Trojaner-Board - Windows 7: QV06 Virus verschwindet nicht

Liebe Trojaner-Board Helfer,

nachdem ich mir heute ein image to pdf programm heruntergeladen hatte, habe ich mir dummerweise einen Virus mitgezogen.
Seitdem habe ich alle in der Systemsteuerung zu finden automatisch installierten Programme von heute deinstalliert und habe auch versucht die Seite von QV06 aus der Startseite zu löschen. Leider erfolglos, trotz zurücksetzen auf Standardeinstellungen.

Hier sind meine Log Files:

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013

Ran by martina (administrator) on 23-08-2013 13:43:11

Running from C:\Users\martina\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe

(Dropbox, Inc.) C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Irfan Skiljan) C:\Program Files (x86)\IrfanView\i_view32.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()

HKCU\...\Run: [NTRedirect] - C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll [187888 2013-08-22] ()

MountPoints2: {08396626-a6a6-11e0-8fc7-88ae1dea8d89} - G:\LaunchU3.exe

MountPoints2: {300ed201-29af-11e0-96c1-e839dfc60cff} - F:\autorun.exe

HKLM-x32\...\Run: [EfficientDiary] -  [x]

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NI Update Service] - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-06-08] (National Instruments)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk

ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ssbtis1&mntrId=BA6B88AE1DEA8D89&affID=123884&tsp=4960

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=BA6B88AE1DEA8D89&affID=123884&tsp=4960

SearchScopes: HKCU - {2354F87B-ED23-40A1-BD87-457F0EA49912} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249901

SearchScopes: HKCU - {55D322A5-0449-4386-86F4-B8B8B173B0D6} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

SearchScopes: HKCU - {6FC1E802-D935-492C-AA80-B6ABBD833117} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {81C19745-6CDB-420E-A5E4-24C39B5B306C} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: DKB-Cashback - {11111111-1111-1111-1111-110111611150} - C:\Program Files (x86)\DKB-Cashback\DKB-Cashback.dll (dkbbrowserextension)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)

Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)

Tcpip\Parameters: [DhcpNameServer] 131.188.0.10 131.188.0.11
 

FireFox:

========

FF ProfilePath: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default

FF user.js: detected! => C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\user.js

FF SelectedSearchEngine: qvo6

FF Homepage: about:home

FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)

FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @mytalkpal.com/ffplugin - C:\Program Files (x86)\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)

FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\crossriderapp16150@crossrider.com

FF Extension: DownloadHelper - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377250025
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (Delta Toolbar) - C:\Users\martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\martina\AppData\Roaming\BabSolution\CR\Delta.crx

CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx

CHR HKLM-x32\...\Chrome\Extension: [ggmccnonmeooloobeejjmdjlneipfmna] - C:\Users\martina\AppData\Local\DKB-Cashback\Chrome\DKB-Cashback.crx

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
 

==================== Services (Whitelisted) =================
 

R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)

R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)

R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

R2 MSSQL$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-23] (National Instruments Corporation)

R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)

S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)

R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)

S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)

R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)

R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-06] (National Instruments Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)

R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)

R2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:CSSQL05 [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-27] (DT Soft Ltd)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-23 13:41 - 2013-08-23 13:42 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe

2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log

2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable

2013-08-23 13:40 - 2013-08-23 13:41 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe

2013-08-23 11:32 - 2013-08-23 11:40 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer

2013-08-23 11:26 - 2013-08-23 13:09 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-08-23 11:25 - 2013-08-23 13:11 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-08-23 11:25 - 2013-08-23 12:26 - 00000294 _____ C:\Windows\Tasks\DSite.job

2013-08-23 11:25 - 2013-08-23 11:53 - 00000000 ____D C:\ProgramData\eSafe

2013-08-23 11:25 - 2013-08-23 11:25 - 00003230 _____ C:\Windows\System32\Tasks\DSite

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\DSite

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator

2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe

2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm

2013-08-22 14:42 - 2013-08-22 14:41 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-22 14:42 - 2013-08-22 14:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-17 12:02 - 2013-08-17 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 00:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 00:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 00:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 00:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 00:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 00:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 00:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 00:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 00:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 00:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 00:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 00:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 00:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 00:05 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 20:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 20:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 20:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 20:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 20:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar

2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff

2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma

2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk

2013-07-31 13:33 - 2013-07-31 13:34 - 00000000 ____D C:\Users\martina\AppData\Roaming\BabSolution

2013-07-31 13:33 - 2013-07-31 13:33 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\Babylon

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\ProgramData\Babylon

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Program Files (x86)\Delta

2013-07-31 13:31 - 2013-07-31 13:31 - 07134488 _____ C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe

2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
 

==================== One Month Modified Files and Folders =======
 

2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST

2013-08-23 13:42 - 2013-08-23 13:41 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe

2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log

2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable

2013-08-23 13:41 - 2013-08-23 13:40 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe

2013-08-23 13:41 - 2010-12-01 20:51 - 00000000 ____D C:\Users\martina

2013-08-23 13:12 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator

2013-08-23 13:11 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-08-23 13:09 - 2013-08-23 11:26 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-08-23 13:04 - 2009-07-14 19:58 - 00784854 _____ C:\Windows\system32\perfh007.dat

2013-08-23 13:04 - 2009-07-14 19:58 - 00178964 _____ C:\Windows\system32\perfc007.dat

2013-08-23 13:04 - 2009-07-14 07:13 - 01845004 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-23 12:26 - 2013-08-23 11:25 - 00000294 _____ C:\Windows\Tasks\DSite.job

2013-08-23 12:17 - 2010-09-24 04:46 - 01970776 _____ C:\Windows\WindowsUpdate.log

2013-08-23 11:55 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-23 11:55 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-23 11:53 - 2013-08-23 11:25 - 00000000 ____D C:\ProgramData\eSafe

2013-08-23 11:50 - 2012-11-11 15:04 - 00000000 ____D C:\Users\martina\AppData\Roaming\Dropbox

2013-08-23 11:46 - 2011-01-19 14:35 - 00541957 _____ C:\Windows\setupact.log

2013-08-23 11:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-23 11:40 - 2013-08-23 11:32 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer

2013-08-23 11:26 - 2011-02-20 00:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2013-08-23 11:26 - 2011-02-19 01:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2013-08-23 11:25 - 2013-08-23 11:25 - 00003230 _____ C:\Windows\System32\Tasks\DSite

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\DSite

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data

2013-08-23 11:25 - 2010-12-13 01:46 - 00002190 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-23 11:25 - 2010-12-01 21:03 - 00001684 _____ C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe

2013-08-23 10:29 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Roaming\Spotify

2013-08-22 17:21 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Local\Spotify

2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm

2013-08-22 14:41 - 2013-08-22 14:42 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-22 14:41 - 2013-08-22 14:42 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-22 14:41 - 2011-07-09 07:23 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-19 14:43 - 2012-10-14 23:03 - 00000000 ____D C:\Users\martina\Documents\Citavi 3

2013-08-19 09:11 - 2012-04-27 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-18 19:39 - 2010-12-15 08:51 - 00000000 ____D C:\Users\martina\AppData\Roaming\ICQ

2013-08-17 12:03 - 2013-08-17 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 00:09 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 00:09 - 2010-12-02 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-15 00:05 - 2010-12-01 22:00 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 17:49 - 2012-11-24 21:54 - 00000000 ____D C:\Users\Public\Documents\Rezepte

2013-08-14 12:41 - 2011-02-12 04:45 - 00000000 ____D C:\Users\martina\Documents\Bewerbung

2013-08-13 23:09 - 2011-02-21 12:16 - 00000000 ____D C:\Users\martina\Documents\KOREA

2013-08-11 08:47 - 2011-01-30 03:39 - 00012968 _____ C:\Windows\PFRO.log

2013-08-09 15:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool

2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar

2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff

2013-08-07 15:04 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma

2013-08-04 13:28 - 2012-10-14 23:01 - 00000000 ____D C:\Users\martina\AppData\Roaming\Swiss Academic Software

2013-08-04 10:52 - 2011-01-02 09:01 - 00000000 ___RD C:\Users\martina\Desktop\Studium

2013-07-31 13:38 - 2011-08-07 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\MyPhoneExplorer

2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk

2013-07-31 13:34 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\BabSolution

2013-07-31 13:34 - 2011-08-07 11:24 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer

2013-07-31 13:33 - 2013-07-31 13:33 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Users\martina\AppData\Roaming\Babylon

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\ProgramData\Babylon

2013-07-31 13:33 - 2013-07-31 13:33 - 00000000 ____D C:\Program Files (x86)\Delta

2013-07-31 13:31 - 2013-07-31 13:31 - 07134488 _____ C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe

2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2013-07-26 07:13 - 2013-08-15 00:14 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-15 00:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-15 00:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-15 00:14 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-15 00:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-15 00:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-15 00:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-15 00:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-15 00:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-15 00:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-15 00:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
 

Files to move or delete:

====================

C:\Users\martina\iFunBox.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-22 15:18
 

==================== End Of Log ============================

ADDITIONAL

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013

Ran by martina at 2013-08-23 13:45:50

Running from C:\Users\martina\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

 Main Workbench 6.0.2 (Version: 6.0.2)

 Update for Microsoft Office 2007 (KB2508958) (x32)

64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Adobe AIR (x32 Version: 1.5.3.9130)

Adobe Community Help (x32 Version: 3.2.1)

Adobe Community Help (x32 Version: 3.2.1.650)

Adobe Flash Player 10 ActiveX (x32 Version: 10.2.153.1)

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)

Adobe Photoshop Elements 9 (x32 Version: 9.0)

Adobe Reader XI - Deutsch (x32 Version: 11.0.00)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)

Advertising Center (x32 Version: 0.0.0.2)

Amazon Kindle (HKCU)

Apple Application Support (x32 Version: 1.5.0)

Apple Mobile Device Support (Version: 3.4.0.25)

Apple Software Update (x32 Version: 2.1.3.127)

ATI Catalyst Install Manager (Version: 3.0.765.0)

AudibleManager (x32 Version: 1997028590.48.56.35924506)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)

Bing Bar (x32 Version: 5.0.1401.0)

BioProzessTrainer (x32 Version: 5.12.1088)

Bluetooth Stack for Windows by Toshiba (Version: v7.10.10(T))

Broadcom 802.11 Network Adapter (Version: 5.60.48.35)

Bundled software uninstaller (x32)

CambridgeSoft Activation Client (x32 Version: 12.0)

CambridgeSoft ChemBioDraw Ultra 12.0 (x32 Version: 12.0)

CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 (x32 Version: 12.0)

CambridgeSoft ENotebook 12.02 (x32 Version: 12.0.2)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562)

Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562)

CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562)

CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562)

CCC Help Czech (x32 Version: 2010.0315.1049.17562)

CCC Help Danish (x32 Version: 2010.0315.1049.17562)

CCC Help Dutch (x32 Version: 2010.0315.1049.17562)

CCC Help English (x32 Version: 2010.0315.1049.17562)

CCC Help Finnish (x32 Version: 2010.0315.1049.17562)

CCC Help French (x32 Version: 2010.0315.1049.17562)

CCC Help German (x32 Version: 2010.0315.1049.17562)

CCC Help Greek (x32 Version: 2010.0315.1049.17562)

CCC Help Hungarian (x32 Version: 2010.0315.1049.17562)

CCC Help Italian (x32 Version: 2010.0315.1049.17562)

CCC Help Japanese (x32 Version: 2010.0315.1049.17562)

CCC Help Korean (x32 Version: 2010.0315.1049.17562)

CCC Help Norwegian (x32 Version: 2010.0315.1049.17562)

CCC Help Polish (x32 Version: 2010.0315.1049.17562)

CCC Help Portuguese (x32 Version: 2010.0315.1049.17562)

CCC Help Russian (x32 Version: 2010.0315.1049.17562)

CCC Help Spanish (x32 Version: 2010.0315.1049.17562)

CCC Help Swedish (x32 Version: 2010.0315.1049.17562)

CCC Help Thai (x32 Version: 2010.0315.1049.17562)

CCC Help Turkish (x32 Version: 2010.0315.1049.17562)

ccc-core-static (x32 Version: 2010.0315.1050.17562)

ccc-utility64 (Version: 2010.0315.1050.17562)

CCleaner (Version: 3.10)

Chuzzle Deluxe (x32 Version: 2.2.0.82)

Cisco AnyConnect VPN Client (x32 Version: 2.5.3055)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Cisco WebEx Meeting Center for Firefox or Chrome (x32 Version: 8.23.2500)

Citavi (x32 Version: 3.3.0.0)

CloneDVD2 (x32 Version: 2.9.2.8)

Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)

Corel Graphics - Windows Shell Extension (Version: 16.0.707)

Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707)

Corel WinDVD (x32 Version: 10.0.5.349)

CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0)

CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)

CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0)

CorelDRAW Graphics Suite X6 (64-Bit) (Version: 16.0.0.707)

CorelDRAW Graphics Suite X6 (x64) (Version: 16.0)

DAEMON Tools Lite (x32 Version: 4.40.2.0131)

Delta Chrome Toolbar (x32)

Delta toolbar   (x32 Version: 1.8.22.0)

Designer 2.0 (x32 Version: 7.9.3)

Dev-C++ 5 beta 9 release (4.9.9.2) (x32)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)

DivX-Setup (x32 Version: 2.3.0.20)

DKB-Cashback (x32 Version: 1.24.151.151)

Dropbox (HKCU Version: 2.0.22)

EF Englishtown Advanced Speech Recognition Version 4.6.449.1 (x32 Version: 4.6.449.1)

Efficient Diary 1.90 (x32)

Elements 9 Organizer (x32 Version: 9.0)

Elements STI Installer (x32 Version: 1.0)

English Grammar in Use (x32 Version: 1.0)

EPSON Scan (x32)

Epson Stylus SX110_TX110 Manual (x32)

EPSON TX110 Series Printer Uninstall

FATE (x32 Version: 2.2.0.82)

FlowJo Vx (Version: 10.0.5.0)

Free Video to iPod Converter version 4.2.18.324 (x32)

Free YouTube Download version 3.1.29.608 (x32 Version: 3.1.29.608)

GPL Ghostscript 9.00 (x32)

Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1)

ICQ7.5 (x32 Version: 7.5)

ImagXpress (x32 Version: 7.0.74.0)

Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)

Intel(R) Rapid Storage Technology (x32 Version: 9.5.7.1002)

Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)

InternetCalls (x32 Version: 4.07 build 625)

IrfanView (remove only) (x32 Version: 4.27)

iTunes (Version: 10.2.1.1)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

JDownloader (x32)

Jewel Quest II (x32 Version: 2.2.0.82)

Junk Mail filter update (x32 Version: 14.0.8089.726)

Korean Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)

Langenscheidt Vokabeltrainer 5.0 Englisch (x32 Version: 5.0.0)

Math-Kernel-Bibliotheken (64 Bit) (Version: 1.0.23.0)

Math-Kernel-Bibliotheken (x32 Version: 1.0.23.0)

MATLAB R2009a (Version: 7.8)

Mein CEWE FOTOBUCH (x32)

MestReNova LITE 5.2.5-5780 (x32 Version: 5.2.5-5780)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Choice Guard (x32 Version: 2.0.48.0)

Microsoft Default Manager (x32 Version: 2.1.55.0)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Search Enhancement Pack (x32 Version: 3.0.127.0)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Silverlight 5.1 (x32 Version: 5.1.3100)

Microsoft SQL Server 2005 (CSSQL05) (x32 Version: 9.4.5000.00)

Microsoft SQL Server 2005 (x32)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server 2005 Tools (x32 Version: 9.4.5000.00)

Microsoft SQL Server Native Client (Version: 9.00.5000.00)

Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)

Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)

Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)

Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)

Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729)

Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.30729)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729)

Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (x32 Version: 9.0.30729)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)

Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

Mozilla Thunderbird 17.0 (x86 de) (x32 Version: 17.0)

MSVCRT (x32 Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

MyPhoneExplorer (x32 Version: 1.8.4)

National Instruments - Software (x32 Version: )

Nero 9 Essentials (x32)

Nero BackItUp (x32 Version: 5.2.21001)

Nero BackItUp and Burn (x32 Version: 1.2.0030)

Nero BurnRights (x32 Version: 3.4.13.100)

Nero BurnRights (x32 Version: 3.6.26001)

Nero BurnRights Help (x32 Version: 3.4.4.100)

Nero ControlCenter (x32 Version: 9.0.0.1)

Nero DiscSpeed (x32 Version: 5.4.13.100)

Nero DiscSpeed Help (x32 Version: 5.4.4.100)

Nero DriveSpeed (x32 Version: 4.4.12.100)

Nero DriveSpeed Help (x32 Version: 4.4.4.100)

Nero Express (x32 Version: 9.6.16000)

Nero Express Help (x32 Version: 9.4.34.100)

Nero InfoTool (x32 Version: 6.4.12.100)

Nero InfoTool Help (x32 Version: 6.4.4.100)

Nero Installer (x32 Version: 4.4.9.0)

Nero Online Upgrade (x32 Version: 1.3.0.0)

Nero RescueAgent (x32 Version: 2.6.25002)

Nero StartSmart (x32 Version: 9.4.37.100)

