Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Nationzoom als Startseite und dauernd Werbung!

Nationzoom als Startseite und dauernd Werbung!


Plagegeister aller Art und deren Bekämpfung: Nationzoom als Startseite und dauernd Werbung!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2014, 10:51   #1
ItsJustJessi
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


Hallo,

ich habe schon seit ca. 2 Wochen das Problem, dass sich bei meinem Browser (Mozilla Firefox) Nationzoom als Startseite öffnet. Ich habe das dann mal gegoogelt als ich merkte, dass keine andere Seite mehr als Startseite geöffnet wird. Da hieß es dann, Nationzoom sei ein Virus.

Außerdem öffnen sich bei mir die ganze Zeit tausende Tabs mit Werbung für Casinos o.Ä. Das nervt extrem, weil es einfach mitten im Schreiben kommt, und außerdem bricht manchmal eine Seite einfach ab und "Veralteter Browser" oder "Java-Plugin" wird angezeigt.
Ich hoffe, jemand kann mir da helfen das wieder zu löschen!

Danke schonmal
ItsJustJessi

Alt 04.01.2014, 12:47   #2
Argus
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


Downloade Dir bitte Zoek.zip by smeenk zum Desktop

Entpacke Zoek.zip.

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.

Nun klicke auf "Run script" und im nächsten Fenster klicke da OK.
Und sei geduldig bis das Skript durchläuft.(bis zu eine halbe Stunde)
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\
Bitte poste mir das ZOEK-Log
__________________
Alt 04.01.2014, 22:25   #3
ItsJustJessi
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


So, habe leider eine Weile gebraucht. Hier jetzt das ZOEK-Log.

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 04-Januari-2014
Tool run by Jessi on 04.01.2014 at 21:23:34,57.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jessi\AppData\Local\Temp\Temp1_zoek.zip\zoek.com [Scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

04.01.2014 21:31:50 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{010E84AC-5F5F-41E3-9C48-B085B8957079} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebCakeUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WebCakeUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WebCakeUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ibupdaterservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ibupdaterservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.2.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default

---- Lines nationzoom removed from prefs.js ----
user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609");
user_pref("browser.search.defaultenginename", "nationzoom");
user_pref("browser.search.selectedEngine", "nationzoom");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.previous_page.value", "%22http%3A//www.tr
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossrider.bic", "14354c953622956ceb5f24eb70b124f9");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438 removed from prefs.js ----
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.active", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.addressbar", "NA");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.addressbarenhanced", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.asyncdb_dbWasSet", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.backgroundver", 2);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.certdomaininstaller", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.changeprevious", false);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie._GPL_aoi.value", "%221388748367%22");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie._GPL_parent_zoneid.expiration", "Fri Feb 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie._GPL_parent_zoneid.value", "%22380595%22"
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.InstallationTime.value", "%221388696541%2
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.InstallerParams.expiration", "Fri Feb 01 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.load_balancer.expiration", "Sun Jan 05 20
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.load_balancer.value", "%22%7B%20%5C%22Sta
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.NoNeedForUpdate.expiration", "Sun Jan 05 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.NoNeedForUpdate.value", "1");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.previous_page.expiration", "Fri Feb 01 20
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.user_id.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.cookie.user_id.value", "%2214354c953622956ceb5f2
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.description", "Turn YouTube videos to High Defin
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.domain", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.enablesearch", false);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.homepage", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.iframe", false);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.InstallationThankYouPage", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.InstallationTime", 1388696541);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__194_lastCheck__.expiration", "Sat J
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__194_lastCheck__.value", "true");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__global_rules.expiration",
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__global_rules.value", "%5B
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__global_rules_verion.expir
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__global_rules_verion.value
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__is_send_log.expiration", 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__is_send_log.value", "fals
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__last_daily_visit.expirati
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__last_daily_visit.value", 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__last_impression_time.expi
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__last_impression_time.valu
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__marketing_rules.expiratio
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__marketing_rules.value", "
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__marketing_rules_verion.ex
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__marketing_rules_verion.va
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pages_visited_count.expir
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pages_visited_count.value
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pagevies_count_4.0.2014.e
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pagevies_count_4.0.2014.v
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pagevies_count_5.0.2014.e
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__pagevies_count_5.0.2014.v
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__send_log_percent.expirati
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__send_log_percent.value", 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__total_impressions_today.e
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__total_impressions_today.v
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__verions_data.expiration",
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.__ICM_LITE__verions_data.value", "%7B
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb._country_code_.expiration", "Fri Feb 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb._country_code_.value", "%22DE%22");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_appVer.value", "127");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_meta.expiration", "Fri Feb 
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_nextCheck.expiration", "Sun
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.lastDailyReport", "1388866624589");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.lastUpdate", "1388866623880");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.manifesturl", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.name", "Plus-HD-2.5");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.newtab", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.opensearch", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.pluginsversion", 114);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.publisher", "Plus HD");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.searchstatus", 0);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.setnewtab", false);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.thankyou", "");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.updateinterval", 360);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.ver", 127);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.apps", "33438");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.bic", "14354c953622956ceb5f24eb70b124f9");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.cid", 33438);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.firstrun", false);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.hadappinstalled", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.installationdate", 1388696917);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.modetype", "production");
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.reportInstall", true);
user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.statsDailyCounter", 5);
---- Lines extensions.4Lam2 removed from prefs.js ----
user_pref("extensions.4Lam2.epoch", "1388953017");
user_pref("extensions.4Lam2.url", "hxxp://toolkitsetusa.info/sync2/?q=hfZ9oemPC7FPtNbPhd9FtMqLDe49CNU0mwkMCMlNhd9FrHwGrTnEpjr9rjaMBzqUojw9rdwEqdsErjCE
---- Lines extensions.CJfVBvVJ removed from prefs.js ----
user_pref("extensions.CJfVBvVJ.epoch", "1388953017");
user_pref("extensions.CJfVBvVJ.url", "hxxp://discountgetdirect.ru/sync2/?q=hfZ9oeqHgeqLtNbPhd9FtMqLDe49CNU0mwkMCMlNhd9FrHwGrTnEpjr9rTsMBzqUojw9rdwEqds
---- FireFox user.js and prefs.js backups ---- 

