Hi schrauber!
Hier nun die erwünschten Files: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.02.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Norbert :: PC-NU [Administrator]
Schutz: Aktiviert
02.09.2013 20:54:28
mbam-log-2013-09-02 (20-54-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 254255
Laufzeit: 10 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 504 -> Löschen bei Neustart.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 18
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.delta-search.com/?affID=119943&babsrc=HP_ss&mntrId=a49f58a300000000000000d0d70d4a35 -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?affID=119943&babsrc=HP_ss&mntrId=a49f58a300000000000000d0d70d4a35) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 10
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution\CR (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\bh (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy\OpenCandy_3F9C6C627D514598B664FB6F2F4601F2 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService (Adware.InstallBrain) -> Löschen bei Neustart.
Infizierte Dateien: 21
C:\Dokumente und Einstellungen\Norbert\Eigene Dateien\Downloads\FreemakeVideoConverter_4.0.3.0.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\deltaApp.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\deltaEng.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\deltasrv.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\escortShld.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\uninstall.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy\OpenCandy_3F9C6C627D514598B664FB6F2F4601F2\1600.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy\OpenCandy_3F9C6C627D514598B664FB6F2F4601F2\PCBeschleunigen.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy\OpenCandy_3F9C6C627D514598B664FB6F2F4601F2\SpeedstarterDE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Löschen bei Neustart.
C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Norbert\Eigene Dateien\Downloads\77ZipSetup.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) ADWCleaner Code:
# AdwCleaner v3.002 - Bericht erstellt am 02/09/2013 um 21:44:16
# Updated 01/09/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Norbert - PC-NU
# Gestartet von : C:\Dokumente und Einstellungen\Norbert\Eigene Dateien\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : IBUpdaterService
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\bProtector_extensions.rdf
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\bprotector_prefs.js
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\searchplugins\delta.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\searchplugins\zonealarm.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\user.js
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\Babylon.xml
Ordner Gefunden : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\Extensions\ffxtlbr@delta.com
Ordner Gefunden : C:\Programme\Mozilla Firefox\Extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Ordner Gefunden : C:\Programme\Mozilla Firefox\Extensions\search@searchsettings.com
Ordner Gefunden C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Ordner Gefunden C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
Ordner Gefunden C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
Ordner Gefunden C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AVG Secure Search
Ordner Gefunden C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\AVG Secure Search
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\BabSolution
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Babylon
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\delta
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\file scout
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OCS
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\OpenCandy
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\pdfforge
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\IECompatCache
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Lokale Einstellungen\Anwendungsdaten\OpenCandy
Ordner Gefunden C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\BrowserProtect
Ordner Gefunden C:\Programme\AVG Secure Search
Ordner Gefunden C:\Programme\delta
Ordner Gefunden C:\Programme\Gemeinsame Dateien\AVG Secure Search
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Produkt Gefunden : Google Update Helper
Schlüssel Gefunden : HKCU\Software\a2d78fb134bd42
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\filescout
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\a2d78fb134bd42
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKLM\Software\TENCENT
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?affID=119943&babsrc=HP_ss&mntrId=a49f58a300000000000000d0d70d4a35
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.delta-search.com/?affID=119943&babsrc=NT_ss&mntrId=a49f58a300000000000000d0d70d4a35
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\nf9nib6e.default\prefs.js ]
[ Datei : C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\prefs.js ]
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.id", "a49f58a300000000000000d0d70d4a35");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15768");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.10.09:43:37");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.10.0");
-\\ Google Chrome v29.0.1547.62
