Windows 7: QV06 Virus verschwindet nicht

baculo · 23.08.2013, 14:11

Liebe Trojaner-Board Helfer,

nachdem ich mir heute ein image to pdf programm heruntergeladen hatte, habe ich mir dummerweise einen Virus mitgezogen.
Seitdem habe ich alle in der Systemsteuerung zu finden automatisch installierten Programme von heute deinstalliert und habe auch versucht die Seite von QV06 aus der Startseite zu löschen. Leider erfolglos, trotz zurücksetzen auf Standardeinstellungen.

Hier sind meine Log Files:

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by martina (administrator) on 23-08-2013 13:43:11
Running from C:\Users\martina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Dropbox, Inc.) C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Irfan Skiljan) C:\Program Files (x86)\IrfanView\i_view32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
HKCU\...\Run: [NTRedirect] - C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll [187888 2013-08-22] ()
MountPoints2: {08396626-a6a6-11e0-8fc7-88ae1dea8d89} - G:\LaunchU3.exe
MountPoints2: {300ed201-29af-11e0-96c1-e839dfc60cff} - F:\autorun.exe
HKLM-x32\...\Run: [EfficientDiary] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NI Update Service] - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-06-08] (National Instruments)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ssbtis1&mntrId=BA6B88AE1DEA8D89&affID=123884&tsp=4960
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=BA6B88AE1DEA8D89&affID=123884&tsp=4960
SearchScopes: HKCU - {2354F87B-ED23-40A1-BD87-457F0EA49912} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901
SearchScopes: HKCU - {55D322A5-0449-4386-86F4-B8B8B173B0D6} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6FC1E802-D935-492C-AA80-B6ABBD833117} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {81C19745-6CDB-420E-A5E4-24C39B5B306C} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: DKB-Cashback - {11111111-1111-1111-1111-110111611150} - C:\Program Files (x86)\DKB-Cashback\DKB-Cashback.dll (dkbbrowserextension)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 131.188.0.10 131.188.0.11

FireFox:
========
FF ProfilePath: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default
FF user.js: detected! => C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\user.js
FF SelectedSearchEngine: qvo6
FF Homepage: about:home
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mytalkpal.com/ffplugin - C:\Program Files (x86)\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\crossriderapp16150@crossrider.com
FF Extension: DownloadHelper - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377250025

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Delta Toolbar) - C:\Users\martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\martina\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [ggmccnonmeooloobeejjmdjlneipfmna] - C:\Users\martina\AppData\Local\DKB-Cashback\Chrome\DKB-Cashback.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

==================== Services (Whitelisted) =================

R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-23] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-06] (National Instruments Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)
R2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:CSSQL05 [x]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-27] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 13:41 - 2013-08-23 13:42 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe
2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log
2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable
2013-08-23 13:40 - 2013-08-23 13:41 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe
2013-08-23 11:32 - 2013-08-23 11:40 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer
2013-08-23 11:26 - 2013-08-23 13:09 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 11:25 - 2013-08-23 13:11 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-08-23 11:25 - 2013-08-23 12:26 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-23 11:25 - 2013-08-23 11:53 - 00000000 ____D C:\ProgramData\eSafe
2013-08-23 11:25 - 2013-08-23 11:25 - 00003230 _____ C:\Windows\System32\Tasks\DSite
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\DSite
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe
2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm
2013-08-22 14:42 - 2013-08-22 14:41 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-22 14:42 - 2013-08-22 14:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-17 12:02 - 2013-08-17 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 00:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 00:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 00:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 00:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 00:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 00:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 00:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 00:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 00:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 00:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:05 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar
2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff
2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma
2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-31 13:33 - 2013-07-31 13:34 - 00000000 ____D C:\Users\martina\AppData\Roaming\BabSolution
2013-07-31 13:33 - 2013-07-31 13:33 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\Babylon
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\ProgramData\Babylon
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-31 13:31 - 2013-07-31 13:31 - 07134488 _____ C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

==================== One Month Modified Files and Folders =======

2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST
2013-08-23 13:42 - 2013-08-23 13:41 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe
2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log
2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable
2013-08-23 13:41 - 2013-08-23 13:40 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe
2013-08-23 13:41 - 2010-12-01 20:51 - 00000000 ____D C:\Users\martina
2013-08-23 13:12 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-23 13:11 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-08-23 13:09 - 2013-08-23 11:26 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 13:04 - 2009-07-14 19:58 - 00784854 _____ C:\Windows\system32\perfh007.dat
2013-08-23 13:04 - 2009-07-14 19:58 - 00178964 _____ C:\Windows\system32\perfc007.dat
2013-08-23 13:04 - 2009-07-14 07:13 - 01845004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 12:26 - 2013-08-23 11:25 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-23 12:17 - 2010-09-24 04:46 - 01970776 _____ C:\Windows\WindowsUpdate.log
2013-08-23 11:55 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 11:55 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 11:53 - 2013-08-23 11:25 - 00000000 ____D C:\ProgramData\eSafe
2013-08-23 11:50 - 2012-11-11 15:04 - 00000000 ____D C:\Users\martina\AppData\Roaming\Dropbox
2013-08-23 11:46 - 2011-01-19 14:35 - 00541957 _____ C:\Windows\setupact.log
2013-08-23 11:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 11:40 - 2013-08-23 11:32 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer
2013-08-23 11:26 - 2011-02-20 00:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-23 11:26 - 2011-02-19 01:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-23 11:25 - 2013-08-23 11:25 - 00003230 _____ C:\Windows\System32\Tasks\DSite
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\DSite
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data
2013-08-23 11:25 - 2010-12-13 01:46 - 00002190 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-23 11:25 - 2010-12-01 21:03 - 00001684 _____ C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe
2013-08-23 10:29 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Roaming\Spotify
2013-08-22 17:21 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Local\Spotify
2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm
2013-08-22 14:41 - 2013-08-22 14:42 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-22 14:41 - 2013-08-22 14:42 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-22 14:41 - 2011-07-09 07:23 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-19 14:43 - 2012-10-14 23:03 - 00000000 ____D C:\Users\martina\Documents\Citavi 3
2013-08-19 09:11 - 2012-04-27 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 19:39 - 2010-12-15 08:51 - 00000000 ____D C:\Users\martina\AppData\Roaming\ICQ
2013-08-17 12:03 - 2013-08-17 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 00:09 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:09 - 2010-12-02 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 00:05 - 2010-12-01 22:00 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 17:49 - 2012-11-24 21:54 - 00000000 ____D C:\Users\Public\Documents\Rezepte
2013-08-14 12:41 - 2011-02-12 04:45 - 00000000 ____D C:\Users\martina\Documents\Bewerbung
2013-08-13 23:09 - 2011-02-21 12:16 - 00000000 ____D C:\Users\martina\Documents\KOREA
2013-08-11 08:47 - 2011-01-30 03:39 - 00012968 _____ C:\Windows\PFRO.log
2013-08-09 15:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar
2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff
2013-08-07 15:04 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma
2013-08-04 13:28 - 2012-10-14 23:01 - 00000000 ____D C:\Users\martina\AppData\Roaming\Swiss Academic Software
2013-08-04 10:52 - 2011-01-02 09:01 - 00000000 ___RD C:\Users\martina\Desktop\Studium
2013-07-31 13:38 - 2011-08-07 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\MyPhoneExplorer
2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-31 13:34 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\BabSolution
2013-07-31 13:34 - 2011-08-07 11:24 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-07-31 13:33 - 2013-07-31 13:33 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\Babylon
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\ProgramData\Babylon
2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-31 13:31 - 2013-07-31 13:31 - 07134488 _____ C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-07-26 07:13 - 2013-08-15 00:14 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 00:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 00:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 00:14 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 00:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 00:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 00:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 00:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 00:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 00:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 00:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