user__2155_.backup
prefs__2155_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{248E68B0-9270-BE8F-2CCB-FE243AE7978B} deleted
C:\windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{2E60B85E-8C67-6BC6-BF30-29B38371B074} deleted
C:\Users\Jessi\.android deleted
C:\ProgramData\CoooLSaLeCoupon deleted
C:\PROGRA~2\CoooLSaLeCoupon deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\Uniblue\SpeedUpMyPC deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Optimizer Pro deleted
C:\PROGRA~2\Tuguu SL deleted
C:\PROGRA~2\Movdap deleted
C:\PROGRA~2\MyPC Backup deleted
C:\Program Files\Uninstaller deleted
C:\PROGRA~2\Web Cake deleted
C:\PROGRA~2\sweetpacks bundle uninstaller deleted
C:\PROGRA~2\Plus-HD-2.5 deleted
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted
C:\Users\Jessi\AppData\Roaming\Uniblue deleted
C:\Users\Jessi\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\Jessi\AppData\Roaming\Web Cake deleted
C:\Users\Jessi\AppData\Roaming\BabSolution deleted
C:\Users\Jessi\AppData\Roaming\pdfforge deleted
C:\Users\Jessi\AppData\Roaming\Optimizer Pro deleted
C:\Users\Jessi\AppData\Roaming\OpenCandy deleted
C:\ProgramData\eSafe deleted
C:\ProgramData\Partner deleted
C:\ProgramData\VisualBee deleted
C:\ProgramData\WPM deleted
C:\ProgramData\Tarma Installer deleted
C:\ProgramData\AVG Secure Search deleted
C:\ProgramData\Babylon deleted
C:\Users\Jessi\AppData\Local\AVG Secure Search deleted
C:\Users\Jessi\AppData\Local\Mobogenie deleted
C:\Users\Jessi\AppData\Local\cache deleted
C:\Users\Jessi\AppData\Local\emaze deleted
C:\Users\Jessi\AppData\Local\AskToolbar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro deleted
C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted
C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\windows\Tasks\SpeedUpMyPC.job deleted
C:\Users\Jessi\Downloads\FreeYouTubeToMP3Converter_3.11.32.918.exe deleted
C:\Users\Jessi\Downloads\FreeYouTubeToMP3Converter_3.12.2.430(1).exe deleted
C:\Users\Jessi\Downloads\FreeYouTubeToMP3Converter_3.12.2.430.exe deleted
C:\Users\Jessi\AppData\LocalLow\AVG Secure Search deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\tasks\Plus-HD-2.5-chromeinstaller.job deleted
C:\windows\tasks\Plus-HD-2.5-codedownloader.job deleted
C:\windows\tasks\Plus-HD-2.5-enabler.job deleted
C:\windows\tasks\Plus-HD-2.5-firefoxinstaller.job deleted
C:\windows\tasks\Plus-HD-2.5-updater.job deleted
C:\windows\SysNative\tasks\Plus-HD-2.5-chromeinstaller deleted
C:\windows\SysNative\tasks\Plus-HD-2.5-codedownloader deleted
C:\windows\SysNative\tasks\Plus-HD-2.5-enabler deleted
C:\windows\SysNative\tasks\Plus-HD-2.5-firefoxinstaller deleted
C:\windows\SysNative\tasks\Plus-HD-2.5-updater deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deleted
C:\windows\tasks\spmonitor.job deleted
C:\windows\SysNative\tasks\spmonitor deleted
C:\windows\Syswow64\ARFC deleted
C:\windows\Syswow64\WNLT deleted
C:\windows\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted
C:\Users\Jessi\Documents\Mobogenie deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\searchplugins\babylon.xml deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\searchplugins\SweetIM Search.xml deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\Invalidprefs.js deleted
C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} deleted
C:\Users\Jessi\Desktop\Mobogenie.lnk deleted