[ Datei : C:\Dokumente und Einstellungen\Norbert\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [19196 octets] - [02/09/2013 21:44:16]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19257 octets] ########## JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Microsoft Windows XP x86
Ran by Norbert on 02.09.2013 at 23:34:15,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-583907252-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-583907252-790525478-725345543-1004\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{cd95d125-2992-4858-b3ef-5f6fb52fbad6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\babsolution"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\babylon"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\delta"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\file scout"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\opencandy"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\pdfforge"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\software informer"
Successfully deleted: [Folder] "C:\Programme\delta"
Successfully deleted: [Folder] "C:\Programme\software informer"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Programme\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\user.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\bprotector_prefs.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\searchplugins\delta.xml
Successfully deleted: [Folder] "C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com"
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\extensions\ffxtlbr@delta.com
Successfully deleted the following from C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\prefs.js
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "a49f58a300000000000000d0d70d4a35");
user_pref("extensions.delta.instlDay", "15768");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.09:43:37");
user_pref("extensions.delta.vrsni", "1.8.10.0");
Emptied folder: C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\mozilla\firefox\profiles\npgb0uq8.default\minidumps [17 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.09.2013 at 23:49:28,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013
Ran by Norbert (administrator) on PC-NU on 03-09-2013 10:47:43
Running from C:\Dokumente und Einstellungen\Norbert\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PBFD9WYG
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Nero AG) C:\Programme\Ahead\InCD\InCDsrv.exe
(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Logitech Inc.) c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
(Digital Dynamic) C:\Programme\Digital Dynamic\Advanced Backup Manager\backupsvc4.exe
(Ext2Fsd Group (www.ext2fsd.com)) C:\tools\Ext2Fsd\Ext2Mgr.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA) C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(O&O Software GmbH) C:\tools\OODEfrag14\oodag.exe
(Pinnacle Systems) c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe
() C:\tools\ReflectService.exe
(EMC Corporation) C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Programme\StarMoney 7.0-07-05-2010\ouservice\StarMoneyOnlineUpdate.exe
(Cyberlink Corp.) C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
(CST) C:\tools\lg_fwupdate\fwupdate.exe
(O&O Software GmbH) C:\tools\OODEfrag14\oodtray.exe
(Sun Microsystems, Inc.) C:\Programme\Java\jre6\bin\jusched.exe
(Apple Computer, Inc.) C:\Programme\QuickTime\qttask.exe
() C:\Programme\AVG Secure Search\vprot.exe
(NVIDIA) C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe
() C:\Programme\Logitech\QuickCam10\QuickCam10.exe
(Logitech Inc.) C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
(AVG Secure Search) C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(B2C2, Inc.) C:\Programme\TechniSat DVB\bin\Server4PC.exe
() C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(NVIDIA) C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe
(Memeo) C:\Programme\Memeo\AutoBackup\MemeoBackup.exe
(Logitech Inc.) C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
(Sonic Solutions) C:\PROGRA~1\GEMEIN~1\SONICS~1\cinetray.exe
(Nero AG) C:\Programme\Ahead\InCD\InCD.exe
(Logitech Inc.) C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
(EMC) C:\PROGRA~1\IX2-ST~1\SOHOCL~1.EXE
() C:\PROGRA~1\SCANWI~1\SCANNE~1.EXE
(BUFFALO INC.) C:\PROGRA~1\BUFFALO\NASNAVI\NasNavi.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Programme\Internet Explorer\IEXPLORE.EXE
(Farbar) C:\Dokumente und Einstellungen\Norbert\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PBFD9WYG\FRST[1].exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [nwiz] - nwiz.exe /install [x]
HKLM\...\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] - C:\Windows\system32\HDAudPropShortcut.exe [61952 2004-03-17] (Windows (R) Server 2003 DDK provider)
HKLM\...\Run: [RemoteControl] - C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [LGODDFU] - C:\tools\lg_fwupdate\fwupdate.exe [229376 2005-04-12] (CST)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Java\jre6\bin\jusched.exe [148888 2009-06-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [98304 2009-05-04] (Apple Computer, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13529088 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [vProt] - C:\Programme\AVG Secure Search\vprot.exe [2285232 2013-08-08] ()
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Programme\Logitech\QuickCam10\QuickCam10.exe [746520 2006-11-15] ()
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe [284184 2006-10-31] (Logitech Inc.)
HKLM\...\Run: [LVCOMSX] - C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe [244512 2006-11-15] (Logitech Inc.)
HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKCU\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Besitzer\...\Run: [MSMSGS] - C:\Programme\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Programme\TechniSat DVB\bin\Server4PC.exe (B2C2, Inc.)
Startup: C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\Autostart\NewShortcut4.lnk
ShortcutTarget: NewShortcut4.lnk -> C:\Programme\Memeo\AutoBackup\MemeoLauncher.exe (Memeo)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.3.1:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119943&babsrc=HP_ss&mntrId=a49f58a300000000000000d0d70d4a35
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {5749262D-BB4B-4458-B13C-8C25D35FA676} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN11652233203701-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=a49f58a300000000000000d0d70d4a35&q={searchTerms}&r=109
SearchScopes: HKCU - {6222F6EF-FBA3-42E1-93DF-D5DE08743BFD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{5FECE804-F773-4704-A91B-DCAA1C250CB9}: [NameServer]192.168.3.1
Tcpip\..\Interfaces\{D9EE300A-D9AD-47A0-87B8-BB5B941E965F}: [NameServer]192.168.3.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default
FF DefaultSearchEngine: Search By ZoneAlarm
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN11652233203701-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=a49f58a300000000000000d0d70d4a35&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @checkpoint.com/FFApi - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.90 - C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: Garmin Communicator - C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Media Converter - C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF Extension: No Name - C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Mozilla\Firefox\Profiles\npgb0uq8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype extension - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF Extension: pdfforge Toolbar Plugin - C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [avg@toolbar] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\15.4.0.5
FF HKLM\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] C:\tools\ext\1\
FF Extension: Mobile Master Add-In - C:\tools\ext\1\
FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\ChromeExt\15.4.0.5\avg.crx
========================== Services (Whitelisted) =================
R2 backupsvc4; C:\Programme\Digital Dynamic\Advanced Backup Manager\backupsvc4.exe [384512 2013-08-28] (Digital Dynamic)
S3 BMUService; C:\Programme\Memeo\AutoBackup\MemeoService.exe [31768 2007-04-07] (Memeo)
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2003-08-28] (brother Industries Ltd)
S3 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [264800 2007-12-06] (Broadcom Corporation.)
R2 Ext2Mgr; C:\tools\Ext2Fsd\Ext2Mgr.exe [1211536 2011-02-05] (Ext2Fsd Group (www.ext2fsd.com))
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-11-10] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2009-11-10] (Google Inc.)
R2 InCDsrv; C:\Programme\Ahead\InCD\InCDsrv.exe [869888 2005-06-10] (Nero AG)
S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2006-02-28] (Microsoft Corporation)
R2 LVPrcSrv; c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe [109344 2006-11-15] (Logitech Inc.)
S2 LVSrvLauncher; C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe [101152 2006-11-15] (Logitech Inc.)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-28] (Mozilla Foundation)
R2 MSSQL$PINNACLESYS; C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Programme\NOS\bin\getPlus_Helper_3004.dll [58944 2010-11-29] (NOS Microsystems Ltd.)
R2 nTuneService; C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe [191080 2010-03-22] (NVIDIA)
R2 OODefragAgent; C:\tools\OODEfrag14\oodag.exe [2317128 2010-08-31] (O&O Software GmbH)
R2 PinnacleSys.MediaServer; c:\programme\pinnacle\shared files\programs\mediaserver\pmshost.exe [49152 2006-01-19] (Pinnacle Systems)
R2 ReflectService.exe; C:\tools\ReflectService.exe [224960 2012-06-12] ()
R2 RetroExpLauncher; C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe [120088 2008-12-11] (EMC Corporation)
S3 SQLAgent$PINNACLESYS; C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
R2 StarMoney 7.0 OnlineUpdate; C:\Programme\StarMoney 7.0-07-05-2010\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 8.0 OnlineUpdate; C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 UpdateCenterService; C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176 2009-11-06] (NVIDIA)
S2 vsmon; C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 vToolbarUpdater15.4.0; C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-08] (AVG Secure Search)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
S2 ZAPrivacyService; C:\Programme\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
R2 JavaQuickStarterService; "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
R3 ASAPIW2k; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2004-03-10] (Pinnacle Systems GmbH)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-08] (AVG Technologies)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [539512 2007-11-27] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [879624 2007-11-21] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-06-29] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [74688 2007-11-27] (Broadcom Corporation.)
