Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
http://websearch.oversearch.info

http://websearch.oversearch.info


Plagegeister aller Art und deren Bekämpfung: http://websearch.oversearch.info

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.10.2013, 17:06   #3
KeremTatli
 
http://websearch.oversearch.info - Standard

http://websearch.oversearch.info


Zoek.exe Version 4.0.0.4 Updated 27-September-2013
Tool run by Keremino on 01.10.2013 at 15:39:19,34.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Veli\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Script inserted]

==== System Restore Info ======================

01.10.2013 15:42:48 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Installed Programs ======================

7-Zip 9.20
Acer Crystal Eye Webcam
AdblockIE
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04) - Deutsch
CCleaner
Creative Audio-Systemsteuerung
Debut Video Capture Software
Free YouTube Download version 3.2.3.610
Free YouTube to MP3 Converter version 3.12.3.610
Gamesurround Muse Pocket
HyperCam 2
Jasc Animation Shop 3
Java 7 Update 40
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 de)
Nuvoton CIR Device Driver
NVIDIA Drivers
Opera 12.15
Pavtube Video Converter version 3.5.1.2185
PhotoScape
RICOH R5U8xx Media Driver ver.3.62.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
SkypeT 6.6
SplitCam
SWFText
swMSM
Synaptics Pointing Device Driver
TeamViewer 8
Ulead GIF Animator 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
USB Multi-Channel Audio Device
VideoPad Video Editor
WinRAR 4.20 (32-Bit)
YTD Video Downloader 4.0

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SystemStoreService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js:
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.de");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36");
user_pref("browser.search.defaulturl", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("keyword.URL", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36&l=1&q=");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\prefs.js:

Deleted from C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js:
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\prefs.js:

