of potentially unwanted programs (PUPs), like AVG Tuneup and AVG Secure Search.  If you want to keep those AVG programs, then please ensure that you uncheck all of the entries pertaining to them under each tab where they might appear before running AdwCleaner in "Clean" Mode.

Personally, I would not want those program on my computer, but it is YOUR computer, so you decide.  You can go to the Anti-Virus, Anti-Malware, and Privacy Software Forum here and search those programs if you want some impartial information about those products and why they are not a Bleeping Computer recommended products.


:step1: Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait for the update to complete.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

Please paste the AdwCleaner "Clean" log file into your next reply. Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 Silke

Silke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 31 March 2016 - 01:30 PM

Hello Phil, 
 
Thank you again :)
if you say AVG is not so good as a Anti Virus Program, which one could you recommend me?
Also should I leave Malwarebytes, AdwCleaner on my Laptop. Are they not interacting with my regular Anti Virus Program?
 
 
 
 
# AdwCleaner v5.108 - Logfile created 31/03/2016 at 20:14:42
# Updated 30/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Silke - DESKTOP-2CE789T
# Running from : C:\Users\Silke\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.2.8
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\Users\Silke\AppData\Local\avg web tuneup
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AVG Web TuneUp
[-] Key Deleted : HKLM\SOFTWARE\AVG Web TuneUp
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Web TuneUp
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2483191687-2339272038-3517182080-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4592 bytes] - [31/03/2016 20:14:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [5138 bytes] - [31/03/2016 18:49:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [5207 bytes] - [31/03/2016 20:13:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4811 bytes] ##########


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:05 AM

Posted 31 March 2016 - 02:09 PM

Silke:

 

Thank you for your AdwCleaner "Clean" log.  You can remove AdwCleaner from your computer.  You may choose to keep Malwarebytes, depending on which security solution you decide to obtain.

 

Bleeping Computer does not recommend one single security product for all users.  They all have different needs and so there is no "one size fits all."

 

There is a great post here, by Quietman7, one of the foremost professionals in the field of computer protection applications, which provides lots of information on which security applications might best meet your needs, and other very valuable information on safe computing practices.  I recommend that you read it.

 

It has been my pleasure, on behalf of the Bleeping Computer community to assist you, and we thank you for choosing Bleeping Computer to help you with your computer issues.  Be sure to come back if you have any more problems in the future.  We are here to help.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 Silke

Silke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 AM

Posted 01 April 2016 - 02:09 AM

Hello Phil,

 

thanks for your help with my problem :)

You were great help.

 

I am happy that everything is fine with my Laptop :)

 

I will check your suggested link.

 

Have a nice day

 

Regards

 

Silke 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users