Nero StartSmart Help (x32 Version: 9.4.37.100)

NeroExpress (x32 Version: 9.4.34.100)

neroxml (x32 Version: 1.0.0)

NI .NET Framework 4.0 (x32 Version: 4.01.49152)

NI Assistant Framework (x32 Version: 8.0.112.0)

NI Assistant Framework 64-bit (Version: 8.0.120.0)

NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0)

NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0)

NI Authentication 12.0.0 (x32 Version: 12.0.367.0)

NI CodeSignAPI (x32 Version: 2.70.346)

NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0)

NI Curl 12.0.0 (x32 Version: 12.0.412.0)

NI DataSocket 5.0 (64 Bit) (Version: 5.0.115.0)

NI DataSocket 5.0 (x32 Version: 5.0.115.0)

NI DN 2.0 SP1 installer (x32 Version: 2.11.49152)

NI EulaDepot (x32 Version: 3.10.386)

NI Example Finder 12.0 (x32 Version: 12.0.291.0)

NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0)

NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0)

NI Help Assistant (64bit) (Version: 1.0.11)

NI Help Assistant (x32 Version: 1.0.11)

NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0)

NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0)

NI LabVIEW 2012 (32 Bit) (x32 Version: 12.0.94.0)

NI LabVIEW 2012 (32 Bit) (x32 Version: 12.0.95.0)

NI LabVIEW 2012 (x32 Version: 12.0.378.0)

NI LabVIEW 2012 Deployable License (x32 Version: 12.0.364.0)

NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0)

NI LabVIEW 2012 Help (x32 Version: 12.0.98.0)

NI LabVIEW 2012 Help File (x32 Version: 12.0.359.0)

NI LabVIEW 2012 License (x32 Version: 12.0.360.0)

NI LabVIEW 2012 Manuals (x32 Version: 12.0.97.0)

NI LabVIEW 2012 MeasAppChm File (x32 Version: 12.0.359.0)

NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0)

NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0)

NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0)

NI LabVIEW 2012 Search (x32 Version: 12.0.4.0)

NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0)

NI LabVIEW 2012 Variable Web Service (x32 Version: 12.0.191.0)

NI LabVIEW 2012 Web Server (x32 Version: 12.0.407.0)

NI LabVIEW Broker (64 bit) (Version: 6.8.10.0)

NI LabVIEW Broker (x32 Version: 6.8.10.0)

NI LabVIEW C Interface (x32 Version: 1.0.1)

NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.0.186.0)

NI LabVIEW MAX XML (x32 Version: 9.0.6.0)

NI LabVIEW Merge Utility 12.0.0 (x32 Version: 12.0.187.0)

NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.445.0)

NI LabVIEW Run-Time Engine 2012 (x32 Version: 12.0.377.0)

NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.446.0)

NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.146.0)

NI LabVIEW Run-Time Engine Webserver 2012 (x32 Version: 12.0.406.0)

NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0)

NI LabVIEW Web Services Runtime (x32 Version: 12.0.409.0)

NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360)

NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434)

NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434)

NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434)

NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434)

NI License Manager (x32 Version: 3.7.44)

NI Logos 5.4 (64 Bit) (Version: 5.4.303.0)

NI Logos 5.4 (x32 Version: 5.4.303.0)

NI Logos LabVIEW 2012 Support (x32 Version: 12.0.97.0)

NI Logos XT Support (x32 Version: 5.4.295.0)

NI Logos64 XT Support (Version: 5.4.295.0)

NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0)

NI Math Kernel Libraries (x32 Version: 1.0.10.0)

NI MAX Remote Configuration 64-bit Installer 5.3 (Version: 5.30.49152)

NI MAX Remote Configuration Installer 5.3 (x32 Version: 5.30.49152)

NI MAX Support for 64 Bit Windows (Version: 5.30.49152)

NI MDF Support (x32 Version: 3.10.386)

NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152)

NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152)

NI Measurement & Automation Explorer 5.3.0 (x32 Version: 5.30.49152)

NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101)

NI MetaSuite Installer (x32 Version: 3.10.386)

NI MXS 5.3.0 (x32 Version: 5.30.49152)

NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152)

NI Network Discovery 5.3 (x32 Version: 5.30.49152)

NI Network Discovery 5.3 for Windows 64-bit (Version: 5.30.49152)

NI OPC Support (x32 Version: 12.0.295.0)

NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152)

NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152)

NI Registration Wizard (x32 Version: 1.3.87.0)

NI Remote Provider for MAX 5.3.0 (x32 Version: 5.30.49152)

NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152)

NI Search Shared (x32 Version: 12.0.5.0)

NI SLCP 1.0 (x32 Version: 1.0.63.0)

NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152)

NI SSL LabVIEW 2012 Support (x32 Version: 12.0.406.0)

NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0)

NI System API Client for WIF 5.3.0 (x32 Version: 5.30.461.0)

NI System API Web-Servce 32-bit 5.3.0 (x32 Version: 5.30.460.0)

NI System API Windows 32-bit 5.3.0 (x32 Version: 5.30.460.0)

NI System API Windows 64-bit 5.3.0 (Version: 5.30.460.0)

NI System Configuration 5.3.0 LabVIEW Support (x32 Version: 5.30.212.0)

NI System Configuration LV2012 Support 5.3.0 (x32 Version: 5.30.207.0)

NI System Configuration Runtime 5.3.0 for Windows 64-bit (Version: 5.30.426.0)

NI System State Publisher (64-bit) (Version: 12.0.218.0)

NI System State Publisher (x32 Version: 12.0.358.0)

NI System Web Server 12.0 (x32 Version: 12.0.414.0)

NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0)

NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0)

NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0)

NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0)

NI TDM Streaming 2.4 (64 Bit) (Version: 2.4.55.0)

NI TDM Streaming 2.4 (x32 Version: 2.4.55.0)

NI Trace Engine (64-bit) (Version: 12.0.401.0)

NI Trace Engine (x32 Version: 12.0.401.0)

NI Uninstaller (x32 Version: 3.10.386)

NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011 SP1 (x32 Version: 11.0.302.0)

NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2012. (x32 Version: 12.0.363.0)

NI USI 2.0.0 (x32 Version: 2.0.04901)

NI USI 2.0.0 64-Bit (Version: 2.0.04901)

NI Variable Engine (64-bit) (Version: 2.6.296.0)

NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0)

NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.0.97.0)

NI VC2005MSMs x64 (Version: 8.05.0)

NI VC2005MSMs x86 (x32 Version: 8.05.0)

NI VC2008MSMs x64 (Version: 9.0.401)

NI VC2008MSMs x86 (x32 Version: 9.0.401)

NI VC2010MSMs x64 (Version: 10.0.001)

NI VC2010MSMs x86 (x32 Version: 10.0.001)

NI VIPM Helper 2012 (x32 Version: 12.0.211.0)

NI Web Application Server 12.0 (64 Bit) (Version: 12.0.422.0)

NI Web Application Server 12.0 (x32 Version: 12.0.422.0)

NI Web Interface Framework 2012 (x32 Version: 12.0.352.0)

NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0)

NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)

NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0)

NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0)

NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0)

NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0)

NI-ActiveX-Container (64-bit) (Version: 12.0.14.0)

NI-ActiveX-Container (x32 Version: 12.0.14.0)

NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152)

NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152)

NI-DSM 2012 (x32 Version: 12.0.55.0)

NI-Fehlerprotokolle 2012 (x32 Version: 12.0.172.0)

NI-Mesa (Version: 11.0.11.0)

NI-Mesa (x32 Version: 11.0.11.0)

NI-RPC 4.3.0f0 (x32 Version: 4.30.49152)

NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152)

NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152)

NI-Update-Dienst 2.1 (x32 Version: 2.10.114.0)

Notepad++ (x32 Version: 5.9)

PDF Blender (x32)

PDFCreator (x32 Version: 1.1.0)

Penguins! (x32 Version: 2.2.0.82)

Photo Service - powered by myphotobook (x32 Version: 1.0.7)

Photo Service - powered by myphotobook (x32 Version: 1.0.7-279)

Picasa 3 (x32 Version: 3.8)

Pidgin (x32 Version: 2.10.1)

Plants vs. Zombies (x32 Version: 2.2.0.82)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Polar Bowler (x32 Version: 2.2.0.82)

Programm zur Verbesserung der Benutzerfreundlichkeit (x32 Version: 1.0.138.0)

QuickTime (x32 Version: 7.69.80.9)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)

RealPlayer (x32)

Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.13.112.2010)

Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)

RealUpgrade 1.1 (x32 Version: 1.1.0)

Reset NI Config 5.0.0 (x32 Version: 5.0.146.0)