R1 Cinemsup; C:\Windows\System32\Drivers\Cinemsup.sys [6656 2002-07-19] (Sonic Solutions)
R3 cmudax; C:\Windows\System32\drivers\cmudax.sys [1287296 2005-05-12] (C-Media Inc.)
S3 CrystalSysInfo; C:\tools\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [684664 2011-02-10] (www.ext2fsd.com)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows (R) Server 2003 DDK provider)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [58872 2011-05-10] (Paragon Software Group)
R4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [99584 2005-06-10] (Nero AG)
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [29696 2005-06-10] (Nero AG)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [8704 2005-06-10] (Nero AG)
R1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [28160 2005-06-10] (Nero AG)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-11-15] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586584 2013-02-21] (Kaspersky Lab)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1678368 2006-11-15] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1962912 2006-11-15] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [24736 2006-11-15] ()
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [40352 2006-11-11] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171008 2005-07-13] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13344 2006-11-11] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [933536 2006-11-11] (Logitech Inc.)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16064 2012-06-12] (Macrium Software)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70400 2004-08-03] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [462212 2004-10-13] (B2C2, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32048 2009-07-29] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [129888 2009-07-29] (Paragon)
R2 VirtualImDisk; C:\Windows\System32\DRIVERS\virtualimdisk.sys [34448 2013-08-28] (Olof Lagerkvist)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [527976 2013-06-19] (Check Point Software Technologies LTD)
S3 BTDriver; system32\DRIVERS\btport.sys [x]
S3 catchme; \??\C:\DOKUME~1\Norbert\LOKALE~1\Temp\catchme.sys [x]
S3 cpuz135; \??\C:\DOKUME~1\Norbert\LOKALE~1\Temp\cpuz135\cpuz135_x32.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74584 2013-02-21] (Kaspersky Lab)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 speccy; \??\C:\DOKUME~1\Norbert\LOKALE~1\Temp\1b42aee9-7b6c-48b6-a0f8-dca924c7bff0 [x]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-02 23:34 - 2013-09-02 23:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-02 21:44 - 2013-09-02 21:45 - 00000000 ____D C:\AdwCleaner
2013-09-02 20:43 - 2013-09-02 20:43 - 00000766 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 20:43 - 2013-09-02 20:43 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-02 20:43 - 2013-09-02 20:43 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Malwarebytes
2013-09-02 20:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-02 16:47 - 2013-09-02 16:47 - 00000000 _RSHD C:\cmdcons
2013-09-02 16:47 - 2012-11-18 13:11 - 00000223 _____ C:\Boot.bak
2013-09-02 16:47 - 2004-08-03 23:00 - 00262448 __RSH C:\cmldr
2013-09-02 16:43 - 2013-09-02 17:12 - 00000000 ____D C:\Qoobox
2013-09-02 16:43 - 2013-09-02 16:43 - 00000000 ___RD C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\Verwaltung
2013-09-02 16:43 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-02 16:43 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-02 16:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-02 16:43 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-02 16:42 - 2013-09-02 17:10 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-02 15:47 - 2013-09-02 15:48 - 05119472 ____R (Swearware) C:\Dokumente und Einstellungen\Norbert\Desktop\ComboFix.exe
2013-09-02 10:43 - 2013-09-02 10:43 - 00000643 _____ C:\WINDOWS\wmsetup.log