Files to move or delete:
====================
C:\Users\martina\iFunBox.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 15:18

==================== End Of Log ============================

ADDITIONAL

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013
Ran by martina at 2013-08-23 13:45:50
Running from C:\Users\martina\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 Main Workbench 6.0.2 (Version: 6.0.2)
 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 10 ActiveX (x32 Version: 10.2.153.1)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Reader XI - Deutsch (x32 Version: 11.0.00)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Advertising Center (x32 Version: 0.0.0.2)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AudibleManager (x32 Version: 1997028590.48.56.35924506)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Bing Bar (x32 Version: 5.0.1401.0)
BioProzessTrainer (x32 Version: 5.12.1088)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T))
Broadcom 802.11 Network Adapter (Version: 5.60.48.35)
Bundled software uninstaller (x32)
CambridgeSoft Activation Client (x32 Version: 12.0)
CambridgeSoft ChemBioDraw Ultra 12.0 (x32 Version: 12.0)
CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 (x32 Version: 12.0)
CambridgeSoft ENotebook 12.02 (x32 Version: 12.0.2)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562)
CCC Help Czech (x32 Version: 2010.0315.1049.17562)
CCC Help Danish (x32 Version: 2010.0315.1049.17562)
CCC Help Dutch (x32 Version: 2010.0315.1049.17562)
CCC Help English (x32 Version: 2010.0315.1049.17562)
CCC Help Finnish (x32 Version: 2010.0315.1049.17562)
CCC Help French (x32 Version: 2010.0315.1049.17562)
CCC Help German (x32 Version: 2010.0315.1049.17562)
CCC Help Greek (x32 Version: 2010.0315.1049.17562)
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562)
CCC Help Italian (x32 Version: 2010.0315.1049.17562)
CCC Help Japanese (x32 Version: 2010.0315.1049.17562)
CCC Help Korean (x32 Version: 2010.0315.1049.17562)
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562)
CCC Help Polish (x32 Version: 2010.0315.1049.17562)
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562)
CCC Help Russian (x32 Version: 2010.0315.1049.17562)
CCC Help Spanish (x32 Version: 2010.0315.1049.17562)
CCC Help Swedish (x32 Version: 2010.0315.1049.17562)
CCC Help Thai (x32 Version: 2010.0315.1049.17562)
CCC Help Turkish (x32 Version: 2010.0315.1049.17562)
ccc-core-static (x32 Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
CCleaner (Version: 3.10)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Cisco AnyConnect VPN Client (x32 Version: 2.5.3055)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Cisco WebEx Meeting Center for Firefox or Chrome (x32 Version: 8.23.2500)
Citavi (x32 Version: 3.3.0.0)
CloneDVD2 (x32 Version: 2.9.2.8)
Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)
Corel Graphics - Windows Shell Extension (Version: 16.0.707)
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707)
Corel WinDVD (x32 Version: 10.0.5.349)
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0)
CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.0.0.707)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.22.0)
Designer 2.0 (x32 Version: 7.9.3)
Dev-C++ 5 beta 9 release (4.9.9.2) (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
DivX-Setup (x32 Version: 2.3.0.20)
DKB-Cashback (x32 Version: 1.24.151.151)
Dropbox (HKCU Version: 2.0.22)
EF Englishtown Advanced Speech Recognition Version 4.6.449.1 (x32 Version: 4.6.449.1)
Efficient Diary 1.90 (x32)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
English Grammar in Use (x32 Version: 1.0)
EPSON Scan (x32)
Epson Stylus SX110_TX110 Manual (x32)
EPSON TX110 Series Printer Uninstall
FATE (x32 Version: 2.2.0.82)
FlowJo Vx (Version: 10.0.5.0)
Free Video to iPod Converter version 4.2.18.324 (x32)
Free YouTube Download version 3.1.29.608 (x32 Version: 3.1.29.608)
GPL Ghostscript 9.00 (x32)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)
ICQ7.5 (x32 Version: 7.5)
ImagXpress (x32 Version: 7.0.74.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.7.1002)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
InternetCalls (x32 Version: 4.07 build 625)
IrfanView (remove only) (x32 Version: 4.27)
iTunes (Version: 10.2.1.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader (x32)
Jewel Quest II (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Korean Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Langenscheidt Vokabeltrainer 5.0 Englisch (x32 Version: 5.0.0)
Math-Kernel-Bibliotheken (64 Bit) (Version: 1.0.23.0)
Math-Kernel-Bibliotheken (x32 Version: 1.0.23.0)
MATLAB R2009a (Version: 7.8)
Mein CEWE FOTOBUCH (x32)
MestReNova LITE 5.2.5-5780 (x32 Version: 5.2.5-5780)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.127.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 5.1 (x32 Version: 5.1.3100)
Microsoft SQL Server 2005 (CSSQL05) (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Tools (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0 (x86 de) (x32 Version: 17.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPhoneExplorer (x32 Version: 1.8.4)
National Instruments - Software (x32 Version: )
Nero 9 Essentials (x32)
Nero BackItUp (x32 Version: 5.2.21001)
Nero BackItUp and Burn (x32 Version: 1.2.0030)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero BurnRights (x32 Version: 3.6.26001)
Nero BurnRights Help (x32 Version: 3.4.4.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express (x32 Version: 9.6.16000)
Nero Express Help (x32 Version: 9.4.34.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero RescueAgent (x32 Version: 2.6.25002)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.37.100)
NeroExpress (x32 Version: 9.4.34.100)
neroxml (x32 Version: 1.0.0)
NI .NET Framework 4.0 (x32 Version: 4.01.49152)
NI Assistant Framework (x32 Version: 8.0.112.0)
NI Assistant Framework 64-bit (Version: 8.0.120.0)
NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0)
NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0)
NI Authentication 12.0.0 (x32 Version: 12.0.367.0)
NI CodeSignAPI (x32 Version: 2.70.346)
NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0)
NI Curl 12.0.0 (x32 Version: 12.0.412.0)
NI DataSocket 5.0 (64 Bit) (Version: 5.0.115.0)
NI DataSocket 5.0 (x32 Version: 5.0.115.0)
NI DN 2.0 SP1 installer (x32 Version: 2.11.49152)
NI EulaDepot (x32 Version: 3.10.386)
NI Example Finder 12.0 (x32 Version: 12.0.291.0)
NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0)
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0)
NI Help Assistant (64bit) (Version: 1.0.11)
NI Help Assistant (x32 Version: 1.0.11)
NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0)
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0)
NI LabVIEW 2012 (32 Bit) (x32 Version: 12.0.94.0)
NI LabVIEW 2012 (32 Bit) (x32 Version: 12.0.95.0)
NI LabVIEW 2012 (x32 Version: 12.0.378.0)
NI LabVIEW 2012 Deployable License (x32 Version: 12.0.364.0)
NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0)
NI LabVIEW 2012 Help (x32 Version: 12.0.98.0)
NI LabVIEW 2012 Help File (x32 Version: 12.0.359.0)
NI LabVIEW 2012 License (x32 Version: 12.0.360.0)
NI LabVIEW 2012 Manuals (x32 Version: 12.0.97.0)
NI LabVIEW 2012 MeasAppChm File (x32 Version: 12.0.359.0)
NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0)
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0)
NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0)
NI LabVIEW 2012 Search (x32 Version: 12.0.4.0)
NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0)
NI LabVIEW 2012 Variable Web Service (x32 Version: 12.0.191.0)
NI LabVIEW 2012 Web Server (x32 Version: 12.0.407.0)
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0)
NI LabVIEW Broker (x32 Version: 6.8.10.0)