Runtime für den NI-Systemkonfigurator 5.3.0 (x32 Version: 5.30.427.0)

Samsung Kies (x32 Version: 2.0.2.11071_128)

SAMSUNG USB Driver for Mobile Phones (Version: 1.4.2.2)

Secure Diary 2.1 (x32)

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)

SigmaPlot 11.0 (x32 Version: 11.0)

Skype™ 6.1 (x32 Version: 6.1.129)

Solid Edge ST5 (Version: 105.00.0115)

Spotify (HKCU Version: 0.9.1.57.ge7405149)

Strawberry Perl (x32 Version: 5.10.261)

Synaptics Pointing Device Driver (Version: 15.0.8.1)

TeamViewer 8 (x32 Version: 8.0.16642)

TeX Live 2012 (HKCU Version: 2012)

Texmaker (x32)

Toshiba Assist (x32 Version: 3.00.11)

TOSHIBA Bulletin Board (Version: 1.6.07.64)

TOSHIBA Bulletin Board (x32 Version: 1.6.07.64)

TOSHIBA ConfigFree (x32 Version: 8.0.28)

TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)

TOSHIBA Face Recognition (Version: 3.1.3.64)

TOSHIBA Face Recognition (x32 Version: 3.1.3.64)

TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C)

TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)

Toshiba Manuals (x32 Version: 10.01)

TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)

TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.10)

TOSHIBA Online Product Information (x32 Version: 2.09.0001)

TOSHIBA PC Health Monitor (Version: 1.6.0.64)

TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64)

TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)

TOSHIBA ReelTime (Version: 1.6.06.64)

TOSHIBA ReelTime (x32 Version: 1.6.06.64)

TOSHIBA Service Station (x32 Version: 2.1.40)

TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C)

TOSHIBA Supervisorkennwort (x32 Version: 1.63.0.9C)

TOSHIBA TEMPRO (x32 Version: 3.34)

TOSHIBA Value Added Package (Version: 1.3.3.64)

TOSHIBA Value Added Package (x32 Version: 1.3.3.64)

TOSHIBA Web Camera Application (x32 Version: 1.1.1.15)

TRORMCLauncher (Version: 1.0.0.9)

TRORMCLauncher (x32 Version: )

Uninstall 1.0.0.1 (x32)

Unterstützung für NI SSL (64 Bit) (Version: 12.0.408.0)

Unterstützung für NI SSL (x32 Version: 12.0.408.0)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update für Microsoft Office Excel 2007 Help (KB963678) (x32)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update für Microsoft Office Word 2007 Help (KB963665) (x32)

Utility Common Driver (x32 Version: 1.0.52.1C)

VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)

VLC media player 1.1.5 (x32 Version: 1.1.5)

VobSub v2.23 (Remove Only) (x32)

Vokabeltrainer-Update 5.0.21 (x32 Version: 5.0.21)

WebEx (HKCU)

WIF Core Dependencies Windows 5.3.0 (x32 Version: 5.30.208.0)

WildTangent ORB Game Console (x32)

WildTangent-Spiele (x32 Version: 1.0.0.80)

Windows Live Call (x32 Version: 14.0.8064.0206)

Windows Live Communications Platform (x32 Version: 14.0.8064.206)

Windows Live Essentials (x32 Version: 14.0.8089.0726)

Windows Live Essentials (x32 Version: 14.0.8089.726)

Windows Live Fotogalerie (x32 Version: 14.0.8081.709)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

Windows Live Mail (x32 Version: 14.0.8089.0726)

Windows Live Messenger (x32 Version: 14.0.8089.0726)

Windows Live Movie Maker (x32 Version: 14.0.8091.0730)

Windows Live Sync (x32 Version: 14.0.8089.726)

Windows Live Writer (x32 Version: 14.0.8089.0726)

Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

Zuma Deluxe (x32 Version: 2.2.0.82)
 

==================== Restore Points  =========================
 

21-08-2013 16:38:33 Windows Update

22-08-2013 12:40:33 Installed Java 7 Update 25
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1479A6A1-366A-4963-8318-0519323FA7DC} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-06-08] (National Instruments)

Task: {16F0A3C8-0733-41F1-9155-ED4AD6EAA9F3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: {2C1D1896-AFBD-42C9-B2A3-3A759BFE4701} - System32\Tasks\DSite => C:\Users\martina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File

Task: {48F61705-5B36-4551-B391-85B1C73A696A} - System32\Tasks\EPUpdater => C:\Users\martina\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()

Task: {7D930BEF-03B1-4577-8032-7C9F42E9321F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7DA126A2-FB65-4BCF-B737-1E5A9A82D260} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)

Task: {8A8D49CD-CD47-4037-9AF0-8BBA2B00FBAF} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)

Task: {9806CEB0-1F62-4DD8-951A-CE3571E610CE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {C3C0E8AA-D86E-49DA-9DDE-14AD9B8A4386} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3029257629-2301306746-962001712-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)

Task: {CE6970B0-5EA3-4FC0-A3E2-6EB8ED269581} - System32\Tasks\AdobeAAMUpdater-1.0-mati-martina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-28] (Adobe Systems Incorporated)

Task: {E4AD5319-4EF6-4030-B999-A037EE01D1EB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3029257629-2301306746-962001712-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-01-24] (RealNetworks, Inc.)

Task: {FA643BEB-55BE-4175-8A65-B3C5C2390D0B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)

Task: C:\Windows\Tasks\DSite.job => C:\Users\martina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
 

==================== Faulty Device Manager Devices =============
 

Name: Broadcom 802.11n-Netzwerkadapter

Description: Broadcom 802.11n-Netzwerkadapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: BCM43XX

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/14/2013 11:26:13 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447

Name des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447

Ausnahmecode: 0x40000015

Fehleroffset: 0x000178f0

ID des fehlerhaften Prozesses: 0x12ec

Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0

Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1

Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2

Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3
 

Error: (08/13/2013 06:04:58 PM) (Source: ESENT) (User: )

Description: wlmail (6348) C:\Users\martina\AppData\Local\Microsoft\Windows Live Mail\Calendars\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
 

Error: (08/10/2013 10:13:57 PM) (Source: Application Hang) (User: )

Description: Programm firefox.exe, Version 22.0.0.4917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1334
 

Startzeit: 01ce95a6915325e0
 

Endzeit: 36
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: 60680c5c-01f9-11e3-a3f9-88ae1dea8d89
 

Error: (08/03/2013 10:24:04 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0002dede

ID des fehlerhaften Prozesses: 0x12ec

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (07/22/2013 08:59:23 PM) (Source: CVHSVC) (User: )

Description: Nur zur Information.

(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
 

Error: (07/12/2013 10:48:06 AM) (Source: Windows Search Service) (User: )

Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
 

Kontext:  Anwendung, SystemIndex Katalog
 

Error: (07/11/2013 05:06:00 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b

Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00173668

ID des fehlerhaften Prozesses: 0x1bf8

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (07/11/2013 00:06:50 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.1, Zeitstempel: 0x4d836e66

Name des fehlerhaften Moduls: DropboxExt.19.dll, Version: 1.0.0.19, Zeitstempel: 0x51549d60

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000741b

ID des fehlerhaften Prozesses: 0x8b4

Startzeit der fehlerhaften Anwendung: 0xMyPhoneExplorer.exe0

Pfad der fehlerhaften Anwendung: MyPhoneExplorer.exe1

Pfad des fehlerhaften Moduls: MyPhoneExplorer.exe2

Berichtskennung: MyPhoneExplorer.exe3
 

Error: (07/04/2013 00:43:12 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc

Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001c9789

ID des fehlerhaften Prozesses: 0xc30

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3
 

Error: (06/27/2013 11:27:09 AM) (Source: System Restore) (User: )

Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).
 
 

System errors:

=============

Error: (08/23/2013 01:09:12 PM) (Source: Service Control Manager) (User: )

Description: Dienst "WinZiper service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/23/2013 11:48:07 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
 

Error: (08/23/2013 11:47:54 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.
 