2013-09-02 10:43 - 2013-09-02 10:43 - 00000000 __SHD C:\Dokumente und Einstellungen\Besitzer\IETldCache
2013-09-01 19:10 - 2013-09-01 19:10 - 00000000 ____D C:\FRST
2013-08-29 22:52 - 2013-08-29 22:59 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG
2013-08-29 22:52 - 2013-08-29 22:52 - 00262144 _____ C:\WINDOWS\system32\config\elam
2013-08-29 04:08 - 2013-08-29 04:12 - 00013066 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-29 03:41 - 2013-08-29 03:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-29 03:40 - 2013-08-29 03:41 - 00006054 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-29 03:21 - 2013-08-29 03:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-29 03:19 - 2013-08-29 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-29 03:17 - 2013-08-29 03:18 - 00005425 _____ C:\WINDOWS\KB2863058.log
2013-08-29 03:17 - 2013-08-29 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-29 03:16 - 2013-08-29 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-28 19:34 - 2013-02-21 14:44 - 00074584 ____N (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2013-08-28 19:05 - 2013-08-29 03:21 - 00015088 _____ C:\WINDOWS\KB2850869.log
2013-08-28 19:05 - 2013-08-29 03:20 - 00016299 _____ C:\WINDOWS\KB2859537.log
2013-08-28 17:06 - 2013-08-28 17:06 - 00000846 ____N C:\Dokumente und Einstellungen\Norbert\Desktop\Advanced Backup Manager 2013.lnk
2013-08-28 17:06 - 2013-08-28 17:06 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\Digital Dynamic
2013-08-28 17:05 - 2013-08-28 17:05 - 00034448 ____N (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\virtualimdisk.sys
2013-08-28 17:05 - 2013-08-28 17:05 - 00000000 ____D C:\Programme\Digital Dynamic
2013-08-28 11:49 - 2013-08-29 12:03 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-28 11:34 - 2013-08-28 11:34 - 00001897 ____N C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-28 11:05 - 2013-08-29 04:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-11 12:38 - 2013-08-11 12:38 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-08-11 12:38 - 2013-08-11 12:38 - 00001409 ____N C:\WINDOWS\QTFont.for
2013-08-10 19:49 - 2013-08-10 20:02 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Eigene Dateien\Freemake
==================== One Month Modified Files and Folders =======
2013-09-03 10:39 - 2009-11-10 13:50 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 09:41 - 2012-03-02 20:30 - 00000320 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2013-09-03 09:32 - 2008-10-01 15:11 - 01999273 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-03 09:30 - 2008-10-06 13:23 - 00000251 _____ C:\WINDOWS\lgfwup.ini
2013-09-03 09:30 - 2008-10-01 15:55 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-03 09:30 - 2008-10-01 15:55 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-03 09:29 - 2009-11-10 13:50 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 09:29 - 2008-10-01 15:17 - 00032536 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-03 09:28 - 2011-01-19 13:18 - 00724510 _____ C:\WINDOWS\system32\oodbs.lor
2013-09-03 09:28 - 2008-10-01 15:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-03 00:10 - 2008-10-05 18:07 - 00000300 ___SH C:\Dokumente und Einstellungen\Norbert\ntuser.ini
2013-09-03 00:09 - 2008-10-05 18:07 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert
2013-09-02 23:57 - 2013-09-02 23:49 - 00012998 _____ C:\Dokumente und Einstellungen\Norbert\Desktop\JRT.txt
2013-09-02 23:37 - 2008-10-01 15:28 - 00000000 ___RD C:\Programme
2013-09-02 23:34 - 2013-09-02 23:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-02 21:45 - 2013-09-02 21:44 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:30 - 2012-07-24 21:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-09-02 20:43 - 2013-09-02 20:43 - 00000766 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 20:43 - 2013-09-02 20:43 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware
2013-09-02 20:43 - 2013-09-02 20:43 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\Malwarebytes