==== Deleting Files \ Folders ======================

"C:\Program Files\WBC Engine" not found
"C:\Program Files\YourFileDownloader" not found
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Ask.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\babylon.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\Web Search.xml" deleted
"C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\searchplugins\WebSearch.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\Ask.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\qvo6.xml" deleted
"C:\Program Files\mozilla firefox\searchplugins\Web Search.xml" deleted
"C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml" deleted
"C:\Windows\System32\Tasks\Desk 365 RunAsStdUser" deleted
"C:\Windows\System32\Tasks\EPUpdater" deleted
"C:\Windows\System32\Tasks\4581" deleted
"C:\Windows\System32\Tasks\Software Updater" deleted
"C:\Windows\System32\Tasks\YourFile DownloaderUpdate" deleted
"C:\Windows\System32\Tasks\Dealply" deleted
"C:\Windows\System32\Tasks\Software Updater Ui" deleted
"C:\Windows\System32\Tasks\0" deleted
"C:\Windows\Tasks\Dealply.job" deleted
"C:\Users\Veli\Downloads\jogangandotnetCrackVideopadVideoEditor.rar.exe" deleted
"C:\Users\Veli\Downloads\etypesetup.exe" deleted
"C:\Users\Veli\AppData\Local\DownloadGuide" deleted
"C:\Program Files\CoolPic - Fun Social Pictures" deleted
"C:\Users\Veli\AppData\Roaming\Dealply" deleted
"C:\ProgramData\DSearchLink" deleted
"C:\ProgramData\Browser Manager" deleted
"C:\Users\Veli\Documents\Optimizer Pro" deleted
"C:\ProgramData\SearchNewTab" deleted
"C:\Program Files\WebSearch" deleted
"C:\ProgramData\SummerSoft" deleted
"C:\Program Files\Optimizer Pro" deleted
"C:\ProgramData\DownnlOad kuEeper" deleted
"C:\Program Files\Ss.Helper" deleted
"C:\ProgramData\InstallMate" deleted
"C:\Users\Veli\AppData\Roaming\eType" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-09-25 11:24:28 1B2CE85F36F5BB6DEC7AE685978DB825 32328 ----a-w- C:\Windows\Launcher.exe
====== C:\Users\Veli\AppData\Local\Temp ====
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
2013-09-08 19:55:05 5FD0F92A70CF369EC5B687D9C56531BC 17530 ----a-w- C:\Users\Veli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\2ea66e94-506a0138
====== C:\Windows\system32 =====
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 19:08:46 184021B2B95F3BE1B8FD7EA4F8F23C38 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-23 00:55:12 ACA17F8E1F9E8891DE15E2527D8D74D0 264616 ----a-w- C:\Windows\System32\javaws.exe
2013-09-23 00:54:58 EC94122E6DCB6E731D8513A89AC9CF12 175016 ----a-w- C:\Windows\System32\javaw.exe
2013-09-23 00:54:58 EC2A0F271C0FD4AD57B137845577F539 175016 ----a-w- C:\Windows\System32\java.exe
2013-09-23 00:54:58 65F0FBCDBBA20FC4B0DADCA922150A99 94632 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-09-25 10:54:13 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
2013-09-12 00:48:47 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-06 20:03:00 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2013-09-30 19:08:48 5B12B28D98BF11F73A1C467764AAF0D4 884 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-30 19:08:48 35FF0B400A83D1EE852F416D9A56632E 3822 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
2013-09-20 03:33:36 8CFC135F4BDE75CF76B6A2925910A8C0 3414 ----a-w- C:\Windows\system32\Tasks\{4CFD8C3F-62D5-42F7-B501-E5C559EE202A}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-30 19:20:24 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-09-25 11:26:33 -------- d-----w- C:\Program Files\SoftwareUpdater
2013-09-25 11:26:31 -------- d-----w- C:\Program Files\Freetec
2013-09-23 00:55:27 -------- d-----w- C:\Program Files\Common Files\Java
2013-09-23 00:54:40 -------- d-----w- C:\Program Files\Java
======= C: =====
2013-09-20 02:50:26 68DA3EA204996EC4B63A9568B5D99C25 206312 --sh--r- C:\XELDZ
====== C:\Users\Veli\AppData\Roaming ======
2013-09-30 15:51:36 -------- d-----w- C:\Users\Veli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-26 07:23:22 -------- d-----w- C:\Users\Veli\AppData\Roaming\SkypEmoticons
2013-09-25 11:27:25 -------- d-----w- C:\Users\Veli\AppData\Local\Freetec
2013-09-25 11:23:42 -------- d-----w- C:\Users\Veli\AppData\Locallow\SimplyTech
2013-09-23 23:01:12 -------- d-----w- C:\Users\Veli\AppData\Roaming\vlc
2013-09-18 19:37:49 -------- d-----w- C:\Users\Veli\AppData\Locallow\DataMngr
2013-09-18 19:37:45 -------- d-----w- C:\Users\Veli\AppData\Local\Programs
====== C:\Users\Veli ======
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
2013-09-23 16:30:55 1A31EC98651A9176A3669459F2EDFB78 9216 ----a-w- C:\Users\Veli\Downloads\plugin-container.exe
2013-09-23 16:28:23 B22198403FFEAF57BE49FF5A08DA1EF4 23003252 ----a-w- C:\Users\Veli\Downloads\vlc-2.0.8-win32(1).exe
2013-09-23 00:56:15 -------- d-----w- C:\ProgramData\Oracle
2013-09-23 00:54:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2013-09-23 00:52:28 2755BAEDEB84972D1621B9166CE29B0B 913832 ----a-w- C:\Users\Veli\Downloads\jxpiinstall(1).exe
2013-09-23 00:50:20 A4022823CFBF2C1A97BD01CCF7FE976C 7912440 ----a-w- C:\Users\Veli\Downloads\Shockwave_Installer_Slim(2).exe
2013-09-20 17:33:19 -------- d-----w- C:\Users\Veli\Videos
2013-09-18 19:38:31 -------- d-----w- C:\Users\Veli\Local Settings
2013-09-11 20:44:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2013-09-03 03:48:43 74E7F684F2198114E4AE1F6524A1653C 98304 ----a-w- C:\Users\Veli\fbchathistory.dat

