Windows 7 infiziert: Spyhunter 4 + antivirus security pro +?

Klara55 · 11.09.2013, 19:42

Guten Abend,

bitte um Verständnis, obwohl neu angemeldet - ich nur kurz mein Total-Crash erläutern kann. Entweder wird mir der Internetzugang abrupt abgebrochen oder ich werde auf "gewollte" Seiten umgeleitet.

Bin verzweifelt sowie völlig fassungslos - über die unglaublichen Möglichkeiten von derartigen Angriffen. Die Berechtigung als alleiniger "Administrator" handeln zu können wurde bereits kassiert.

Bemerke gerade eben, dass wieder versucht wird auf mich zuzugreifen. Habe mich über Google.de ein gelockt, da ich 0-Ahnung habe wie gefährlich es sein könnte - über mein Postfach bei web.de zu posten.

Bin wirklich verzweifelt und am Ende angelangt und erschwerend = vollkommener Laie. Ich bin völlig auf Eure Hilfsbereitschaft angewiesen. Aber auf welchem Weg könnte ich diese Hilfe erhalten, ohne mich bei web.de einzulocken (Outlook wurde auch bereits eliminiert). Bin mir noch nicht einmal sicher, ob überhaupt zugelassen wird, dass ich diese Nachricht überhaupt posten kann?

Versuche nun einige Logs zu posten: bin am Ende = wird nicht genehmigt von meinen neuen Mit-Administratoren - kann wirklich nicht mehr. Welchen Ausweg soll/könnte in dieser Situation noch möglich sein?

Ich werde versuchen, später nochmals über Google in Eurer Board hereinzukommen, sollte noch Internet funktionieren. Wenn nicht versuche ich es Morgen über meine Arbeitsstätte.

Im voraus vielen Dank an diejenigen, die vielleicht bereit sein werden - mir behilflich zu sein.

schrauber · 11.09.2013, 19:54

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Klara55 · 11.09.2013, 21:31

Vielen Dank = an User Schrauber - für die "Blitzantwort".

Wenn ich hochfahre - erscheinen folgende"Kommentare":
SpyHunter Compact
Scanning 'Host' directory ...
Finishing ....
SpyHunter. fixe not found!
It is safe to restart your Computer
-
SpyHunter is scanning MBR.
SpyHunter did not detect any MBR modifications. MBR O.K.
-
Fireware Warn - power now - k8:
Invalid Zero. Translation latency
Starting System ...
Entering detection state, please wait ...
Searching for Windows ...
fdisk: can't open/dev/sdb: No medium found.
oder = aber weitaus geringer: i.8042.c: cant't reaktirate KBD board
-
GRUB4 DOS 0.4 5b 2011-11-14, Menue 630K/255 1M/OM, End: 358 DFE
SpyHunter
Windows xp
Windows Vista/7
Use the (Pfeil nach oben) and (nach unten) key to highlight an entery. Press ENER or 'b' to boot. Press "e" to edit the commands before booting.

Nachdem ich gestern den Computer zurücksetzte auf Datum 31.08.13 (Angriff bemerkt am 08.09.13) wurde dieses Datum willkürlich abgeändert und das perfekte Chaos nahm seinen Lauf.

Heute auf Desktop plötzlich diese unbekannten Verknüpfungen: Advanced System Protecter, RegClean Pro, Registry kostenlos entrümpeln, My PC Backup, 7 Go, Search, Speed Analysis, Filekiddo Download Manger sowie PC Performer.

Sowie Anzeige: Adminstrator rights are required to integrate FDM. Choosing "Cancel" will integrate partially = keine Chance -keine einzige Änderung mehr möglich.