NI LabVIEW C Interface (x32 Version: 1.0.1)
NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.0.186.0)
NI LabVIEW MAX XML (x32 Version: 9.0.6.0)
NI LabVIEW Merge Utility 12.0.0 (x32 Version: 12.0.187.0)
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.445.0)
NI LabVIEW Run-Time Engine 2012 (x32 Version: 12.0.377.0)
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.446.0)
NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.146.0)
NI LabVIEW Run-Time Engine Webserver 2012 (x32 Version: 12.0.406.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0)
NI LabVIEW Web Services Runtime (x32 Version: 12.0.409.0)
NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360)
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434)
NI License Manager (x32 Version: 3.7.44)
NI Logos 5.4 (64 Bit) (Version: 5.4.303.0)
NI Logos 5.4 (x32 Version: 5.4.303.0)
NI Logos LabVIEW 2012 Support (x32 Version: 12.0.97.0)
NI Logos XT Support (x32 Version: 5.4.295.0)
NI Logos64 XT Support (Version: 5.4.295.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0)
NI Math Kernel Libraries (x32 Version: 1.0.10.0)
NI MAX Remote Configuration 64-bit Installer 5.3 (Version: 5.30.49152)
NI MAX Remote Configuration Installer 5.3 (x32 Version: 5.30.49152)
NI MAX Support for 64 Bit Windows (Version: 5.30.49152)
NI MDF Support (x32 Version: 3.10.386)
NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152)
NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152)
NI Measurement & Automation Explorer 5.3.0 (x32 Version: 5.30.49152)
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101)
NI MetaSuite Installer (x32 Version: 3.10.386)
NI MXS 5.3.0 (x32 Version: 5.30.49152)
NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152)
NI Network Discovery 5.3 (x32 Version: 5.30.49152)
NI Network Discovery 5.3 for Windows 64-bit (Version: 5.30.49152)
NI OPC Support (x32 Version: 12.0.295.0)
NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152)
NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152)
NI Registration Wizard (x32 Version: 1.3.87.0)
NI Remote Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI Search Shared (x32 Version: 12.0.5.0)
NI SLCP 1.0 (x32 Version: 1.0.63.0)
NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI SSL LabVIEW 2012 Support (x32 Version: 12.0.406.0)
NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0)
NI System API Client for WIF 5.3.0 (x32 Version: 5.30.461.0)
NI System API Web-Servce 32-bit 5.3.0 (x32 Version: 5.30.460.0)
NI System API Windows 32-bit 5.3.0 (x32 Version: 5.30.460.0)
NI System API Windows 64-bit 5.3.0 (Version: 5.30.460.0)
NI System Configuration 5.3.0 LabVIEW Support (x32 Version: 5.30.212.0)
NI System Configuration LV2012 Support 5.3.0 (x32 Version: 5.30.207.0)
NI System Configuration Runtime 5.3.0 for Windows 64-bit (Version: 5.30.426.0)
NI System State Publisher (64-bit) (Version: 12.0.218.0)
NI System State Publisher (x32 Version: 12.0.358.0)
NI System Web Server 12.0 (x32 Version: 12.0.414.0)
NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0)
NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0)
NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0)
NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0)
NI TDM Streaming 2.4 (64 Bit) (Version: 2.4.55.0)
NI TDM Streaming 2.4 (x32 Version: 2.4.55.0)
NI Trace Engine (64-bit) (Version: 12.0.401.0)
NI Trace Engine (x32 Version: 12.0.401.0)
NI Uninstaller (x32 Version: 3.10.386)
NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011 SP1 (x32 Version: 11.0.302.0)
NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2012. (x32 Version: 12.0.363.0)
NI USI 2.0.0 (x32 Version: 2.0.04901)
NI USI 2.0.0 64-Bit (Version: 2.0.04901)
NI Variable Engine (64-bit) (Version: 2.6.296.0)
NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0)
NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.0.97.0)
NI VC2005MSMs x64 (Version: 8.05.0)
NI VC2005MSMs x86 (x32 Version: 8.05.0)
NI VC2008MSMs x64 (Version: 9.0.401)
NI VC2008MSMs x86 (x32 Version: 9.0.401)
NI VC2010MSMs x64 (Version: 10.0.001)
NI VC2010MSMs x86 (x32 Version: 10.0.001)
NI VIPM Helper 2012 (x32 Version: 12.0.211.0)
NI Web Application Server 12.0 (64 Bit) (Version: 12.0.422.0)
NI Web Application Server 12.0 (x32 Version: 12.0.422.0)
NI Web Interface Framework 2012 (x32 Version: 12.0.352.0)
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0)
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0)
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0)
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0)
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0)
NI-ActiveX-Container (64-bit) (Version: 12.0.14.0)
NI-ActiveX-Container (x32 Version: 12.0.14.0)
NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152)
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152)
NI-DSM 2012 (x32 Version: 12.0.55.0)
NI-Fehlerprotokolle 2012 (x32 Version: 12.0.172.0)
NI-Mesa (Version: 11.0.11.0)
NI-Mesa (x32 Version: 11.0.11.0)
NI-RPC 4.3.0f0 (x32 Version: 4.30.49152)
NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152)
NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152)
NI-Update-Dienst 2.1 (x32 Version: 2.10.114.0)
Notepad++ (x32 Version: 5.9)
PDF Blender (x32)
PDFCreator (x32 Version: 1.1.0)
Penguins! (x32 Version: 2.2.0.82)
Photo Service - powered by myphotobook (x32 Version: 1.0.7)
Photo Service - powered by myphotobook (x32 Version: 1.0.7-279)
Picasa 3 (x32 Version: 3.8)
Pidgin (x32 Version: 2.10.1)
Plants vs. Zombies (x32 Version: 2.2.0.82)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.82)
Programm zur Verbesserung der Benutzerfreundlichkeit (x32 Version: 1.0.138.0)
QuickTime (x32 Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.13.112.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Reset NI Config 5.0.0 (x32 Version: 5.0.146.0)
Runtime für den NI-Systemkonfigurator 5.3.0 (x32 Version: 5.30.427.0)
Samsung Kies (x32 Version: 2.0.2.11071_128)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.2.2)
Secure Diary 2.1 (x32)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
SigmaPlot 11.0 (x32 Version: 11.0)
Skype™ 6.1 (x32 Version: 6.1.129)
Solid Edge ST5 (Version: 105.00.0115)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Strawberry Perl (x32 Version: 5.10.261)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TeamViewer 8 (x32 Version: 8.0.16642)
TeX Live 2012 (HKCU Version: 2012)
Texmaker (x32)
Toshiba Assist (x32 Version: 3.00.11)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64)
TOSHIBA ConfigFree (x32 Version: 8.0.28)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
Toshiba Manuals (x32 Version: 10.01)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.10)
TOSHIBA Online Product Information (x32 Version: 2.09.0001)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA ReelTime (x32 Version: 1.6.06.64)
TOSHIBA Service Station (x32 Version: 2.1.40)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C)
TOSHIBA Supervisorkennwort (x32 Version: 1.63.0.9C)
TOSHIBA TEMPRO (x32 Version: 3.34)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15)
TRORMCLauncher (Version: 1.0.0.9)
TRORMCLauncher (x32 Version: )
Uninstall 1.0.0.1 (x32)
Unterstützung für NI SSL (64 Bit) (Version: 12.0.408.0)
Unterstützung für NI SSL (x32 Version: 12.0.408.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Utility Common Driver (x32 Version: 1.0.52.1C)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
VLC media player 1.1.5 (x32 Version: 1.1.5)
VobSub v2.23 (Remove Only) (x32)
Vokabeltrainer-Update 5.0.21 (x32 Version: 5.0.21)
WebEx (HKCU)
WIF Core Dependencies Windows 5.3.0 (x32 Version: 5.30.208.0)
WildTangent ORB Game Console (x32)
WildTangent-Spiele (x32 Version: 1.0.0.80)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Zuma Deluxe (x32 Version: 2.2.0.82)