C:\Users\Jessi\Desktop\Unverwendetes\MyPC Backup.lnk deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\extensions\7b2e05c3-4f6b-4f31-b7ed-1d6bf9639e5d@33ff3dbe-011c-4bda-9fc4-a47387c00171.com deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\extensions\pnd2_uo9b@fxv-ntwnqrk.edu deleted
C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\extensions\ss-ocdc7-vfk@eoi-bgsvwyyj.org deleted
"C:\windows\Installer\39f1f1.msi" deleted
"C:\windows\Installer\39f1f6.msi" deleted
"C:\windows\Installer\39f1f1.msi" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\nationzoom.xml" deleted
"C:\Users\Jessi\daemonprocess.txt" deleted
"C:\windows\SysNative\dmwu.exe" deleted
"C:\PROGRA~2\Mobogenie\DaemonProcess.exe" deleted
"C:\PROGRA~2\Mobogenie\libeay32.dll" deleted
"C:\PROGRA~2\Mobogenie\msvcp100.dll" deleted
"C:\PROGRA~2\Mobogenie\msvcr100.dll" deleted
"C:\PROGRA~2\Mobogenie\QtCore4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtGui4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtNetwork4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtSql4.dll" deleted
"C:\PROGRA~2\Mobogenie\QtWebKit4.dll" deleted
"C:\PROGRA~2\Mobogenie\ssleay32.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\Users\Jessi\AppData\Roaming\Movdap\WebCakeDesktop.exe" deleted
"C:\windows\SysNative\ljkb\lmrn.dll" deleted
"C:\windows\SysNative\ljkb\msvcp100.dll" deleted
"C:\windows\SysNative\ljkb\msvcr100.dll" not deleted
"C:\windows\SysNative\ljkb\stij.exe" deleted
"C:\windows\Syswow64\jmdp\lmrn.dll" deleted
"C:\windows\Syswow64\jmdp\msvcp100.dll" deleted
"C:\windows\Syswow64\jmdp\msvcr100.dll" deleted
"C:\windows\Syswow64\jmdp\stij.exe" deleted
"C:\PROGRA~2\Ask.com\Updater\Updater.exe" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgAdaptersProxy.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgcommon.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgcommunication.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgconfig.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mghooking.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgsimcommon.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgUpdateSupport.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\mgxml_wrapper.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\msvcp71.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\msvcr71.dll" deleted
"C:\PROGRA~2\SweetIM\Messenger\SweetIM.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.2.0\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll" deleted
"C:\Users\Jessi\AppData\Roaming\Movdap\dat\Desktop.OS.dll" deleted
"C:\PROGRA~2\Mobogenie" deleted
"C:\PROGRA~2\Ask.com" deleted
"C:\PROGRA~2\SweetIM" not deleted
"C:\PROGRA~2\AVG Secure Search" deleted
"C:\PROGRA~2\AVG Secure Search" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\Users\Jessi\AppData\Roaming\Movdap" deleted
"C:\ProgramData\SweetIM" deleted
"C:\windows\SysNative\ljkb" not deleted
"C:\windows\Syswow64\jmdp" deleted
"C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default\extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com" deleted
"C:\PROGRA~2\Ask.com\Updater" deleted
"C:\PROGRA~2\SweetIM\Messenger" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.2.0" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.2.0" deleted
"C:\Users\Jessi\AppData\Roaming\Movdap\dat" deleted

