| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: www.qvo6.com als startseite wegbekommenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.09.2013, 17:58
| #1 |
| |  www.qvo6.com als startseite wegbekommen hey, wie schon oben im thema hab ich ein problem diese startseite in firefox wegzubekommen. ein anderes thema hat mir auch schon sehr geholfen und ich habe die übeltäter auch schon entfernt, ( hoffe ich zumindestens :/ ) dennoch wird mir die startseite angezeigt  adwcleaner durchlaufen lassen frst64 durchlaufen lassen malwarebytes durchlaufen lassen tfc durchlaufenlassen aber die startseite, auch wenn ich sie ändere bleibt.... :/ Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bjoern on 09.09.2013 at 17:20:38,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] wsyssvc
Successfully deleted: [Service] wsyssvc
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\intermediate
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scheck
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssync
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1225557953-2483263610-2332851641-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\httogroup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\piccshare
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wsyscontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_geogebra_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
~~~ Files
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer (64-bit).lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Bjoern\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\datamgr"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\Bjoern\AppData\Roaming\ssync"
~~~ FireFox
Successfully deleted: [File] C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\user.js
Successfully deleted: [File] C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\searchplugins\search.xml
Successfully deleted the following from C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\prefs.js
user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=1378740192");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("browser.search.selectedEngine", "qvo6");
user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=hp&from=vtt&uid=SAMSUNGXHD502HJ_S20BJ90BA15712&ts=13787401
user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomai
Emptied folder: C:\Users\Bjoern\AppData\Roaming\mozilla\firefox\profiles\n4l6st3n.default\minidumps [77 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2013 at 17:24:45,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| Themen zu www.qvo6.com als startseite wegbekommen |
| .com, als startseite, anderes, angezeigt, askbar, entfern, entfernt, firefox, geholfen, hoffe, launch, problem, sehr geholfen, seite, startseite, tarma, thema, wajam, wegbekomme, ändere |
Baum-Darstellung