==================== Restore Points  =========================

21-08-2013 16:38:33 Windows Update
22-08-2013 12:40:33 Installed Java 7 Update 25

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1479A6A1-366A-4963-8318-0519323FA7DC} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-06-08] (National Instruments)
Task: {16F0A3C8-0733-41F1-9155-ED4AD6EAA9F3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {2C1D1896-AFBD-42C9-B2A3-3A759BFE4701} - System32\Tasks\DSite => C:\Users\martina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {48F61705-5B36-4551-B391-85B1C73A696A} - System32\Tasks\EPUpdater => C:\Users\martina\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {7D930BEF-03B1-4577-8032-7C9F42E9321F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7DA126A2-FB65-4BCF-B737-1E5A9A82D260} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {8A8D49CD-CD47-4037-9AF0-8BBA2B00FBAF} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {9806CEB0-1F62-4DD8-951A-CE3571E610CE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C3C0E8AA-D86E-49DA-9DDE-14AD9B8A4386} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3029257629-2301306746-962001712-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {CE6970B0-5EA3-4FC0-A3E2-6EB8ED269581} - System32\Tasks\AdobeAAMUpdater-1.0-mati-martina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-28] (Adobe Systems Incorporated)
Task: {E4AD5319-4EF6-4030-B999-A037EE01D1EB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3029257629-2301306746-962001712-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)
Task: {FA643BEB-55BE-4175-8A65-B3C5C2390D0B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: C:\Windows\Tasks\DSite.job => C:\Users\martina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 11:26:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447
Ausnahmecode: 0x40000015
Fehleroffset: 0x000178f0
ID des fehlerhaften Prozesses: 0x12ec
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2
Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3

Error: (08/13/2013 06:04:58 PM) (Source: ESENT) (User: )
Description: wlmail (6348) C:\Users\martina\AppData\Local\Microsoft\Windows Live Mail\Calendars\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (08/10/2013 10:13:57 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1334

Startzeit: 01ce95a6915325e0

Endzeit: 36

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 60680c5c-01f9-11e3-a3f9-88ae1dea8d89

Error: (08/03/2013 10:24:04 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dede
ID des fehlerhaften Prozesses: 0x12ec
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/22/2013 08:59:23 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/12/2013 10:48:06 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (07/11/2013 05:06:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1bf8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/11/2013 00:06:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.1, Zeitstempel: 0x4d836e66
Name des fehlerhaften Moduls: DropboxExt.19.dll, Version: 1.0.0.19, Zeitstempel: 0x51549d60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000741b
ID des fehlerhaften Prozesses: 0x8b4
Startzeit der fehlerhaften Anwendung: 0xMyPhoneExplorer.exe0
Pfad der fehlerhaften Anwendung: MyPhoneExplorer.exe1
Pfad des fehlerhaften Moduls: MyPhoneExplorer.exe2
Berichtskennung: MyPhoneExplorer.exe3

Error: (07/04/2013 00:43:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0xc30
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (06/27/2013 11:27:09 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).