Error: (08/22/2013 05:25:40 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "CHRISTIAN-SATEL",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (08/20/2013 09:57:33 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BENJAMIN-ACER",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (08/20/2013 08:38:28 PM) (Source: NetBT) (User: )

Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 172.17.60.40

registriert werden. Der Computer mit IP-Adresse 172.17.60.110 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (08/20/2013 06:54:30 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JONASDESKTOPPC",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5BD30CD0-5CB2-4F44-8A54-38798095746B}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (08/20/2013 05:33:13 PM) (Source: NetBT) (User: )

Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 172.17.60.40

registriert werden. Der Computer mit IP-Adresse 172.17.60.157 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (08/20/2013 08:22:06 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
 

Error: (08/20/2013 08:21:06 AM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
 
 

Microsoft Office Sessions:

=========================

Error: (06/22/2013 05:03:46 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 622 seconds with 540 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2011-04-04 15:21:33.983

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.959

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.928

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.860

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.806

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.771

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.725

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.645

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.496

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2011-04-04 15:21:33.264

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 70%

Total physical RAM: 3954.67 MB

Available physical RAM: 1183.24 MB

Total Pagefile: 7907.53 MB

Available Pagefile: 5179.93 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:2.34 GB) NTFS

Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:110.42 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 40D49AEE)

Partition 1: (Active) - (Size=400 MB) - (Type=27)

Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

GMER

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-08-23 14:15:13

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\martina\AppData\Local\Temp\pxddypod.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                       fffff800025a2000 54 bytes [48, 8B, DA, 48, 8B, E9, 4C, ...]

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 599                                                                                       fffff800025a2037 41 bytes [8B, 44, 24, 40, 48, 8D, 4C, ...]
 

---- User code sections - GMER 2.1 ----
 

.text     C:\ProgramData\eSafe\eGdpSvc.exe[1520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                           0000000076911465 2 bytes [91, 76]

.text     C:\ProgramData\eSafe\eGdpSvc.exe[1520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                          00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                     00000000714a1a22 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                     00000000714a1ad0 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                     00000000714a1b08 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                     00000000714a1bba 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                     00000000714a1bda 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000076911465 2 bytes [91, 76]

.text     C:\Windows\SysWOW64\lkads.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                       0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                      00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                   00000000714a1a22 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                   00000000714a1ad0 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                   00000000714a1b08 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                   00000000714a1bba 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                   00000000714a1bda 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000076911465 2 bytes [91, 76]

.text     C:\Windows\SysWOW64\lkcitdl.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                           00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                    00000000714a1a22 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                    00000000714a1ad0 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                    00000000714a1b08 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                    00000000714a1bba 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                    00000000714a1bda 2 bytes [4A, 71]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000076911465 2 bytes [91, 76]

.text     C:\Windows\SysWOW64\lktsrv.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

?         C:\Windows\system32\mssprxy.dll [3952] entry point in ".rdata" section                                                                                   000000006fc771e6

.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Windows\SysWOW64\rundll32.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000076911465 2 bytes [91, 76]

.text     C:\Windows\SysWOW64\rundll32.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe[6124] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                   0000000076911465 2 bytes [91, 76]

.text     C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe[6124] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                  00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2

.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000076911465 2 bytes [91, 76]

.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000769114bb 2 bytes [91, 76]

.text     ...                                                                                                                                                      * 2
 

---- Threads - GMER 2.1 ----
 

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2476]                                                                  0000000077592e65

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2492]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2496]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2500]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2504]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2512]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2524]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2528]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2552]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2556]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2568]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2728]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2732]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2776]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2784]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2788]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2792]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2796]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2800]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2808]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2824]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2916]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2148]                                                                  0000000077593e85

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:2988]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:3352]                                                                  0000000071c91c2f

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:3384]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4112]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4116]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:4120]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:5504]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:5512]                                                                  00000000722329e1

Thread    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2432:6392]                                                                  0000000077593e85

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6716]                                                                                           000007fefb772a7c

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6772]                                                                                           000007feed4fd618

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [6344:6832]                                                                                           000007fef7d35124
 

---- EOF - GMER 2.1 ----

Danke schonmal im Voraus

Danke für die Antwort!

Hier meine neuen Log-Files:

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.23.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

martina :: MATI [Administrator]
 

Schutz: Aktiviert
 

23.08.2013 15:36:46

mbam-log-2013-08-23 (15-36-46).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 224555

Laufzeit: 11 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 1

C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1520 -> Löschen bei Neustart.
 

Infizierte Speichermodule: 1

C:\Users\martina\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
 

Infizierte Registrierungsschlüssel: 42

HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\d (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{44444444-4444-4444-4444-440144614450} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{55555555-5555-5555-5555-550155615550} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CrossriderApp0016150.BHO.1 (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111611150} (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 6

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: zr2X2X1G1S1F2V1S2Q0V -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Daten: C:\Windows\SysWOW64\rundll32.exe  "C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 6

C:\Users\martina\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.

C:\Users\martina\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.

C:\Program Files (x86)\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 23

C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Local\Temp\eIntaller\8F290658AF7E4335A9486C7E9174453F\eGdpSvc.exe (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Local\Temp\is1590112554\270331241_Setup.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Löschen bei Neustart.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.A.BabSolution) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\martina\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\DKB-Cashback\DKB-Cashback.dll (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

AdwCleaner Logfile:

Code:

# AdwCleaner v3.000 - Report created 23/08/2013 at 16:12:51

# Updated 20/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : martina - MATI

# Running from : C:\Users\martina\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar

Folder Deleted : C:\Program Files (x86)\delta

Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar

Folder Deleted : C:\Program Files (x86)\optimizer pro

Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Folder Deleted : C:\Users\martina\AppData\Local\Temp\eIntaller

Folder Deleted : C:\Users\martina\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\martina\AppData\Roaming\DSite

Folder Deleted : C:\Users\martina\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml

File Deleted : C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\user.js

File Deleted : C:\Windows\Tasks\DSite.job

File Deleted : C:\Windows\System32\Tasks\DSite

File Deleted : C:\Windows\System32\Tasks\EPUpdater
 

***** [ Shortcuts ] *****
 

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

Shortcut Disinfected : C:\Users\martina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016150.Sandbox.1

Key Deleted : HKLM\SOFTWARE\957d88be569ec46

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\ICQ\ICQToolbar

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\delta-homesSoftware

Key Deleted : HKLM\Software\eSafeSecControl

Key Deleted : HKLM\Software\ICQ\ICQToolbar

Key Deleted : HKLM\Software\qvo6Software

Key Deleted : HKLM\Software\V9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v10.0.9200.16660
 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v23.0.1 (de)
 

[ File : C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\prefs.js ]
 

Line Deleted : user_pref("browser.search.defaultenginename", "qvo6");

Line Deleted : user_pref("browser.search.order.1", "qvo6");

Line Deleted : user_pref("browser.search.selectedEngine", "qvo6");

Line Deleted : user_pref("extensions.crossrider.bic", "13e5fae89c865cd09447e7745030e9d6");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationThankYouPage", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationTime", 1367404856);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.searchUserConifrmation", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setHomepage", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setNewTab", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.InstallationUserSettings.setSearch", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.active", true);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.addressbar", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.addressbarenhanced", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.asyncdb_dbWasSet", true);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.asyncinternaldb_dbWasSet", true);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.backgroundjs", "\n\n/************************************************************************************\n  This is your background code.\n  For more in[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.backgroundver", 7);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.can_run_bg_code", true);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.certdomaininstaller", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.changeprevious", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app16150%22%3A%22app16150%22%2C%22DE%22%3A%22DE%22%7D");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.value", "1367404856");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.description", "Mit der DKB-Cashback Erweiterung finden Sie schnell und einfach alle Online-Cashbacks. Somit verpassen Sie keinen Vorteil mehr.");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.domain", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.enablesearch", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.fbremoteurl", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.group", 0);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.homepage", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.iframe", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22D9552A7BD4E64BA3A976F9F3E940D0CDIE%22%2C%22installer_verifier%22%3A%2250a5048c56168b[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.value", "43");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.value", "45");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.value", "%7B%22jquery.js%22%3A%7B%22id%22%3A210832%2C%22ver%22%3A45%2C%22status%22%3A1%2C%22name%22%3A%22jquery.js%22%2C%22url%[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.expiration", "Fri Aug 23 2013 17:27:48 GMT+0200");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.value", "true");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.value", "%7B%7D");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.expiration", "Sun Nov 03 2013 09:44:02 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.value", "%22/*%21%20jQuery%20v1.8.2%20jquery.com%20%7C%20jquery.org/license%20*/%5Cr%5Cn%28function%28a%2Cb%29%7Bfun[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.expiration", "Wed Oct 23 2013 16:03:48 GMT+0200");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.value", "%22.bottomtxt%5Cn%7B%5Cncolor%3A%23ffffff%20%21important%3B%5Cnmargin-top%3A5px%20%21important%3B%20%5Cntex[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.expiration", "Sun Nov 03 2013 09:44:02 GMT+0100");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.value", "%22/*%21%5Cr%5Cn%20*%20jQuery%20blockUI%20plugin%5Cr%5Cn%20*%20Version%202.45%20%2813-SEP-2012%29%5Cr%5Cn%2[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.js", "\n\n  /************************************************************************************\n  This is your Page Code. The appAPI.ready() code bloc[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.manifesturl", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.name", "DKB-Cashback");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.newtab", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.opensearch", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.name", "base");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.ver", 6);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.name", "CrossriderAppUtils");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.ver", 3);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.name", "CrossriderUtils");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.ver", 9);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.name", "FFAppAPIWrapper");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.ver", 9);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.name", "jQuery");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.ver", 4);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.name", "debug");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.ver", 4);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.name", "resources");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.ver", 4);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.name", "initializer");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.ver", 3);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.name", "jquery_1_7_1");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.ver", 4);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.name", "resources_background");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.ver", 3);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|right/,d=/top|center|bottom/,b=f.fn.position,a=f.fn.offset;f.fn.position=function([...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.name", "notifications");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.ver", 5);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.name", "appApiMessage");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.ver", 2);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},regis[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.name", "hooks");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.ver", 2);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.name", "appApiValidation");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.ver", 3);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.name", "CrossriderInfo");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.ver", 3);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;th[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.name", "search_engine_hook");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.ver", 2);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.name", "omniCommands");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.ver", 2);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,7,98,9,5,28");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/16150/plugins/091/ff/plugins.json");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.pluginsversion", 27);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.publisher", "dkbbrowserextension");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.searchstatus", 0);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.setnewtab", false);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.settingsurl", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.thankyou", "");