2013-09-02 17:52 - 2008-10-01 15:51 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Dokumente
2013-09-02 17:12 - 2013-09-02 16:43 - 00000000 ____D C:\Qoobox
2013-09-02 17:10 - 2013-09-02 16:42 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-02 17:09 - 2006-02-28 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-02 16:47 - 2013-09-02 16:47 - 00000000 _RSHD C:\cmdcons
2013-09-02 16:47 - 2008-10-01 16:25 - 00000339 __RSH C:\boot.ini
2013-09-02 16:43 - 2013-09-02 16:43 - 00000000 ___RD C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\Verwaltung
2013-09-02 16:43 - 2008-10-05 18:07 - 00000000 ___RD C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme
2013-09-02 15:48 - 2013-09-02 15:47 - 05119472 ____R (Swearware) C:\Dokumente und Einstellungen\Norbert\Desktop\ComboFix.exe
2013-09-02 15:46 - 2009-11-10 13:57 - 00001787 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2013-09-02 10:46 - 2012-08-21 20:12 - 00289028 _____ C:\WINDOWS\setupapi.log
2013-09-02 10:46 - 2009-07-27 08:36 - 00001793 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Logitech QuickCam.lnk
2013-09-02 10:43 - 2013-09-02 10:43 - 00000643 _____ C:\WINDOWS\wmsetup.log
2013-09-02 10:43 - 2013-09-02 10:43 - 00000000 __SHD C:\Dokumente und Einstellungen\Besitzer\IETldCache
2013-09-02 10:43 - 2008-10-01 15:18 - 00000000 ____D C:\Dokumente und Einstellungen\Besitzer
2013-09-01 19:10 - 2013-09-01 19:10 - 00000000 ____D C:\FRST
2013-09-01 11:23 - 2006-02-28 14:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-29 22:59 - 2013-08-29 22:52 - 00001024 ____H C:\WINDOWS\system32\config\elam.LOG
2013-08-29 22:52 - 2013-08-29 22:52 - 00262144 _____ C:\WINDOWS\system32\config\elam
2013-08-29 19:09 - 2010-05-07 18:54 - 00000000 ____D C:\Programme\StarMoney 7.0-07-05-2010
2013-08-29 17:44 - 2008-10-07 17:34 - 00000599 _____ C:\WINDOWS\BRWMARK.INI
2013-08-29 17:44 - 2008-10-07 17:34 - 00000026 _____ C:\WINDOWS\BRPP2KA.INI
2013-08-29 17:24 - 2012-03-05 16:51 - 00000000 ____D C:\Programme\StarMoney 8.0 S-Edition
2013-08-29 13:40 - 2012-01-30 19:40 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Anwendungsdaten\iSpy
2013-08-29 13:39 - 2012-01-30 19:40 - 00002067 _____ C:\Dokumente und Einstellungen\All Users\Desktop\iSpy.lnk
2013-08-29 12:03 - 2013-08-28 11:49 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-08-29 05:21 - 2009-06-09 13:25 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-29 04:35 - 2008-10-10 17:57 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-29 04:12 - 2013-08-29 04:08 - 00013066 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00309452 _____ C:\WINDOWS\FaxSetup.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00149557 _____ C:\WINDOWS\ocgen.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00119518 _____ C:\WINDOWS\tsoc.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00106128 _____ C:\WINDOWS\comsetup.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00062587 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00049381 _____ C:\WINDOWS\iis6.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00017183 _____ C:\WINDOWS\ocmsn.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00015571 _____ C:\WINDOWS\msgsocm.log
2013-08-29 04:12 - 2012-08-21 20:12 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-29 04:11 - 2012-08-21 20:12 - 00027261 _____ C:\WINDOWS\updspapi.log
2013-08-29 04:10 - 2009-07-13 13:35 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-29 04:08 - 2013-08-28 11:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-29 03:43 - 2008-10-05 18:45 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-29 03:41 - 2013-08-29 03:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-29 03:41 - 2013-08-29 03:40 - 00006054 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-29 03:41 - 2012-08-21 20:12 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-29 03:28 - 2008-10-01 15:28 - 00725910 ____N C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-29 03:21 - 2013-08-29 03:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-29 03:21 - 2013-08-28 19:05 - 00015088 _____ C:\WINDOWS\KB2850869.log