====== C: exe-files ==
2013-09-30 20:04:46 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L213I0D\FRST[1].exe
2013-09-30 20:04:16 E8DD5929CDAA01730F7C536D044F1389 1086873 ----a-w- C:\Users\Veli\Downloads\FRST.exe
2013-09-30 19:16:13 50A05EDC87893F62268E374C19BFBEB3 52176608 ----a-w- C:\Users\Veli\Downloads\gtk-2.1.8.9-setup.exe
2013-09-30 19:08:47 4CAC856E64F96C6949B0931964F9EE42 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2013-09-30 15:51:36 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Program Files\NCH Software\VideoPad\videopadsetup_v3.14.exe
2013-09-30 15:50:53 229261A60DBFD58471D114CC4E0456A0 4373560 ----a-w- C:\Users\Veli\Downloads\vppsetup.exe
2013-09-30 10:34:32 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla18.exe
2013-09-30 03:58:48 09869C37B1CAE90A6275D4DE0E91D099 45868112 ----a-w- C:\Users\Veli\AppData\Local\Temp\SHSetup.exe
2013-09-30 03:58:37 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Veli\Downloads\SpyHunter-Installer.exe
2013-09-28 06:27:57 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(5).exe
2013-09-26 07:27:28 01E1B94A8C0011F206DF0C997EA287F4 165 ----a-w- C:\$Recycle.Bin\S-1-5-21-3610243647-955691083-3180197658-1000\$RSN6AFQ\Crack VideoPad Video Editor.exe
2013-09-26 07:23:47 A8E982D615D2FFD066F591B6E4EABBE0 5842336 ----a-w- C:\Users\Veli\AppData\Roaming\SkypEmoticons\SE.exe
2013-09-25 16:30:55 9A9B114CBD554C4A1BF9E2FCAB08B460 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE(1).exe
2013-09-25 16:14:44 FAC0845F41DC78C51B12AC090379B344 1238384 ----a-w- C:\Users\Veli\Downloads\CoolPic_mg_207566.exe
2013-09-25 11:27:22 4D52CFCFF7AA93ED16461705B5131235 74752 ----a-w- C:\Program Files\SoftwareUpdater\Maintenance.exe
2013-09-25 11:27:09 87E0F79093A22946A9D1ED1DF2F284C9 902144 ----a-w- C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe
2013-09-25 11:26:54 9D40AC2003DCA9F045181241C2BF47A2 296448 ----a-w- C:\Program Files\SoftwareUpdater\SystemStore.exe
2013-09-25 11:26:37 5CF463EA5AD05F5DE0BB5BBA6AA2092C 6656 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}\chrome\bin\cmdproxy.exe
2013-09-25 11:24:28 1B2CE85F36F5BB6DEC7AE685978DB825 32328 ----a-w- C:\Windows\Launcher.exe
2013-09-25 11:22:57 86BA054C43FA55D6CA581EFA6772DA1C 729736 ----a-w- C:\Users\Veli\Downloads\youtube-dlm_1.0_de-DE.exe
2013-09-25 10:47:04 A509EB9A2388D2A329B9847E8D66FC2C 2743968 ----a-w- C:\Users\Veli\Downloads\netsight_setup_6.0.0.60_MP_Production_mid51049298465_p.exe
2013-09-24 22:50:48 FEAFF13AD04D5D945EF13587E92C3336 3362400 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(4).exe
2013-09-24 22:46:29 1342ED24D3293559E0CACC0788A2B996 2681224 ----a-w- C:\Users\Veli\Downloads\speakychatinstall(3).exe
=== C: other files ==
2013-10-01 04:30:30 642DB546B8E5380410C4B110C222E13F 79139 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHPKEMNJ\de_DE[1].zip
2013-10-01 04:30:07 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Veli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XDS773D\flXHR[1].vbs
2013-09-29 21:02:39 51555013F2F820E6A20E991E754752D8 123385 ----a-w- C:\Users\Veli\AppData\Local\Temp\tmp-ifv.xpi
2013-09-25 11:26:35 F28E6D902D5782720F216207ECFBC07F 18753 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
2013-09-25 11:26:35 ED10614EC981DB30789CC7EC4B229AB9 13955 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\admin@proxy-listen.de.xpi
2013-09-25 11:26:35 E23928ED13449168CB9F26BBE67BC95F 353425 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\smarterwiki@wikiatic.com.xpi
2013-09-25 11:26:35 C9F1A4E3D10AC900B022F8F45152A3E1 194311 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
2013-09-25 11:26:35 BD76955067E069A01B9A0392DEA4D10B 178395 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
2013-09-25 11:26:35 B60381F680B593366B51DE45829C179F 31123 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
2013-09-25 11:26:35 AC13FB2840845FE8B03E0EC579B8EA90 723773 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\stefanvandamme@stefanvd.net.xpi
2013-09-25 11:26:35 97AA187E8476935D2933E462E7A14D06 166436 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
2013-09-25 11:26:35 967246D501D0F4379C673099996CF121 16117 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
2013-09-25 11:26:35 73E5FCA06973ADD85D7CA071F89853A0 76810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\screwads@airtint.com.xpi
2013-09-25 11:26:35 4ACEE5217E47CBA244D165C0414AA7CB 409220 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
2013-09-25 11:26:35 4155DB098E14F2A8CB7BAC0FD10D9FB0 210138 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
2013-09-25 11:26:35 3D7728D85556F98F4F967AD9F288D8F6 18509 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
2013-09-25 11:26:35 1D062796A5FF05D60F20A97677EDD437 824302 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-09-25 11:26:35 0FD6A9943787EE1A75FD810FE2DCD58C 14810 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\YouTubeAutoReplay@arikv.com.xpi
2013-09-25 11:26:35 0B240AC326EF16591C39AE84B2958659 171002 ----a-w- C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
2013-09-25 10:37:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Veli\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\index\cdn-a.sponsorpay.com

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3610243647-955691083-3180197658-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"="\SearchProtect\bin\cltmng.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="C:\Windows\PLFSetI.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.09.2013 21:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\djh0uqno.default
- Undetermined - %ProfilePath%\extensions\tilt@mozilla.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