Line Deleted : user_pref("extensions.crossriderapp16150.16150.updateinterval", 360);

Line Deleted : user_pref("extensions.crossriderapp16150.16150.ver", 43);

Line Deleted : user_pref("extensions.crossriderapp16150.adsOldValue", -1);

Line Deleted : user_pref("extensions.crossriderapp16150.apps", "16150");

Line Deleted : user_pref("extensions.crossriderapp16150.bic", "13e5fae89c865cd09447e7745030e9d6");

Line Deleted : user_pref("extensions.crossriderapp16150.cid", 16150);

Line Deleted : user_pref("extensions.crossriderapp16150.firstrun", false);

Line Deleted : user_pref("extensions.crossriderapp16150.hadappinstalled", true);

Line Deleted : user_pref("extensions.crossriderapp16150.installationdate", 1367404874);

Line Deleted : user_pref("extensions.crossriderapp16150.lastcheck", 22954168);

Line Deleted : user_pref("extensions.crossriderapp16150.lastcheckitem", 22954450);

Line Deleted : user_pref("extensions.crossriderapp16150.modetype", "production");

Line Deleted : user_pref("extensions.crossriderapp16150.reportInstall", true);

Line Deleted : user_pref("extensions.crossriderapp16150.statsDailyCounter", 303);

Line Deleted : user_pref("extensions.delta.admin", false);

Line Deleted : user_pref("extensions.delta.aflt", "babsst");

Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

Line Deleted : user_pref("extensions.delta.autoRvrt", "false");

Line Deleted : user_pref("extensions.delta.dfltLng", "de");

Line Deleted : user_pref("extensions.delta.excTlbr", false);

Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);

Line Deleted : user_pref("extensions.delta.id", "ba6bae0700000000000088ae1dea8d89");

Line Deleted : user_pref("extensions.delta.instlDay", "15917");

Line Deleted : user_pref("extensions.delta.instlRef", "sst");

Line Deleted : user_pref("extensions.delta.newTab", false);

Line Deleted : user_pref("extensions.delta.prdct", "delta");

Line Deleted : user_pref("extensions.delta.prtnrId", "delta");

Line Deleted : user_pref("extensions.delta.rvrt", "false");

Line Deleted : user_pref("extensions.delta.smplGrp", "none");

Line Deleted : user_pref("extensions.delta.tlbrId", "base");

Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");

Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");

Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.013:33:52");

Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");

Line Deleted : user_pref("extensions.delta_i.babExt", "");

Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123884&tsp=4960");

Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

Line Deleted : user_pref("extensions.enabledAddons", "%7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13,crossriderapp16150%40crossrider.com:0.91.42,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");

Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\DivX\\\\DivX Plus Web Playe[...]

Line Deleted : user_pref("icqtoolbar.allowSendURL", false);

Line Deleted : user_pref("icqtoolbar.engineVerified", false);

Line Deleted : user_pref("icqtoolbar.geolastmodified", 1306146232);

Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");

Line Deleted : user_pref("icqtoolbar.history", "icq%20toolbarentfernen||icq%20sidebar%20entfernen||fdghd||fdgd||gjuk7||english%20poem||tischgrill%20korea||gaskocher%20amazon||phosphorylase%20phosphylase||dehydroqina[...]

Line Deleted : user_pref("icqtoolbar.icqgeo", 82);

Line Deleted : user_pref("icqtoolbar.installTime", "1306146232");

Line Deleted : user_pref("icqtoolbar.newtab_state", "0");

Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);

Line Deleted : user_pref("icqtoolbar.previousFFVersion", "4.0.1");

Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");

Line Deleted : user_pref("icqtoolbar.suggestions", false);

Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);

Line Deleted : user_pref("icqtoolbar.uniqueID", "129238903812923889621292396150512");

Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1306232634);

Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);

Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);

Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);

Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);

Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);

Line Deleted : user_pref("icqtoolbar.xmlLanguage", "de");

Line Deleted : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");
 

*************************
 

AdwCleaner[R0].txt - [28830 octets] - [23/08/2013 16:11:27]

AdwCleaner[S0].txt - [26574 octets] - [23/08/2013 16:12:51]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26635 octets] ##########

--- --- ---

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by martina on 23.08.2013 at 16:20:22,22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122612250}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166616650}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220122612250}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166616650}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166616650}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166616650}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted: [Folder] C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\extensions\crossriderapp16150@crossrider.com

Successfully deleted the following from C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\prefs.js
 

user_pref("extensions.crossrider.bic", "140ab89f8d2749abd55839be9d1e7145");

user_pref("extensions.crossriderapp16150.16150.InstallationThankYouPage", false);

user_pref("extensions.crossriderapp16150.16150.InstallationTime", 1377267481);

user_pref("extensions.crossriderapp16150.16150.active", true);

user_pref("extensions.crossriderapp16150.16150.addressbar", "");

user_pref("extensions.crossriderapp16150.16150.addressbarenhanced", "");

user_pref("extensions.crossriderapp16150.16150.asyncdb_dbWasSet", true);

user_pref("extensions.crossriderapp16150.16150.asyncinternaldb_dbWasSet", true);

user_pref("extensions.crossriderapp16150.16150.backgroundjs", "\n\n/************************************************************************************\n  This is your backgr

user_pref("extensions.crossriderapp16150.16150.backgroundver", 7);

user_pref("extensions.crossriderapp16150.16150.can_run_bg_code", true);

user_pref("extensions.crossriderapp16150.16150.certdomaininstaller", "");

user_pref("extensions.crossriderapp16150.16150.changeprevious", false);

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app16150%22%3A%22app16150%22%2C%22DE%22%3A%22DE%22%7

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_css.expiration", "Sat Aug 24 2013 16:18:07 GMT+0200");

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5Cn%5Cn.%25CSSClass%25-top-left%

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_geolocation.expiration", "Fri Aug 30 2013 16:18:07 GMT+0200");

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_geolocation.value", "%22DE%22");

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_metadata.expiration", "Sat Aug 24 2013 16:18:07 GMT+0200");

user_pref("extensions.crossriderapp16150.16150.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A16150%2C%22appName%22%3A%22DKB-Cashback%22%2C%22lastMessageId%22%3A

user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.cookie.InstallationTime.value", "1377267481");

user_pref("extensions.crossriderapp16150.16150.description", "Mit der DKB-Cashback Erweiterung finden Sie schnell und einfach alle Online-Cashbacks. Somit verpassen Sie keinen

user_pref("extensions.crossriderapp16150.16150.domain", "");

user_pref("extensions.crossriderapp16150.16150.enablesearch", false);

user_pref("extensions.crossriderapp16150.16150.homepage", "");

user_pref("extensions.crossriderapp16150.16150.iframe", false);

user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_appVer.value", "43");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_lastVersion.value", "45");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_meta.value", "%7B%22jquery.js%22%3A%7B%22id%22%3A210832%2C%22ver%22%3A45%2C%22status%22%3A1%2C%22name%22%3A

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.expiration", "Fri Aug 23 2013 22:18:03 GMT+0200");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_nextCheck.value", "true");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_queue.value", "%7B%7D");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.expiration", "Thu Nov 21 2013 15:18:44 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210832.value", "%22/*%21%20jQuery%20v1.8.2%20jquery.com%20%7C%20jquery.org/license%20*/%5Cr%5Cn%28

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.expiration", "Thu Nov 21 2013 15:18:03 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210833.value", "%22.bottomtxt%5Cn%7B%5Cncolor%3A%23ffffff%20%21important%3B%5Cnmargin-top%3A5px%20