System errors:
=============
Error: (08/23/2013 01:09:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "WinZiper service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2013 11:48:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (08/23/2013 11:47:54 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (08/22/2013 05:25:40 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CHRISTIAN-SATEL",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/20/2013 09:57:33 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BENJAMIN-ACER",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/20/2013 08:38:28 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 172.17.60.40
registriert werden. Der Computer mit IP-Adresse 172.17.60.110 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/20/2013 06:54:30 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONASDESKTOPPC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/20/2013 05:33:13 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 172.17.60.40
registriert werden. Der Computer mit IP-Adresse 172.17.60.157 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/20/2013 08:22:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (08/20/2013 08:21:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.


Microsoft Office Sessions:
=========================
Error: (06/22/2013 05:03:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 622 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2011-04-04 15:21:33.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.959
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.806
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.645
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-04-04 15:21:33.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 3954.67 MB
Available physical RAM: 1183.24 MB
Total Pagefile: 7907.53 MB
Available Pagefile: 5179.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:2.34 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:110.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-23 14:15:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\martina\AppData\Local\Temp\pxddypod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                       fffff800025a2000 54 bytes [48, 8B, DA, 48, 8B, E9, 4C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 599                                                                                       fffff800025a2037 41 bytes [8B, 44, 24, 40, 48, 8D, 4C, ...]

---- User code sections - GMER 2.1 ----

.text     C:\ProgramData\eSafe\eGdpSvc.exe[1520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                           0000000076911465 2 bytes [91, 76]
.text     C:\ProgramData\eSafe\eGdpSvc.exe[1520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                          00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                     00000000714a1a22 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                     00000000714a1ad0 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                     00000000714a1b08 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                     00000000714a1bba 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                     00000000714a1bda 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000076911465 2 bytes [91, 76]
.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                       0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                      00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                   00000000714a1a22 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                   00000000714a1ad0 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                   00000000714a1b08 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                   00000000714a1bba 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                   00000000714a1bda 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000076911465 2 bytes [91, 76]
.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                           00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                    00000000714a1a22 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                    00000000714a1ad0 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                    00000000714a1b08 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                    00000000714a1bba 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                    00000000714a1bda 2 bytes [4A, 71]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000076911465 2 bytes [91, 76]
.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
?         C:\Windows\system32\mssprxy.dll [3952] entry point in ".rdata" section                                                                                   000000006fc771e6
.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Windows\SysWOW64\rundll32.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000076911465 2 bytes [91, 76]
.text     C:\Windows\SysWOW64\rundll32.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe[6124] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                   0000000076911465 2 bytes [91, 76]
.text     C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe[6124] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                  00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000076911465 2 bytes [91, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000769114bb 2 bytes [91, 76]
.text     ...                                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2476]                                                                  0000000077592e65
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2492]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2496]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2500]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2504]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2512]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2524]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2528]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2552]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2556]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2568]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2728]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2732]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2776]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2784]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2788]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2792]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2796]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2800]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2808]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2824]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2916]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2148]                                                                  0000000077593e85
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2988]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:3352]                                                                  0000000071c91c2f
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:3384]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4112]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4116]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4120]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:5504]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:5512]                                                                  00000000722329e1
Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:6392]                                                                  0000000077593e85
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6716]                                                                                           000007fefb772a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6772]                                                                                           000007feed4fd618
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6832]                                                                                           000007fef7d35124

---- EOF - GMER 2.1 ----

Danke schonmal im Voraus

schrauber · 23.08.2013, 14:25

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

baculo · 23.08.2013, 15:32

Danke für die Antwort!

Hier meine neuen Log-Files:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
martina :: MATI [Administrator]