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Jessi\AppData\Local\Temp ====
2014-01-02 21:01:04	34C8F4206017E028757C29AED4CFCF71	5368808	----a-w-	C:\Users\Jessi\AppData\Local\Temp\plus-hd-2-5.exe
2014-01-02 21:00:57	7D7A3D927D9C49E524DE0DF792F587CD	90800	----a-w-	C:\Users\Jessi\AppData\Local\Temp\vbmz10.exe
2014-01-02 20:56:34	40395C175553CB14D2050888EFCCDF00	4961800	----a-w-	C:\Users\Jessi\AppData\Local\Temp\vcredist_x64.exe
2014-01-02 20:55:11	858D895AD40DE9779E78C39A116F9553	10355400	----a-w-	C:\Users\Jessi\AppData\Local\Temp\BackupSetup.exe
2013-12-27 10:21:26	E9986E9ADB8D65B6CA30D80103F1F53C	499856	----a-w-	C:\Users\Jessi\AppData\Local\Temp\fullpackage_temp1388695903\tmp\NewGdp.exe
2013-12-27 10:21:26	DE5F4849C496E6DA7EFC07148E1F5865	4494928	----a-w-	C:\Users\Jessi\AppData\Local\Temp\fullpackage_temp1388695903\tmp\desk365.exe
2013-12-27 10:21:26	2EEE15B1927EADFF45013E94B0CB0D94	131640	----a-w-	C:\Users\Jessi\AppData\Local\Temp\fullpackage_temp1388695903\QQBrowser.exe
2013-12-27 10:21:26	10B5FDC5A702D20164B53E99D8804599	100864	----a-w-	C:\Users\Jessi\AppData\Local\Temp\fullpackage_temp1388695903\QQBrowserFrame.dll
====== Java Cache =====
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
2013-12-11 19:27:04	E0D3CD5841E5C7BE7B94BA946AF1E498	116736	----a-w-	C:\windows\Sysnative\drivers\drmk.sys
2013-12-11 19:27:04	1E0B4CBBA91C6B041A14ECC2186F7E24	230400	----a-w-	C:\windows\Sysnative\drivers\portcls.sys
====== C:\windows\Tasks ======
2014-01-02 20:58:57	6D9293EE6DB5FCEE8A694621165308E4	4384	----a-w-	C:\windows\Sysnative\Tasks\click-n-mark-5-updater
2014-01-02 20:58:55	4D9F8D8D409A797A734A7F5A1E3C17A3	1354	----a-w-	C:\windows\Tasks\click-n-mark-5-updater.job
2014-01-02 20:58:49	FA38B1E4581ACCD28A3C688B912F2294	4190	----a-w-	C:\windows\Sysnative\Tasks\click-n-mark-5-enabler
2014-01-02 20:58:49	00CD91D95D2E45C40381DDDB1D7AD5C2	1160	----a-w-	C:\windows\Tasks\click-n-mark-5-enabler.job
2014-01-02 20:58:45	A1193D495B62C289466A6CBE06389CB0	4290	----a-w-	C:\windows\Sysnative\Tasks\click-n-mark-5-codedownloader
2014-01-02 20:58:45	0FBC6163C29E59B274470FE91F1EAEED	1260	----a-w-	C:\windows\Tasks\click-n-mark-5-codedownloader.job
2014-01-02 20:58:31	8F28E7AB26B4A65EF3AF51099CED5940	1898	----a-w-	C:\windows\Tasks\click-n-mark-5-firefoxinstaller.job
2014-01-02 20:58:31	2179339FEF24CA0A9B6D82211DD96253	4928	----a-w-	C:\windows\Sysnative\Tasks\click-n-mark-5-firefoxinstaller
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-12-07 19:39:01	--------	d-----w-	C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2014-01-02 20:58:29	--------	d-----w-	C:\PROGRA~2\click-n-mark-5
2013-12-10 15:33:34	--------	d-----w-	C:\PROGRA~2\Microsoft Games
2013-12-07 19:39:01	--------	d-----w-	C:\PROGRA~2\Microsoft Silverlight
======= C: =====
====== C:\Users\Jessi\AppData\Roaming ======
2014-01-02 21:04:19	--------	d-----w-	C:\Users\Jessi\AppData\Local\VisualBeeClient
2014-01-02 21:03:29	--------	d-----w-	C:\Users\Jessi\AppData\Local\VisualBeeExe
2013-12-24 09:34:20	--------	d-----w-	C:\windows\SysNative\config\systemprofile\AppData\Local\Packages
2013-12-07 19:26:07	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2013-12-07 19:26:07	--------	d-----w-	C:\Users\Default User\AppData\Local\Microsoft Help
====== C:\Users\Jessi ======
2014-01-03 22:14:08	AF5C84446657B48C9B9B870C46438261	1233962	----a-w-	C:\Users\Jessi\Downloads\adwcleaner_3.016.exe
2014-01-03 22:13:18	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\Users\Jessi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 21:05:52	--------	d-----w-	C:\ProgramData\InternetUpdater
2014-01-02 20:55:05	--------	d-----w-	C:\ProgramData\Updater
2014-01-02 20:55:05	--------	d-----w-	C:\ProgramData\RHelpers
2014-01-02 20:55:03	--------	d-----w-	C:\ProgramData\TubeDimmer
2014-01-02 20:38:22	45134AAAC511DCFB84074E2E245BC06D	2459944	----a-w-	C:\Users\Jessi\Downloads\Updater_Setup.exe
2013-12-24 09:34:19	--------	d-----w-	C:\ProgramData\243646ecfc0b0cfa
2013-12-12 16:19:38	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-12-10 15:35:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2013-12-07 19:41:29	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