Internet hatte keine Verbindung, aber irgendwie Zugang auf Internet-Optionen und Startseite geschafft und - kann es immer noch nicht fassen- die Browser Startseite tatsächlich überschrieben:
Z.delta-search.com/? babrc = HP_ss & mntrId = 22AB74DE2B858957 & affID = 121718 tsp = 5001

Hoffe meine Anmerkungen waren irgendwie zu mindestens ein wenig hilfreich. Momentan sind mir leider die Hände gebunden und auch selbst nicht in der Lage egal wie - Abhilfe zu schaffen.

Hatte bereits gestern einige der Regel-Anmerkungen abgearbeitet - bis gar nichts mir funktionierte. Die einzelnen Protokolle sind gespeichert, aber wie posten?

Bitte um Gnade - sollte ich Dreher eingebaut haben. Nochmals meine Bitte - bin für jegliche Hilfestellung mehr als dankbar.

Wünsche allgemein noch einen schönen "Rest-Abend".

schrauber · 12.09.2013, 09:52

viel zuviel Text

Hast Du FRST aus der Recovery scannen lassen? Logs posten geht so:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Klara55 · 12.09.2013, 19:17

Hallo,

entschuldigung - nix geht. FRST (beide Versionen) auf USB und exakt nach Anleitung verfahren. Sofort beim booten - erscheint wie gepostet: SpyHunter Compact ... usw. -keine Meldung der Hardware beim Starten -nur SpyHunter.

Ist da noch etwas machbar?

Danke.

schrauber · 13.09.2013, 08:34

Geh den Weg über DVD, das muss gehen.

Klara55 · 13.09.2013, 22:42

Habe gleich frei + kann weitermachen - vorsichtshalbereine eine Nachfrage:

1. von Windows CD/DVD starten und bei "Schließe Notepad wieder"
2. den USB mit den 2 FRST-Versionen an Laptop anschließen

Frage sicherlich lächerlich - sicher ist sicher!

Gruß - Klara55

Nichts hat funktioniert. Kein Start von Windows DVD möglich. Aus Frust - frst.exe Scan vom USB gestartet, was? Da100 % Rechner nicht sauber = Logfiles auf Stick belassen und # funktioniert so nicht. Muss in Text kopierenFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
Ran by t at 2013-09-13 20:12:29
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0)
Adobe Acrobat 9.5.5 - CPSID_83708 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
AMD VISION Engine Control Center (x32 Version: 2011.0420.1613.27244)
ATI Catalyst Install Manager (Version: 3.0.820.0)
Camera RAW Plug-In for EPSON Creativity Suite (x32 Version: 2.3.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0420.1613.27244)
Catalyst Control Center Localization All (x32 Version: 2011.0420.1613.27244)
CCC Help Chinese Standard (x32 Version: 2011.0420.1612.27244)
CCC Help Chinese Traditional (x32 Version: 2011.0420.1612.27244)
CCC Help Czech (x32 Version: 2011.0420.1612.27244)
CCC Help Danish (x32 Version: 2011.0420.1612.27244)
CCC Help Dutch (x32 Version: 2011.0420.1612.27244)
CCC Help English (x32 Version: 2011.0420.1612.27244)
CCC Help Finnish (x32 Version: 2011.0420.1612.27244)
CCC Help French (x32 Version: 2011.0420.1612.27244)
CCC Help German (x32 Version: 2011.0420.1612.27244)
CCC Help Greek (x32 Version: 2011.0420.1612.27244)
CCC Help Hungarian (x32 Version: 2011.0420.1612.27244)
CCC Help Italian (x32 Version: 2011.0420.1612.27244)
CCC Help Japanese (x32 Version: 2011.0420.1612.27244)
CCC Help Korean (x32 Version: 2011.0420.1612.27244)
CCC Help Norwegian (x32 Version: 2011.0420.1612.27244)
CCC Help Polish (x32 Version: 2011.0420.1612.27244)
CCC Help Portuguese (x32 Version: 2011.0420.1612.27244)
CCC Help Russian (x32 Version: 2011.0420.1612.27244)
CCC Help Spanish (x32 Version: 2011.0420.1612.27244)
CCC Help Swedish (x32 Version: 2011.0420.1612.27244)
CCC Help Thai (x32 Version: 2011.0420.1612.27244)
CCC Help Turkish (x32 Version: 2011.0420.1612.27244)
ccc-utility64 (Version: 2011.0420.1613.27244)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EPSON Attach To Email (x32 Version: 1.01.0000)
EPSON Easy Photo Print (x32 Version: 1.5.1.0)
EPSON File Manager (x32 Version: 1.3.1.0)
EPSON Scan (x32)
EPSON Scan Assistant (x32 Version: 1.10.00)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (x32)
EPSON Stylus SX400 Series Printer Uninstall
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
Java Auto Updater (x32 Version: 2.0.2.1)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook 2010 (x32 Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero BackItUp 10 (x32 Version: 5.8.10900.8.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700)
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Control Center 10 (x32 Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)
Nero Core Components 10 (x32 Version: 2.0.20000.9.12)
Nero Express 10 (x32 Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)
Nero InfoTool 10 (x32 Version: 7.4.10300.1.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Kwik Media (x32 Version: 1.6.15100.59.100)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800)
Nero StartSmart 10 (x32 Version: 10.6.10500.3.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Update (x32 Version: 1.0.10900.31.0)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6289)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126)
Realtek WLAN Driver (x32 Version: 2.00.0016)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.21)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.4)
TRORMCLauncher (Version: 1.0.0.10)
TRORMCLauncher (x32 Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Vodafone Mobile Connect Lite (x32 Version: 9.4.3.17550)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