Schutz: Aktiviert

23.08.2013 15:36:46
mbam-log-2013-08-23 (15-36-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224555
Laufzeit: 11 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1520 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Users\martina\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 42
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\d (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440144614450} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550155615550} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0016150.BHO.1 (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: zr2X2X1G1S1F2V1S2Q0V -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Daten: C:\Windows\SysWOW64\rundll32.exe  "C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\Users\martina\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Users\martina\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 23
C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Local\Temp\eIntaller\8F290658AF7E4335A9486C7E9174453F\eGdpSvc.exe (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Local\Temp\is1590112554\270331241_Setup.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Löschen bei Neustart.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.A.BabSolution) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\martina\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DKB-Cashback\DKB-Cashback.dll (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.000 - Report created 23/08/2013 at 16:12:51
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : martina - MATI
# Running from : C:\Users\martina\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\martina\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\martina\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\martina\AppData\Roaming\DSite
Folder Deleted : C:\Users\martina\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
File Deleted : C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\user.js
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.Sandbox.1
Key Deleted : HKLM\SOFTWARE\957d88be569ec46
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "qvo6");
Line Deleted : user_pref("browser.search.order.1", "qvo6");
Line Deleted : user_pref("browser.search.selectedEngine", "qvo6");
Line Deleted : user_pref("extensions.crossrider.bic", "13e5fae89c865cd09447e7745030e9d6");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationTime", 1367404856);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.active", true);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.backgroundjs", "\n\n/************************************************************************************\n  This is your background code.\n  For more in[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.backgroundver", 7);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app16150%22%3A%22app16150%22%2C%22DE%22%3A%22DE%22%7D");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.value", "1367404856");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.description", "Mit der DKB-Cashback Erweiterung finden Sie schnell und einfach alle Online-Cashbacks. Somit verpassen Sie keinen Vorteil mehr.");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.domain", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.group", 0);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22D9552A7BD4E64BA3A976F9F3E940D0CDIE%22%2C%22installer_verifier%22%3A%2250a5048c56168b[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.value", "43");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.value", "45");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.value", "%7B%22jquery.js%22%3A%7B%22id%22%3A210832%2C%22ver%22%3A45%2C%22status%22%3A1%2C%22name%22%3A%22jquery.js%22%2C%22url%[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.expiration", "Fri Aug 23 2013 17:27:48 GMT+0200");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.expiration", "Sun Nov 03 2013 09:44:02 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.value", "%22/*%21%20jQuery%20v1.8.2%20jquery.com%20%7C%20jquery.org/license%20*/%5Cr%5Cn%28function%28a%2Cb%29%7Bfun[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.expiration", "Wed Oct 23 2013 16:03:48 GMT+0200");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.value", "%22.bottomtxt%5Cn%7B%5Cncolor%3A%23ffffff%20%21important%3B%5Cnmargin-top%3A5px%20%21important%3B%20%5Cntex[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.expiration", "Sun Nov 03 2013 09:44:02 GMT+0100");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.value", "%22/*%21%5Cr%5Cn%20*%20jQuery%20blockUI%20plugin%5Cr%5Cn%20*%20Version%202.45%20%2813-SEP-2012%29%5Cr%5Cn%2[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.js", "\n\n  /************************************************************************************\n  This is your Page Code. The appAPI.ready() code bloc[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.name", "DKB-Cashback");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|right/,d=/top|center|bottom/,b=f.fn.position,a=f.fn.offset;f.fn.position=function([...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.name", "notifications");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},regis[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.name", "hooks");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;th[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.name", "search_engine_hook");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,7,98,9,5,28");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/16150/plugins/091/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.pluginsversion", 27);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.publisher", "dkbbrowserextension");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp16150.16150.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp16150.16150.ver", 43);
Line Deleted : user_pref("extensions.crossriderapp16150.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp16150.apps", "16150");
Line Deleted : user_pref("extensions.crossriderapp16150.bic", "13e5fae89c865cd09447e7745030e9d6");
Line Deleted : user_pref("extensions.crossriderapp16150.cid", 16150);
Line Deleted : user_pref("extensions.crossriderapp16150.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp16150.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp16150.installationdate", 1367404874);
Line Deleted : user_pref("extensions.crossriderapp16150.lastcheck", 22954168);
Line Deleted : user_pref("extensions.crossriderapp16150.lastcheckitem", 22954450);
Line Deleted : user_pref("extensions.crossriderapp16150.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp16150.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp16150.statsDailyCounter", 303);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "ba6bae0700000000000088ae1dea8d89");
Line Deleted : user_pref("extensions.delta.instlDay", "15917");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.013:33:52");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123884&tsp=4960");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "%7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13,crossriderapp16150%40crossrider.com:0.91.42,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Playe[...]
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1306146232);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "icq%20toolbarentfernen||icq%20sidebar%20entfernen||fdghd||fdgd||gjuk7||english%20poem||tischgrill%20korea||gaskocher%20amazon||phosphorylase%20phosphylase||dehydroqina[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 82);
Line Deleted : user_pref("icqtoolbar.installTime", "1306146232");
Line Deleted : user_pref("icqtoolbar.newtab_state", "0");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "4.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "129238903812923889621292396150512");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1306232634);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");
Line Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

*************************

AdwCleaner[R0].txt - [28830 octets] - [23/08/2013 16:11:27]
AdwCleaner[S0].txt - [26574 octets] - [23/08/2013 16:12:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26635 octets] ##########

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by martina on 23.08.2013 at 16:20:22,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122612250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166616650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220122612250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166616650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166616650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166616650}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\extensions\crossriderapp16150@crossrider.com
Successfully deleted the following from C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\prefs.js