====== C: exe-files ==
2014-01-03 22:14:08	AF5C84446657B48C9B9B870C46438261	1233962	----a-w-	C:\Users\Jessi\Downloads\adwcleaner_3.016.exe
2014-01-03 22:13:18	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\Users\Jessi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 21:08:36	404D42FF39F526AD5EF4A17B519C79EE	33985	----a-w-	C:\Users\Jessi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OQSB3HR\updater[1].exe
2014-01-02 21:03:36	93A83B9567CAE9C5CE235F17942B68F5	78338	----a-w-	C:\Users\Jessi\AppData\Local\VisualBeeExe\uninst.exe
2014-01-02 21:01:04	34C8F4206017E028757C29AED4CFCF71	5368808	----a-w-	C:\Users\Jessi\AppData\Local\Temp\plus-hd-2-5.exe
2014-01-02 21:00:57	7D7A3D927D9C49E524DE0DF792F587CD	90800	----a-w-	C:\Users\Jessi\AppData\Local\Temp\vbmz10.exe
2014-01-02 20:58:55	D193D7A423DF34E15A63D5AC4A0051BB	344064	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-updater.exe
2014-01-02 20:58:49	9A2F08C04B3C2AABBF7F00439ED7F062	332288	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-enabler.exe
2014-01-02 20:58:49	3A1DD234388EEA8D24AE81D661BC8D34	770560	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-bg.exe
2014-01-02 20:58:47	DD4F4AF4BB2B616BD707759494D3B5D0	477184	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-buttonutil64.exe
2014-01-02 20:58:47	17CA0E4465C64FFC4668D1A6AC4D9AFC	325632	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-buttonutil.exe
2014-01-02 20:58:47	092FB217675F3259BE19DEC5AC45AB69	331264	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-helper.exe
2014-01-02 20:58:40	9CB8D3E2C36DD7AC52422D698A8F96C3	518656	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-codedownloader.exe
2014-01-02 20:58:31	03AC0A3A1C64FFFAF86878FCE59B0B88	764416	----a-w-	C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-firefoxinstaller.exe
2014-01-02 20:58:30	E88584D66EF273D918C1EB0E2E7DAA5C	115200	----a-w-	C:\Program Files (x86)\click-n-mark-5\Uninstall.exe
2014-01-02 20:58:29	B0D608E03FF317CAFB9BA4CD3BA56AE7	960237	----a-w-	C:\Program Files (x86)\click-n-mark-5\utils.exe
2014-01-02 20:56:34	40395C175553CB14D2050888EFCCDF00	4961800	----a-w-	C:\Users\Jessi\AppData\Local\Temp\vcredist_x64.exe
2014-01-02 20:55:11	858D895AD40DE9779E78C39A116F9553	10355400	----a-w-	C:\Users\Jessi\AppData\Local\Temp\BackupSetup.exe
2014-01-02 20:55:05	0906D38CAFB23C6E91DF18B3577FFB41	1282279	----a-w-	C:\ProgramData\Updater\Uninstall.exe
2014-01-02 20:38:22	45134AAAC511DCFB84074E2E245BC06D	2459944	----a-w-	C:\Users\Jessi\Downloads\Updater_Setup.exe
2013-12-30 12:36:27	B9775776286E6580DA5968C6D58B869A	3336560	----a-w-	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe
2013-12-30 12:34:59	127C4C5D6216BE9C8BBE85D4FDE2EE96	3953864	----a-w-	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[3].exe
=== C: other files ==
2014-01-02 20:58:30	E8FD5AA863D45454DDA0A3A60BCF915E	359335	----a-w-	C:\Program Files (x86)\click-n-mark-5\45182.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="C:\Users\Jessi\AppData\Roaming\Movdap\WebCakeDesktop.exe"
"HP Officejet 6600 (NET)"="C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe -deviceID CN38V7RH0Z05RN:NW -scfn HP Officejet 6600 (NET) -AutoStart 1"
"Updater"="C:\ProgramData\Updater\updater.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SweetIM"="C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"Updater"="C:\ProgramData\Updater\Updater.exe"
"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="C:\Users\Jessi\AppData\Roaming\Movdap\WebCakeDesktop.exe"
"HP Officejet 6600 (NET)"="C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe -deviceID CN38V7RH0Z05RN:NW -scfn HP Officejet 6600 (NET) -AutoStart 1"
"Updater"="C:\ProgramData\Updater\updater.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="  c:\\progra~2\\optimi~1\\optpro~1.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" c:\\PROGRA~2\\OPTIMI~1\\OPTPRO~2.DLL"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLMLServer"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logitech Download Assistant"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcagent_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent_exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\McAfee.com\\Agent\\mcagent.exe /runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Optimizer Pro"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Optimizer Pro\\OptProLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD8LanguageShortcut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVD8LanguageShortcut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD8\\Language\\Language.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl8]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl8"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD8\\PDVD8Serv.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UCam_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\2.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateLBPShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateP2GoShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePDRShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePDRShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\PowerDirector\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerDirector\\7.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePPShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePPShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerProducer\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\PowerProducer\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerProducer\\5.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePSTShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vProt"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"item"="McAfee Security Scan Plus"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MCAFEE~1\\30937D~1.207\\SSSCHE~1.EXE"