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.expiration", "Thu Nov 21 2013 15:18:44 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.Resources_resource_210834.value", "%22/*%21%5Cr%5Cn%20*%20jQuery%20blockUI%20plugin%5Cr%5Cn%20*%20Version%202.45%20%2

user_pref("extensions.crossriderapp16150.16150.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");

user_pref("extensions.crossriderapp16150.16150.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D

user_pref("extensions.crossriderapp16150.16150.js", "\n\n  /************************************************************************************\n  This is your Page Code. The

user_pref("extensions.crossriderapp16150.16150.manifesturl", "");

user_pref("extensions.crossriderapp16150.16150.name", "DKB-Cashback");

user_pref("extensions.crossriderapp16150.16150.newtab", "");

user_pref("extensions.crossriderapp16150.16150.opensearch", "");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.name", "base");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_1.ver", 6);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.name", "CrossriderAppUtils");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_13.ver", 3);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.name", "CrossriderUtils");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_14.ver", 9);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.name", "FFAppAPIWrapper");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_16.ver", 9);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n 

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.name", "jQuery");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_17.ver", 4);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.name", "debug");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_21.ver", 4);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.name", "resources");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_22.ver", 4);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.name", "initializer");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_28.ver", 3);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.name", "jquery_1_7_1");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_4.ver", 4);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.name", "resources_background");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_47.ver", 3);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};var e=/left|center|right/,d=/top|center|bottom/,b=f.fn.position,a=f.fn.offse

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.name", "notifications");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_5.ver", 5);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);}

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.name", "appApiMessage");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_64.ver", 2);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){del

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.name", "hooks");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_7.ver", 2);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PA

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.name", "appApiValidation");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_72.ver", 3);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.name", "CrossriderInfo");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_78.ver", 3);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var f={keyDelay:1000},e,h;return{i

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.name", "search_engine_hook");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_9.ver", 2);

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===t

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.name", "omniCommands");

user_pref("extensions.crossriderapp16150.16150.plugins.plugin_98.ver", 2);

user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");

user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,7,98,9,5,28");

user_pref("extensions.crossriderapp16150.16150.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

user_pref("extensions.crossriderapp16150.16150.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/16150/plugins/091/ff/plugins.json");

user_pref("extensions.crossriderapp16150.16150.pluginsversion", 27);

user_pref("extensions.crossriderapp16150.16150.publisher", "dkbbrowserextension");

user_pref("extensions.crossriderapp16150.16150.searchstatus", 0);

user_pref("extensions.crossriderapp16150.16150.setnewtab", false);

user_pref("extensions.crossriderapp16150.16150.thankyou", "");

user_pref("extensions.crossriderapp16150.16150.updateinterval", 360);

user_pref("extensions.crossriderapp16150.16150.ver", 43);

user_pref("extensions.crossriderapp16150.apps", "16150");

user_pref("extensions.crossriderapp16150.bic", "140ab89f8d2749abd55839be9d1e7145");

user_pref("extensions.crossriderapp16150.cid", 16150);

user_pref("extensions.crossriderapp16150.firstrun", false);

user_pref("extensions.crossriderapp16150.hadappinstalled", true);

user_pref("extensions.crossriderapp16150.installationdate", 1377267481);

user_pref("extensions.crossriderapp16150.lastcheck", 22954458);

user_pref("extensions.crossriderapp16150.lastcheckitem", 22954459);

user_pref("extensions.crossriderapp16150.modetype", "production");

user_pref("extensions.crossriderapp16150.reportInstall", true);

user_pref("extensions.crossriderapp16150.statsDailyCounter", 1);

Emptied folder: C:\Users\martina\AppData\Roaming\mozilla\firefox\profiles\qdoyiyid.default\minidumps [329 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23.08.2013 at 16:26:31,48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013

Ran by martina (administrator) on 23-08-2013 16:28:04

Running from C:\Users\martina\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe

(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Dropbox, Inc.) C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()

MountPoints2: {08396626-a6a6-11e0-8fc7-88ae1dea8d89} - G:\LaunchU3.exe

MountPoints2: {300ed201-29af-11e0-96c1-e839dfc60cff} - F:\autorun.exe

HKLM-x32\...\Run: [EfficientDiary] -  [x]

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NI Update Service] - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [851592 2012-06-08] (National Instruments)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk

ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\martina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545032B9A300_100902PBN303GTJW4L4RX&ts=1377249900

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {2354F87B-ED23-40A1-BD87-457F0EA49912} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}

SearchScopes: HKCU - {55D322A5-0449-4386-86F4-B8B8B173B0D6} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2

SearchScopes: HKCU - {6FC1E802-D935-492C-AA80-B6ABBD833117} URL = hxxp://www.google.de/search?q={searchTerms}

SearchScopes: HKCU - {81C19745-6CDB-420E-A5E4-24C39B5B306C} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)

Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)

Tcpip\Parameters: [DhcpNameServer] 131.188.0.10 131.188.0.11
 

FireFox:

========

FF ProfilePath: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default

FF Homepage: www.google.de

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)

FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 - C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @mytalkpal.com/ffplugin - C:\Program Files (x86)\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll (Shanghai Qitai Tech. Co., Ltd.)

FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\searchplugins\searchplugins-backup

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: DownloadHelper - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF Extension: No Name - C:\Users\martina\AppData\Roaming\Mozilla\Firefox\Profiles\qdoyiyid.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx

CHR HKLM-x32\...\Chrome\Extension: [ggmccnonmeooloobeejjmdjlneipfmna] - C:\Users\martina\AppData\Local\DKB-Cashback\Chrome\DKB-Cashback.crx

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
 

==================== Services (Whitelisted) =================
 

R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)

R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)

R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

R2 MSSQL$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-23] (National Instruments Corporation)

R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)

S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)

R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)

S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)

R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)

R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-06] (National Instruments Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)

R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-10-26] (Toshiba Europe GmbH)

R2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:CSSQL05 [x]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-27] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-23 16:20 - 2013-08-23 16:20 - 00000000 ____D C:\Windows\ERUNT

2013-08-23 16:19 - 2013-08-23 16:19 - 01021434 _____ (Thisisu) C:\Users\martina\Desktop\JRT.exe

2013-08-23 16:16 - 2013-08-23 16:16 - 00026720 _____ C:\Users\martina\Desktop\AdwCleaner[S0].txt

2013-08-23 16:11 - 2013-08-23 16:13 - 00000000 ____D C:\AdwCleaner

2013-08-23 16:06 - 2013-08-23 16:14 - 00000112 _____ C:\Windows\setupact.log

2013-08-23 16:06 - 2013-08-23 16:06 - 00000000 _____ C:\Windows\setuperr.log

2013-08-23 15:54 - 2013-08-23 15:54 - 00007440 _____ C:\Windows\PFRO.log

2013-08-23 15:35 - 2013-08-23 15:35 - 00000000 ____D C:\Users\martina\AppData\Roaming\Malwarebytes

2013-08-23 15:34 - 2013-08-23 15:34 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-23 15:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-23 15:32 - 2013-08-23 15:33 - 00975858 _____ C:\Users\martina\Desktop\adwcleaner.exe

2013-08-23 15:32 - 2013-08-23 15:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\martina\Desktop\mbam-setup-1.75.0.1300.exe

2013-08-23 14:29 - 2013-08-23 14:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-08-23 14:29 - 2013-08-23 14:29 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-08-23 14:28 - 2013-08-23 14:29 - 03395840 _____ (Piriform Ltd) C:\Users\martina\Desktop\ccsetup404_slim.exe

2013-08-23 14:02 - 2013-08-23 14:15 - 00021649 _____ C:\Users\martina\Desktop\Gmer.txt

2013-08-23 13:49 - 2013-08-23 13:49 - 00377856 _____ C:\Users\martina\Desktop\gmer_2.1.19163.exe

2013-08-23 13:45 - 2013-08-23 13:46 - 00042256 _____ C:\Users\martina\Desktop\Addition.txt

2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST

2013-08-23 13:41 - 2013-08-23 13:42 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe

2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log

2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable

2013-08-23 13:40 - 2013-08-23 13:41 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe

2013-08-23 11:32 - 2013-08-23 11:40 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer

2013-08-23 11:26 - 2013-08-23 13:09 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-08-23 11:25 - 2013-08-23 13:12 - 00000000 ____D C:\Program Files\PDFCreator

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data

2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe

2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm

2013-08-22 14:42 - 2013-08-22 14:41 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-22 14:42 - 2013-08-22 14:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-17 12:02 - 2013-08-17 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 00:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 00:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 00:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 00:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 00:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 00:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 00:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 00:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 00:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 00:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 00:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 00:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 00:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 00:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 00:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 00:05 - 2013-08-15 00:09 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 20:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 20:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 20:28 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 20:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 20:28 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 20:28 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 20:28 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 20:28 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 20:28 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 20:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 20:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 20:28 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 20:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 20:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 20:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 20:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 20:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 20:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 20:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 20:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 20:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 20:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 20:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar

2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff

2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma

2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk

2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
 

==================== One Month Modified Files and Folders =======
 

2013-08-23 16:26 - 2013-08-23 16:26 - 00015679 _____ C:\Users\martina\Desktop\JRT.txt

2013-08-23 16:22 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-23 16:22 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-23 16:20 - 2013-08-23 16:20 - 00000000 ____D C:\Windows\ERUNT

2013-08-23 16:19 - 2013-08-23 16:19 - 01021434 _____ (Thisisu) C:\Users\martina\Desktop\JRT.exe

2013-08-23 16:16 - 2013-08-23 16:16 - 00026720 _____ C:\Users\martina\Desktop\AdwCleaner[S0].txt

2013-08-23 16:16 - 2012-11-11 15:04 - 00000000 ____D C:\Users\martina\AppData\Roaming\Dropbox

2013-08-23 16:14 - 2013-08-23 16:06 - 00000112 _____ C:\Windows\setupact.log

2013-08-23 16:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-23 16:13 - 2013-08-23 16:11 - 00000000 ____D C:\AdwCleaner

2013-08-23 16:13 - 2010-09-24 04:46 - 01996104 _____ C:\Windows\WindowsUpdate.log

2013-08-23 16:12 - 2010-12-13 01:46 - 00001056 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-08-23 16:12 - 2010-12-01 21:03 - 00001006 _____ C:\Users\martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-08-23 16:06 - 2013-08-23 16:06 - 00000000 _____ C:\Windows\setuperr.log

2013-08-23 15:54 - 2013-08-23 15:54 - 00007440 _____ C:\Windows\PFRO.log

2013-08-23 15:52 - 2013-05-01 12:41 - 00000000 ____D C:\Program Files (x86)\DKB-Cashback

2013-08-23 15:35 - 2013-08-23 15:35 - 00000000 ____D C:\Users\martina\AppData\Roaming\Malwarebytes

2013-08-23 15:34 - 2013-08-23 15:34 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-23 15:34 - 2013-08-23 15:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-23 15:33 - 2013-08-23 15:32 - 00975858 _____ C:\Users\martina\Desktop\adwcleaner.exe

2013-08-23 15:32 - 2013-08-23 15:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\martina\Desktop\mbam-setup-1.75.0.1300.exe

2013-08-23 14:44 - 2011-01-14 05:02 - 00000000 ____D C:\Users\martina\AppData\Roaming\DAEMON Tools Lite

2013-08-23 14:43 - 2010-12-23 10:23 - 00000000 ____D C:\Program Files (x86)\PDFCreator

2013-08-23 14:39 - 2010-04-19 09:27 - 00000000 ____D C:\Windows\Panther

2013-08-23 14:29 - 2013-08-23 14:29 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-08-23 14:29 - 2013-08-23 14:29 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-08-23 14:29 - 2013-08-23 14:28 - 03395840 _____ (Piriform Ltd) C:\Users\martina\Desktop\ccsetup404_slim.exe

2013-08-23 14:29 - 2011-09-07 17:09 - 00000000 ____D C:\Program Files\CCleaner

2013-08-23 14:15 - 2013-08-23 14:02 - 00021649 _____ C:\Users\martina\Desktop\Gmer.txt

2013-08-23 13:49 - 2013-08-23 13:49 - 00377856 _____ C:\Users\martina\Desktop\gmer_2.1.19163.exe

2013-08-23 13:46 - 2013-08-23 13:45 - 00042256 _____ C:\Users\martina\Desktop\Addition.txt

2013-08-23 13:43 - 2013-08-23 13:43 - 00000000 ____D C:\FRST

2013-08-23 13:42 - 2013-08-23 13:41 - 01576474 _____ (Farbar) C:\Users\martina\Desktop\FRST64.exe

2013-08-23 13:41 - 2013-08-23 13:41 - 00000546 _____ C:\Users\martina\Desktop\defogger_disable.log

2013-08-23 13:41 - 2013-08-23 13:41 - 00000168 _____ C:\Users\martina\defogger_reenable

2013-08-23 13:41 - 2013-08-23 13:40 - 00050477 _____ C:\Users\martina\Desktop\Defogger.exe

2013-08-23 13:41 - 2010-12-01 20:51 - 00000000 ____D C:\Users\martina

2013-08-23 13:12 - 2013-08-23 11:25 - 00000000 ____D C:\Program Files\PDFCreator

2013-08-23 13:09 - 2013-08-23 11:26 - 00000000 ____D C:\Program Files (x86)\WinZipper

2013-08-23 13:04 - 2009-07-14 19:58 - 00784854 _____ C:\Windows\system32\perfh007.dat

2013-08-23 13:04 - 2009-07-14 19:58 - 00178964 _____ C:\Windows\system32\perfc007.dat

2013-08-23 13:04 - 2009-07-14 07:13 - 01845004 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-23 11:40 - 2013-08-23 11:32 - 00000000 ____D C:\Users\martina\AppData\Local\CUSTPDF Writer

2013-08-23 11:26 - 2011-02-20 00:03 - 00421032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2013-08-23 11:26 - 2011-02-19 01:40 - 00773800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2013-08-23 11:25 - 2013-08-23 11:25 - 00000000 ____D C:\User Data

2013-08-23 11:23 - 2013-08-23 11:23 - 01245288 _____ C:\Users\martina\Downloads\PDFCreatorSetup.exe

2013-08-23 10:29 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Roaming\Spotify

2013-08-22 17:21 - 2012-03-22 19:20 - 00000000 ____D C:\Users\martina\AppData\Local\Spotify

2013-08-22 14:46 - 2013-08-22 14:46 - 00002964 _____ C:\Users\martina\Desktop\Theoretical-analysis-of-convective-flow-profiels-in-a-hollow-fiber-membrane-bioreactor_1990_Chemical-Engineering-Science.htm

2013-08-22 14:41 - 2013-08-22 14:42 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-22 14:41 - 2013-08-22 14:42 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-22 14:41 - 2013-08-22 14:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-22 14:41 - 2013-08-22 14:41 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-22 14:41 - 2011-07-09 07:23 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-19 14:43 - 2012-10-14 23:03 - 00000000 ____D C:\Users\martina\Documents\Citavi 3

2013-08-19 09:11 - 2012-04-27 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-18 19:39 - 2010-12-15 08:51 - 00000000 ____D C:\Users\martina\AppData\Roaming\ICQ

2013-08-17 12:03 - 2013-08-17 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-15 00:09 - 2013-08-15 00:05 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 00:09 - 2010-12-02 21:44 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-15 00:05 - 2010-12-01 22:00 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 17:49 - 2012-11-24 21:54 - 00000000 ____D C:\Users\Public\Documents\Rezepte

2013-08-14 12:41 - 2011-02-12 04:45 - 00000000 ____D C:\Users\martina\Documents\Bewerbung

2013-08-13 23:09 - 2011-02-21 12:16 - 00000000 ____D C:\Users\martina\Documents\KOREA

2013-08-09 15:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool

2013-08-07 19:16 - 2013-08-07 19:16 - 50393100 _____ C:\Users\martina\Downloads\vff.rar

2013-08-07 19:16 - 2013-08-07 19:16 - 00000000 ____D C:\Users\martina\Downloads\vff

2013-08-07 15:04 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-05 09:47 - 2013-08-05 09:47 - 00000000 ____D C:\Users\martina\Desktop\imma

2013-08-04 13:28 - 2012-10-14 23:01 - 00000000 ____D C:\Users\martina\AppData\Roaming\Swiss Academic Software

2013-08-04 10:52 - 2011-01-02 09:01 - 00000000 ___RD C:\Users\martina\Desktop\Studium

2013-07-31 13:38 - 2011-08-07 11:25 - 00000000 ____D C:\Users\martina\AppData\Roaming\MyPhoneExplorer

2013-07-31 13:34 - 2013-07-31 13:34 - 00002064 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk

2013-07-31 13:34 - 2011-08-07 11:24 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer

2013-07-31 13:21 - 2013-07-31 13:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2013-07-26 07:13 - 2013-08-15 00:14 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-15 00:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-15 00:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-15 00:14 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-15 00:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-15 00:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-15 00:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-15 00:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-15 00:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-15 00:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-15 00:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-15 00:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-15 00:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 11:25 - 2013-08-14 20:28 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-14 20:28 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
 

Files to move or delete:

====================

C:\Users\martina\iFunBox.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-22 15:18
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Dankeschön!