user_pref("extensions.crossrider.bic", "140ab89f8d2749abd55839be9d1e7145");
user_pref("extensions.crossriderapp16150.16150.InstallationThankYouPage", false);
user_pref("extensions.crossriderapp16150.16150.InstallationTime", 1377267481);
user_pref("extensions.crossriderapp16150.16150.active", true);
user_pref("extensions.crossriderapp16150.16150.addressbar", "");
user_pref("extensions.crossriderapp16150.16150.addressbarenhanced", "");
user_pref("extensions.crossriderapp16150.16150.asyncdb_dbWasSet", true);
user_pref("extensions.crossriderapp16150.16150.asyncinternaldb_dbWasSet", true);
user_pref("extensions.crossriderapp16150.16150.backgroundjs", "\n\n/************************************************************************************\n  This is your backgr
user_pref("extensions.crossriderapp16150.16150.backgroundver", 7);
user_pref("extensions.crossriderapp16150.16150.can_run_bg_code", true);
user_pref("extensions.crossriderapp16150.16150.certdomaininstaller", "");
user_pref("extensions.crossriderapp16150.16150.changeprevious", false);
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app16150%22%3A%22app16150%22%2C%22DE%22%3A%22DE%22%7
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_css.expiration", "Sat Aug 24 2013 16:18:07 GMT+0200");
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5Cn%5Cn.%25CSSClass%25-top-left%
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_geolocation.expiration", "Fri Aug 30 2013 16:18:07 GMT+0200");
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_geolocation.value", "%22DE%22");
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_metadata.expiration", "Sat Aug 24 2013 16:18:07 GMT+0200");
user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A16150%2C%22appName%22%3A%22DKB-Cashback%22%2C%22lastMessageId%22%3A
user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.value", "1377267481");
user_pref("extensions.crossriderapp16150.16150.description", "Mit der DKB-Cashback Erweiterung finden Sie schnell und einfach alle Online-Cashbacks. Somit verpassen Sie keinen
user_pref("extensions.crossriderapp16150.16150.domain", "");
user_pref("extensions.crossriderapp16150.16150.enablesearch", false);
user_pref("extensions.crossriderapp16150.16150.homepage", "");
user_pref("extensions.crossriderapp16150.16150.iframe", false);
user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.value", "43");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.value", "45");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.value", "%7B%22jquery.js%22%3A%7B%22id%22%3A210832%2C%22ver%22%3A45%2C%22status%22%3A1%2C%22name%22%3A
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.expiration", "Fri Aug 23 2013 22:18:03 GMT+0200");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.expiration", "Thu Nov 21 2013 15:18:44 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.value", "%22/*%21%20jQuery%20v1.8.2%20jquery.com%20%7C%20jquery.org/license%20*/%5Cr%5Cn%28
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.expiration", "Thu Nov 21 2013 15:18:03 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.value", "%22.bottomtxt%5Cn%7B%5Cncolor%3A%23ffffff%20%21important%3B%5Cnmargin-top%3A5px%20
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.expiration", "Thu Nov 21 2013 15:18:44 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.value", "%22/*%21%5Cr%5Cn%20*%20jQuery%20blockUI%20plugin%5Cr%5Cn%20*%20Version%202.45%20%2
user_pref("extensions.crossriderapp16150.16150.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.crossriderapp16150.16150.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D
user_pref("extensions.crossriderapp16150.16150.js", "\n\n  /************************************************************************************\n  This is your Page Code. The
user_pref("extensions.crossriderapp16150.16150.manifesturl", "");
user_pref("extensions.crossriderapp16150.16150.name", "DKB-Cashback");
user_pref("extensions.crossriderapp16150.16150.newtab", "");
user_pref("extensions.crossriderapp16150.16150.opensearch", "");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.ver", 6);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.ver", 9);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.ver", 9);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n 
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.ver", 4);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|right/,d=/top|center|bottom/,b=f.fn.position,a=f.fn.offse
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.name", "notifications");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.ver", 5);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);}
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){del
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.name", "hooks");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.ver", 2);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PA
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var f={keyDelay:1000},e,h;return{i
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.name", "search_engine_hook");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.ver", 2);
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===t
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,7,98,9,5,28");
user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp16150.16150.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/16150/plugins/091/ff/plugins.json");
user_pref("extensions.crossriderapp16150.16150.pluginsversion", 27);
user_pref("extensions.crossriderapp16150.16150.publisher", "dkbbrowserextension");
user_pref("extensions.crossriderapp16150.16150.searchstatus", 0);
user_pref("extensions.crossriderapp16150.16150.setnewtab", false);
user_pref("extensions.crossriderapp16150.16150.thankyou", "");
user_pref("extensions.crossriderapp16150.16150.updateinterval", 360);
user_pref("extensions.crossriderapp16150.16150.ver", 43);
user_pref("extensions.crossriderapp16150.apps", "16150");
user_pref("extensions.crossriderapp16150.bic", "140ab89f8d2749abd55839be9d1e7145");
user_pref("extensions.crossriderapp16150.cid", 16150);
user_pref("extensions.crossriderapp16150.firstrun", false);
user_pref("extensions.crossriderapp16150.hadappinstalled", true);
user_pref("extensions.crossriderapp16150.installationdate", 1377267481);
user_pref("extensions.crossriderapp16150.lastcheck", 22954458);
user_pref("extensions.crossriderapp16150.lastcheckitem", 22954459);
user_pref("extensions.crossriderapp16150.modetype", "production");
user_pref("extensions.crossriderapp16150.reportInstall", true);
user_pref("extensions.crossriderapp16150.statsDailyCounter", 1);
Emptied folder: C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\minidumps [329 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at 16:26:31,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by martina (administrator) on 23-08-2013 16:28:04
Running from C:\Users\martina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
MountPoints2: {08396626-a6a6-11e0-8fc7-88ae1dea8d89} - G:\LaunchU3.exe
MountPoints2: {300ed201-29af-11e0-96c1-e839dfc60cff} - F:\autorun.exe
HKLM-x32\...\Run: [EfficientDiary] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NI Update Service] - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-06-08] (National Instruments)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2354F87B-ED23-40A1-BD87-457F0EA49912} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {55D322A5-0449-4386-86F4-B8B8B173B0D6} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {6FC1E802-D935-492C-AA80-B6ABBD833117} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {81C19745-6CDB-420E-A5E4-24C39B5B306C} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 131.188.0.10 131.188.0.11

FireFox:
========
FF ProfilePath: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mytalkpal.com/ffplugin - C:\Program Files (x86)\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: DownloadHelper - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [ggmccnonmeooloobeejjmdjlneipfmna] - C:\Users\martina\AppData\Local\DKB-Cashback\Chrome\DKB-Cashback.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx

==================== Services (Whitelisted) =================

R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-23] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-06] (National Instruments Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)
R2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:CSSQL05 [x]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-27] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 16:20 - 2013-08-23 16:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 16:19 - 2013-08-23 16:19 - 01021434 _____ (Thisisu) C:\Users\martina\Desktop\JRT.exe
2013-08-23 16:16 - 2013-08-23 16:16 - 00026720 _____ C:\Users\martina\Desktop\AdwCleaner[S0].txt
2013-08-23 16:11 - 2013-08-23 16:13 - 00000000 ____D C:\AdwCleaner
2013-08-23 16:06 - 2013-08-23 16:14 - 00000112 _____ C:\Windows\setupact.log
2013-08-23 16:06 - 2013-08-23 16:06 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 15:54 - 2013-08-23 15:54 - 00007440 _____ C:\Windows\PFRO.log
2013-08-23 15:35 - 2013-08-23 15:35 - 00000000 ____D C:\Users\martina\AppData\Roaming\Malwarebytes
2013-08-23 15:34 - 2013-08-23 15:34 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 15:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-23 15:32 - 2013-08-23 15:33 - 00975858 _____ C:\Users\martina\Desktop\adwcleaner.exe
2013-08-23 15:32 - 2013-08-23 15:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\martina\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-23 14:29 - 2013-08-23 14:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-23 14:29 - 2013-08-23 14:29 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 14:28 - 2013-08-23 14:29 - 03395840 _____ (Piriform Ltd) C:\Users\martina\Desktop\ccsetup404_slim.exe
2013-08-23 14:02 - 2013-08-23 14:15 - 00021649 _____ C:\Users\martina\Desktop\Gmer.txt
2013-08-23 13:49 - 2013-08-23 13:49 - 00377856 _____ C:\Users\martina\Desktop\gmer_2.1.19163.exe
2013-08-23 13:45 - 2013-08-23 13:46 - 00042256 _____ C:\Users\martina\Desktop\Addition.txt
2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST
2013-08-23 13:41 - 2013-08-23 13:42 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe
2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log
2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable
2013-08-23 13:40 - 2013-08-23 13:41 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe
2013-08-23 11:32 - 2013-08-23 11:40 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer
2013-08-23 11:26 - 2013-08-23 13:09 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 11:25 - 2013-08-23 13:12 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data
2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe
2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm
2013-08-22 14:42 - 2013-08-22 14:41 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-22 14:42 - 2013-08-22 14:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-17 12:02 - 2013-08-17 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 00:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 00:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 00:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 00:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 00:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 00:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 00:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 00:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 00:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 00:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 00:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 00:05 - 2013-08-15 00:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar
2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff
2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma
2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