==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\windows\tasks\click-n-mark-5-codedownloader.job --a------ C:@HC:\Program Files (x86)\click-n-mark-5\click-n-mark-5-codedownloader.exe []
C:\windows\tasks\click-n-mark-5-enabler.job --a------ C:AC:\Program Files (x86)\click-n-mark-5\click-n-mark-5-enabler.exe []
C:\windows\tasks\click-n-mark-5-firefoxinstaller.job --a------ C:JC:\Program Files (x86)\click-n-mark-5\click-n-mark-5-firefoxinstaller.exe []
C:\windows\tasks\click-n-mark-5-updater.job --a------ C:AC:\Program Files (x86)\click-n-mark-5\click-n-mark-5-updater.exe []
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.07.2012 14:00]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\advSRS4" ["C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe"]
"C:\windows\SysNative\tasks\BatteryLifeExtender" [C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe]
"C:\windows\SysNative\tasks\click-n-mark-5-codedownloader" [C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-codedownloader.exe]
"C:\windows\SysNative\tasks\click-n-mark-5-enabler" [C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-enabler.exe]
"C:\windows\SysNative\tasks\click-n-mark-5-firefoxinstaller" [C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-firefoxinstaller.exe]
"C:\windows\SysNative\tasks\click-n-mark-5-updater" [C:\Program Files (x86)\click-n-mark-5\click-n-mark-5-updater.exe]
"C:\windows\SysNative\tasks\EasyBatteryManager" ["%ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe"]
"C:\windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"]
"C:\windows\SysNative\tasks\EasySpeedUpManager" ["%programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe"]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\HPCustParticipation HP Officejet 6600" ["C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe"]
"C:\windows\SysNative\tasks\SamsungSupportCenter" [%programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe]
"C:\windows\SysNative\tasks\SUPBackground" ["%ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe"]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default
- Tube Dimmer - %ProfilePath%\extensions\support@tubedimmerapp.com
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\sjgfmnzc.default
F891089A6AB9E12FEDEBCC5EC0F40D66	- C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fjoijdanhaiflhibkljeklcghcmmfffh - No path found[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
"Default_Page_URL"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.nationzoom.com/web/?type=ds&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609&q={searchTerms}"
"Default_Page_URL"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
"Start Page"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
"Search Page"="hxxp://www.nationzoom.com/web/?type=ds&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.nationzoom.com/web/?type=ds&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609&q={searchTerms}"
"Default_Page_URL"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
"Start Page"="hxxp://www.nationzoom.com/?type=hp&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609"
"Search Page"="hxxp://www.nationzoom.com/web/?type=ds&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311341138} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311341138} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3734534638-943913715-596630110-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe 
C:\Users\Default\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe 
C:\Users\Default User\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe 
C:\Users\Default User\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe 
C:\Users\Jessi\Desktop\Anno 1404 - Verknüpfung.lnk -  
C:\Users\Jessi\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe 
C:\Users\Jessi\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe 
C:\Users\Jessi\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Jessi\Desktop\PhotoFiltre 7.lnk - C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe 
C:\Users\Jessi\Desktop\Portrait Professional 11 Test.lnk - C:\Program Files (x86)\Portrait Professional 11 Test\PortraitProfessionalTrial.exe 
C:\Users\Jessi\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe 
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\Easy Network Manager.lnk -  
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\FailSafe Setup.lnk -  
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\Ihre Meinung ist wichtig.lnk -  
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\McAfee Security Center.lnk -  
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\Microsoft Office - 60 Day Trial.lnk -  
C:\Users\Jessi\Desktop\Nicht benötigte Verknüpfungen\SpeedUpMyPC.lnk -  