2013-08-29 03:20 - 2013-08-28 19:05 - 00016299 _____ C:\WINDOWS\KB2859537.log
2013-08-29 03:19 - 2013-08-29 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-29 03:18 - 2013-08-29 03:17 - 00005425 _____ C:\WINDOWS\KB2863058.log
2013-08-29 03:18 - 2008-10-05 18:38 - 00485672 ____N C:\WINDOWS\system32\TZLog.log
2013-08-29 03:17 - 2013-08-29 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-29 03:16 - 2013-08-29 03:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-28 21:11 - 2008-10-01 16:18 - 00000000 ____D C:\WINDOWS\repair
2013-08-28 19:40 - 2012-05-09 18:57 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-08-28 19:36 - 2012-08-09 19:35 - 00417513 _____ C:\WINDOWS\system32\vsconfig.xml
2013-08-28 19:29 - 2012-08-09 19:34 - 00000519 ____N C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
2013-08-28 17:06 - 2013-08-28 17:06 - 00000846 ____N C:\Dokumente und Einstellungen\Norbert\Desktop\Advanced Backup Manager 2013.lnk
2013-08-28 17:06 - 2013-08-28 17:06 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Startmenü\Programme\Digital Dynamic
2013-08-28 17:05 - 2013-08-28 17:05 - 00034448 ____N (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\virtualimdisk.sys
2013-08-28 17:05 - 2013-08-28 17:05 - 00000000 ____D C:\Programme\Digital Dynamic
2013-08-28 11:34 - 2013-08-28 11:34 - 00001897 ____N C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
2013-08-28 11:32 - 2009-11-10 13:49 - 00000000 ____D C:\Programme\Google
2013-08-28 10:45 - 2008-10-05 18:07 - 00000000 ___HD C:\Dokumente und Einstellungen\Norbert\Netzwerkumgebung
2013-08-28 10:40 - 2008-10-02 10:52 - 00001374 ____N C:\WINDOWS\system32\wpa.bak
2013-08-27 17:49 - 2008-10-01 18:57 - 00000000 ____D C:\WINDOWS\ShellNew
2013-08-18 13:11 - 2008-10-02 16:08 - 00001126 ____N C:\WINDOWS\WINCMD.INI
2013-08-11 14:57 - 2008-10-01 15:17 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-08-11 14:57 - 2008-10-01 15:16 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-08-11 14:56 - 2008-10-01 15:08 - 00000000 ____D C:\WINDOWS\Registration
2013-08-11 14:03 - 2008-10-01 16:18 - 00000000 ____D C:\WINDOWS\Help
2013-08-11 12:38 - 2013-08-11 12:38 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-08-11 12:38 - 2013-08-11 12:38 - 00001409 ____N C:\WINDOWS\QTFont.for
2013-08-10 20:02 - 2013-08-10 19:49 - 00000000 ____D C:\Dokumente und Einstellungen\Norbert\Eigene Dateien\Freemake
2013-08-08 10:59 - 2013-07-14 10:20 - 00003717 ____N C:\Programme\Mozilla Firefoxavg-secure-search.xml
2013-08-08 10:56 - 2012-08-30 13:54 - 00000000 ____D C:\Programme\AVG Secure Search
2013-08-08 10:55 - 2012-08-30 13:54 - 00037664 ____N (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
Files to move or delete:
====================
C:\DOKUME~1\Norbert\LOKALE~1\Temp\Quarantine.exe
C:\DOKUME~1\Norbert\LOKALE~1\Temp\jrt\erunt\ERUNT.EXE
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-02-28 14:00] - [2008-04-14 04:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e
C:\Windows\System32\winlogon.exe
[2006-02-28 14:00] - [2008-04-14 04:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a
C:\Windows\System32\svchost.exe
[2006-02-28 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366
C:\Windows\System32\services.exe
[2006-02-28 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc
C:\Windows\System32\User32.dll
[2006-02-28 14:00] - [2008-04-14 04:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd
C:\Windows\System32\userinit.exe
[2006-02-28 14:00] - [2008-04-14 04:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106
C:\Windows\System32\Drivers\volsnap.sys
[2006-02-28 14:00] - [2008-04-14 03:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d
==================== End Of Log ============================ --- --- --- |