==================== One Month Modified Files and Folders =======

2013-08-23 16:26 - 2013-08-23 16:26 - 00015679 _____ C:\Users\martina\Desktop\JRT.txt
2013-08-23 16:22 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 16:22 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 16:20 - 2013-08-23 16:20 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 16:19 - 2013-08-23 16:19 - 01021434 _____ (Thisisu) C:\Users\martina\Desktop\JRT.exe
2013-08-23 16:16 - 2013-08-23 16:16 - 00026720 _____ C:\Users\martina\Desktop\AdwCleaner[S0].txt
2013-08-23 16:16 - 2012-11-11 15:04 - 00000000 ____D C:\Users\martina\AppData\Roaming\Dropbox
2013-08-23 16:14 - 2013-08-23 16:06 - 00000112 _____ C:\Windows\setupact.log
2013-08-23 16:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 16:13 - 2013-08-23 16:11 - 00000000 ____D C:\AdwCleaner
2013-08-23 16:13 - 2010-09-24 04:46 - 01996104 _____ C:\Windows\WindowsUpdate.log
2013-08-23 16:12 - 2010-12-13 01:46 - 00001056 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-23 16:12 - 2010-12-01 21:03 - 00001006 _____ C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-23 16:06 - 2013-08-23 16:06 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 15:54 - 2013-08-23 15:54 - 00007440 _____ C:\Windows\PFRO.log
2013-08-23 15:52 - 2013-05-01 12:41 - 00000000 ____D C:\Program Files (x86)\DKB-Cashback
2013-08-23 15:35 - 2013-08-23 15:35 - 00000000 ____D C:\Users\martina\AppData\Roaming\Malwarebytes
2013-08-23 15:34 - 2013-08-23 15:34 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 15:33 - 2013-08-23 15:32 - 00975858 _____ C:\Users\martina\Desktop\adwcleaner.exe
2013-08-23 15:32 - 2013-08-23 15:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\martina\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-23 14:44 - 2011-01-14 05:02 - 00000000 ____D C:\Users\martina\AppData\Roaming\DAEMON Tools Lite
2013-08-23 14:43 - 2010-12-23 10:23 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-23 14:39 - 2010-04-19 09:27 - 00000000 ____D C:\Windows\Panther
2013-08-23 14:29 - 2013-08-23 14:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-23 14:29 - 2013-08-23 14:29 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-23 14:29 - 2013-08-23 14:28 - 03395840 _____ (Piriform Ltd) C:\Users\martina\Desktop\ccsetup404_slim.exe
2013-08-23 14:29 - 2011-09-07 17:09 - 00000000 ____D C:\Program Files\CCleaner
2013-08-23 14:15 - 2013-08-23 14:02 - 00021649 _____ C:\Users\martina\Desktop\Gmer.txt
2013-08-23 13:49 - 2013-08-23 13:49 - 00377856 _____ C:\Users\martina\Desktop\gmer_2.1.19163.exe
2013-08-23 13:46 - 2013-08-23 13:45 - 00042256 _____ C:\Users\martina\Desktop\Addition.txt
2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST
2013-08-23 13:42 - 2013-08-23 13:41 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe
2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log
2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable
2013-08-23 13:41 - 2013-08-23 13:40 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe
2013-08-23 13:41 - 2010-12-01 20:51 - 00000000 ____D C:\Users\martina
2013-08-23 13:12 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-23 13:09 - 2013-08-23 11:26 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-23 13:04 - 2009-07-14 19:58 - 00784854 _____ C:\Windows\system32\perfh007.dat
2013-08-23 13:04 - 2009-07-14 19:58 - 00178964 _____ C:\Windows\system32\perfc007.dat
2013-08-23 13:04 - 2009-07-14 07:13 - 01845004 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 11:40 - 2013-08-23 11:32 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer
2013-08-23 11:26 - 2011-02-20 00:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-23 11:26 - 2011-02-19 01:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data
2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe
2013-08-23 10:29 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Roaming\Spotify
2013-08-22 17:21 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Local\Spotify
2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm
2013-08-22 14:41 - 2013-08-22 14:42 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-22 14:41 - 2013-08-22 14:42 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-22 14:41 - 2011-07-09 07:23 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-19 14:43 - 2012-10-14 23:03 - 00000000 ____D C:\Users\martina\Documents\Citavi 3
2013-08-19 09:11 - 2012-04-27 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 19:39 - 2010-12-15 08:51 - 00000000 ____D C:\Users\martina\AppData\Roaming\ICQ
2013-08-17 12:03 - 2013-08-17 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 00:09 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:09 - 2010-12-02 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 00:05 - 2010-12-01 22:00 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 17:49 - 2012-11-24 21:54 - 00000000 ____D C:\Users\Public\Documents\Rezepte
2013-08-14 12:41 - 2011-02-12 04:45 - 00000000 ____D C:\Users\martina\Documents\Bewerbung
2013-08-13 23:09 - 2011-02-21 12:16 - 00000000 ____D C:\Users\martina\Documents\KOREA
2013-08-09 15:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar
2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff
2013-08-07 15:04 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma
2013-08-04 13:28 - 2012-10-14 23:01 - 00000000 ____D C:\Users\martina\AppData\Roaming\Swiss Academic Software
2013-08-04 10:52 - 2011-01-02 09:01 - 00000000 ___RD C:\Users\martina\Desktop\Studium
2013-07-31 13:38 - 2011-08-07 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\MyPhoneExplorer
2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-31 13:34 - 2011-08-07 11:24 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2013-07-26 07:13 - 2013-08-15 00:14 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 00:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 00:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 00:14 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 00:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 00:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 00:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 00:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 00:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 00:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 00:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

Files to move or delete:
====================
C:\Users\martina\iFunBox.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 15:18

==================== End Of Log ============================

--- --- ---

--- --- ---

Dankeschön!

schrauber · 23.08.2013, 18:28

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Windows 7: QV06 Virus verschwindet nicht

Log-Analyse und Auswertung: Windows 7: QV06 Virus verschwindet nicht