C:\Users\Jessi\Desktop\Unverwendetes\Create Amazing Presentations.lnk -  
C:\Users\Jessi\Desktop\Unverwendetes\Die Sims 2.lnk - C:\Program Files (x86)\EA GAMES\Die Sims 2\TSBin\Sims2.exe 
C:\Users\Jessi\Desktop\Unverwendetes\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe 
C:\Users\Jessi\Desktop\Unverwendetes\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe 
C:\Users\Jessi\Desktop\Unverwendetes\Optimizer Pro.lnk - C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe 
C:\Users\Jessi\Desktop\Unverwendetes\PDFArchitect.lnk - C:\Program Files (x86)\PDFCreator\PDFArchitect\PDFArchitect.exe 
C:\Users\Jessi\Desktop\Unverwendetes\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Jessi\Desktop\Unverwendetes\Samsung Recovery Solution 4.lnk - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\Manager1.exe 
C:\Users\Jessi\Desktop\Unverwendetes\Samsung Support Center.lnk - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCMain.exe 
C:\Users\Jessi\Desktop\Unverwendetes\Samsung Update Plus.lnk - C:\Program Files (x86)\Samsung\Samsung Update Plus\SupClientApp.exe 
C:\Users\Jessi\Desktop\Unverwendetes\User Guide.lnk - C:\Program Files\Samsung\SamsungManual\RunManual.exe 
C:\Users\Jessi\Desktop\Unverwendetes\VAFPlayer.lnk - C:\windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}\_843A66D2881567AF273463.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Age of Empires II.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires II\empires2.exe 
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk - C:\Users\Jessi\Documents\Andere Dokumente\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe 
C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk -  
C:\Users\Public\Desktop\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe 
C:\Users\Public\Desktop\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe 
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
C:\Users\Public\Desktop\HP Officejet 6600.lnk - C:\Program Files (x86)\HP\HP Officejet 6600\Bin\HP Officejet 6600.exe -Start UDCDevicePage
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk - C:\Users\Jessi\Documents\Andere Dokumente\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609
C:\Users\Public\Desktop\OnlineFotoservice.lnk - C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe 
C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6600.lnk -  
C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\ZoomBrowser EX.lnk - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609
C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk - C:\Program Files (x86)\Microsoft Works\MSWorks.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth deinstallieren.lnk - C:\Windows\SysWOW64\msiexec.exe /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires II\Age of Empires II Info.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires II\Info.rtf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires II\Age of Empires II.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires II\empires2.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires II\Deinstallier Age of Empires II.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE /runtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitale Signatur für VBA-Projekte.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Assistent zum Speichern eigener Einstellungen.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe /u
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Spracheinstellungen.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Anwendungswiederherstellung.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe -c
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works-Start.lnk - C:\Program Files (x86)\Microsoft Works\MSWorks.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works-Tabellenkalkulation.lnk - C:\windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C}\wksss.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2003.lnk - C:\windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388695939&from=adks&uid=SAMSUNGXHM321HI_S26VJ9AZ412609
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoFiltre 7.lnk - C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.5 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jessi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jessi\AppData\Local\Mozilla\Firefox\Profiles\sjgfmnzc.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5285 folders=1198 604138301 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Jessi\AppData\Local\Temp  will be emptied at reboot
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Jessi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\SysNative\ljkb\msvcr100.dll"  deleted
"C:\windows\SysNative\dmwu.exesearch"  deleted
"C:\PROGRA~2\SweetIM"  not found
"C:\windows\SysNative\ljkb"  deleted