ProfilePath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
- ColorfulTabs - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Complete YouTube Saver - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Undetermined - C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}
- Complete YouTube Saver - %ProfilePath%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}
- Proxy-Listen.de - Proxyswitcher - %ProfilePath%\extensions\admin@proxy-listen.de.xpi
- PlugIn-Checker - %ProfilePath%\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi
- Youtube To MP3 PRO converter - %ProfilePath%\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
- FireTube - %ProfilePath%\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack.xpi
- YouTube ALL HTML5 - %ProfilePath%\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\screwads@airtint.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi
- YouTube Auto Replay - %ProfilePath%\extensions\YouTubeAutoReplay@arikv.com.xpi
- PDFescape Extension - %ProfilePath%\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi
- Black Youtube - %ProfilePath%\extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
- Black Google Theme - %ProfilePath%\extensions\{e9876d64-8bac-4287-bdc4-0f0c56804b4f}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\extensions\ffxtlbr@babylon.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\qpbe3oiy.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Veli\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787049
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U40
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
CD6D547D33C9D2935FC6F206DC4E2711 - C:\Users\Veli\AppData\Roaming\Mozilla\plugins\npspeakychat.dll - SpeakyChat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hggpkhijoeadmdfmlbdepfbngmhaldci - C:\Program Files\DealPly\DealPly.crx[]
mmiopbgcekanlhpjkonogoljpfmhpkhf - C:\Program Files\LyricsPal\125.crx[]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Start Page"="hxxp://websearch.oversearch.info/?pid=298&r=2013/09/26&hid=14353993468478840820&lg=EN&cc=DE&unqvl=36"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"(Default)"="hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"SearchAssistant"="hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=b1f47b7c-7ba3-4451-b915-8f16a5a434e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013"
"Start Page"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Start Default_Page_URL"="hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60"
"Search Bar"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1380060000000.000008&tguid=66920-6787-1380108222358-7460702C987F8958BEEB078049EC5A60&q="
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

==== EOF on 01.10.2013 at 15:48:34,49 ======================

Hi Smeenk,

nachdem ich das mit dem "Zoek" gemacht habe,
sind "websearch.oversearch.info" & "Ads not by this site" verschwunden

habe vielen vielen Dank

ps: wars das, oder geht es weiter : )
__________________
 

Themen zu http://websearch.oversearch.info
ads, deinstalliere, deinstallieren, device driver, dllhost.exe, epupdater, farbar, farbar recovery scan tool, freue, inter, interne, internetseite, internetseiten, kicken, löschen, not, plug-in, problem, probleme, pup.optional.babylon.a, pup.optional.coolpic, pup.optional.moviestoolbar.a, pup.optional.opencandy, pup.optional.wbcengine, seiten, soooo, spinnt, this, virus


« da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424" | GVU Trojaner Abgesicherter Modus funktioniert nicht mehr! Windows XP »


Ähnliche Themen: http://websearch.oversearch.info


  1. Websearch.the-searcheng.info entfernen
    Anleitungen, FAQs & Links - 31.10.2015 (2)
  2. Websearch.hotfindings.info entfernen
    Anleitungen, FAQs & Links - 06.08.2015 (2)
  3. websearch.coolsearches.info entfernen
    Anleitungen, FAQs & Links - 04.04.2015 (2)
  4. websearch.goodforsearch.info entfernen
    Anleitungen, FAQs & Links - 04.04.2015 (2)
  5. Websearch.swellsearch.info entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  6. websearch.look-for-it.info entfernen
    Anleitungen, FAQs & Links - 15.02.2015 (2)
  7. Websearch.searchplazanow.info entfernen
    Anleitungen, FAQs & Links - 27.01.2015 (2)
  8. websearch.searchtheglobe.info entfernen
    Anleitungen, FAQs & Links - 12.01.2015 (2)
  9. Firefox Startseite http://websearch.searchoholic.info
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (23)
  10. Websearch.allsearches.info entfernen
    Anleitungen, FAQs & Links - 26.09.2014 (2)
  11. websearch.fixsearch.info entfernen
    Anleitungen, FAQs & Links - 22.08.2014 (2)
  12. Websearch.WebIsAwsome.info entfernen
    Anleitungen, FAQs & Links - 13.02.2014 (2)
  13. Websearch.YouWillFind.info entfernen
    Anleitungen, FAQs & Links - 13.02.2014 (2)
  14. Websearch.toolksearchbook.info entfernen
    Anleitungen, FAQs & Links - 06.01.2014 (2)
  15. websearch.pu-results.info entfernen
    Anleitungen, FAQs & Links - 29.12.2013 (2)
  16. Websearch.searchsunmy.info entfernen
    Anleitungen, FAQs & Links - 19.12.2013 (2)
  17. Bekomm diese Seite nicht mehrvon meinem Browser " http://websearch.pu-results.info"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema http://websearch.oversearch.info - Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by Keremino on 01.10.2013 at 15:39:19,34. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: - http://websearch.oversearch.info...
Archiv
Du betrachtest: http://websearch.oversearch.info auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131