==== EOF on 04.01.2014 at 22:15:38,41 ======================
__________________
Alt 05.01.2014, 19:51   #4
Argus
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


Noch Probleme?

Scanne zur Kontrolle mit Adwcleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
Alt 05.01.2014, 20:34   #5
ItsJustJessi
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


Oh, super vielen, vielen Dank! Also die Startseite ist jetzt wieder wie immer.

Ich hab trotzdem mal AdwCleaner drüberscannen lassen, er bleibt allerdings bei der Browser-Analyse hängen. Ist das ein Problem oder woran liegt das?


Alt 05.01.2014, 21:06   #6
Argus
 
Nationzoom als Startseite und dauernd Werbung! - Standard

Nationzoom als Startseite und dauernd Werbung!


Ich weiss nicht ob es Probleme mit AdwCleaner gibt,werde mal nachfragen

Man kan auch mit Malwarebytes-Anti-malware scannen

Um etwas besser geschützt zu sein,kann man bei Virustotal.com "VirusTotal Uploader" runterladen und installieren.
So kannst du vorher die .exe bei Virustotal uploaden um festzustellen ob es ein Virus ist.



https://www.virustotal.com/nl/file/8...is/1388923938/

Antwort

Themen zu Nationzoom als Startseite und dauernd Werbung!
browser, firefox, mobogenie, mobogenie entfernen, nationzoom, nationzoom entfernen, problem, startseite, tabs mit werbung, veralteter browser, virus, werbung, öffnen


« Nation Zoom :( ich weiß nicht weiter | Funde: Trojan.Generic.9756735 & Banker.D.Worm Fehleralarme? »


Ähnliche Themen: Nationzoom als Startseite und dauernd Werbung!


  1. Dauernd Werbung im Browser
    Log-Analyse und Auswertung - 11.07.2014 (7)
  2. TR/MSIL.Agent.defh und Startseite IE auf nationzoom
    Log-Analyse und Auswertung - 16.04.2014 (9)
  3. Nationzoom als Startseite nicht wegzubekommen und ständig eigenständig öffnende Tabs
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (9)
  4. Im IE und firefox ist Startseite Nationzoom.com und nicht veränderbar, viele popups
    Log-Analyse und Auswertung - 22.03.2014 (17)
  5. nationzoom startseite bei firefox lässt sich nicht ändern
    Log-Analyse und Auswertung - 21.01.2014 (1)
  6. Startseite bei firefox ist immer nationzoom
    Log-Analyse und Auswertung - 21.01.2014 (1)
  7. Vista (Home Premium) - Malware von nationzoom - Symtome: Startseite vom Browser (Firefox)
    Log-Analyse und Auswertung - 21.01.2014 (14)
  8. Startseite ist immer NationZoom und lässt sich nicht ändern
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (26)
  9. Nationzoom als Startseite lässt sich nicht ändern/entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (1)
  10. Windows7 Firefox ICMAPP.static wird dauernd geöffnet und neue Startseite mixidj.delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (12)
  11. InternetExplorer öffnet dauernd Werbung
    Log-Analyse und Auswertung - 04.02.2011 (3)
  12. Es öffnet sich dauernd Werbung!
    Log-Analyse und Auswertung - 24.08.2010 (1)
  13. Internet Explorer öffnet dauernd Werbung..
    Log-Analyse und Auswertung - 14.06.2010 (44)
  14. IE öffnet dauernd Werbung allein
    Log-Analyse und Auswertung - 13.08.2009 (4)
  15. IE öffnet dauernd Werbung
    Log-Analyse und Auswertung - 02.04.2009 (3)
  16. Hilfe!!! IE öffnet dauernd Werbung!!!
    Log-Analyse und Auswertung - 10.10.2008 (8)
  17. Hilfe ,Q548361 erstellt sich dauernd und Startseite nicht zu ändern
    Log-Analyse und Auswertung - 05.12.2004 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nationzoom als Startseite und dauernd Werbung! - Hallo, ich habe schon seit ca. 2 Wochen das Problem, dass sich bei meinem Browser (Mozilla Firefox) Nationzoom als Startseite öffnet. Ich habe das dann mal gegoogelt als ich merkte, - Nationzoom als Startseite und dauernd Werbung!...
Archiv
Du betrachtest: Nationzoom als Startseite und dauernd Werbung! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129