==================== Restore Points  =========================

08-09-2013 20:58:50 Removed SpyHunter
08-09-2013 20:59:44 Removed SpyHunter
08-09-2013 21:00:41 Removed SpyHunter
08-09-2013 21:02:29 Removed Microsoft Primary Interoperability Assemblies 2005
09-09-2013 15:46:04 Removed SpyHunter
09-09-2013 17:41:38 Wiederherstellungsvorgang
09-09-2013 17:50:16 Removed SpyHunter
09-09-2013 17:52:07 Removed SpyHunter
09-09-2013 17:58:32 Removed SpyHunter
09-09-2013 18:00:18 Removed SpyHunter
09-09-2013 20:14:06 Wiederherstellungsvorgang
09-09-2013 22:00:33 Windows Update
10-09-2013 15:48:35 Windows-Sicherung
10-09-2013 16:00:59 Wiederherstellungsvorgang
10-09-2013 16:46:41 Windows Update
10-09-2013 16:52:05 Windows-Sicherung
11-09-2013 17:27:56 Windows Update
11-09-2013 17:34:59 Windows-Sicherung
12-09-2013 19:51:31 Windows-Sicherung
12-09-2013 20:26:40 Windows Update
12-09-2013 20:34:39 Windows Update
12-09-2013 20:40:25 Windows Update
12-09-2013 20:44:10 Windows Update
13-09-2013 01:00:12 Windows Update
13-09-2013 04:47:52 Windows Update
13-09-2013 17:52:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0619A694-7B38-4DAB-A76A-0F0AD9792326} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {1232CC04-B15C-4AB3-9DDB-BA03A71DEF46} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4651ABF0-D189-41DA-B468-D781FE639BF2} - System32\Tasks\{204F4D4A-5115-4D85-AAA4-CE6BCE398025} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Task: {46D26CD0-50F5-4912-931A-D653DDDD8B22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {4E832C42-A9D4-4A55-BDC3-8618EF31B1E6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {54F72A3E-4353-479C-BE7D-87FE5BDE49EB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {772DFE55-4D51-4399-997A-53FEDABC8C79} - System32\Tasks\{95DEE6FF-3D8A-4D82-8804-9C9A1FC1AE71} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Task: {7F392D34-CE06-4C9D-870D-C9C15CFAAC7E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: {841C01D6-1687-4DD6-8BF5-48BFDD8A18D6} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {84601689-BC51-4848-B5E3-D811DF4B2603} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {88C8814E-D3E3-4995-A9C0-2CF69F1B8462} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: {A30218CB-80FF-41AF-ADFD-42E8DBF744E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {D99D2D50-0983-4D3B-BD5C-B55B4DF0741B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {DE1303F9-A987-42B3-A9EF-F5072902206B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {EC24F664-4B4C-4D8F-A40A-FC8A7C3A9EF0} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-05-07] (Systweak Inc)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe

==================== Loaded Modules (whitelisted) =============

2009-07-14 01:57 - 2009-07-14 03:40 - 00069120 _____ () C:\Windows\system32\BWContextHandler.dll
2011-11-11 19:43 - 2010-11-03 19:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2011-11-11 19:43 - 2011-01-11 16:26 - 02838120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-02-03 20:56 - 2011-02-03 20:56 - 00405800 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-02-03 20:56 - 2011-02-03 20:56 - 00224040 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2011-04-20 17:08 - 2011-04-20 17:08 - 00290816 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-04-20 17:08 - 2011-04-20 17:08 - 00167936 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 14:51 - 2009-01-20 14:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-04-20 17:11 - 2011-04-20 17:11 - 00026624 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-04-20 17:11 - 2011-04-20 17:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 11:17 - 2011-03-22 11:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-10 20:36 - 2013-01-11 03:22 - 03547136 _____ () C:\Program Files (x86)\FileKiddo Download Manager\fdmbtsupp.dll
2013-07-13 20:21 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2009-09-11 13:33 - 2009-09-11 13:33 - 00268288 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.BaseServices.Platform.dll
2009-09-11 13:34 - 2009-09-11 13:34 - 00359936 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.ConnectionServices.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00151552 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.ConnectionServicesInterface.dll
2009-09-11 13:34 - 2009-09-11 13:34 - 00147456 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.UI.CommonDialogs.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00159232 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.BaseServices.DataAccessor.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00072704 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.WindowsService.Core.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00260608 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.BaseServices.XmlSerializers.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00049152 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.CsUtil.dll
2009-05-15 14:33 - 2009-05-15 14:33 - 00330240 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.WwanWrapper.dll
2009-06-16 14:24 - 2009-06-16 14:24 - 02292256 ____R (Smith Micro Software Inc.) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\WwanCoreSdk.dll
2009-06-16 14:24 - 2009-06-16 14:24 - 00141856 ____R (Smith Micro Software Inc.) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\Diagnostic.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00018432 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.ConnectionServices.TrafficOptimiser.dll
2009-09-11 13:35 - 2009-09-11 13:35 - 00077824 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\de-DE\MobileConnect.resources.dll
2009-09-11 13:35 - 2009-09-11 13:35 - 00005120 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\de-DE\VMC.UI.CommonDialogs.resources.dll
2009-09-11 13:33 - 2009-09-11 13:33 - 00013312 _____ (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMC.WindowsService.Messaging.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Windows\system32\Drivers\cprwtjbo.sys:changelist


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2013 08:07:09 PM) (Source: MsiInstaller) (User: -)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (09/13/2013 08:06:48 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (09/13/2013 07:24:04 PM) (Source: MsiInstaller) (User: -)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. he specified Feature name ('ByteMobile') not found in Feature table.

Error: (09/13/2013 07:23:31 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:12:27 PM) (Source: MsiInstaller) (User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 1719. Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (09/13/2013 07:10:43 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:09:19 PM) (Source: MsiInstaller) (User: -)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (09/13/2013 07:08:39 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:07:14 PM) (Source: MsiInstaller) (User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (09/13/2013 07:06:30 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (09/13/2013 08:06:03 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/13/2013 07:54:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 10 unter Windows 7 Service Pack 1 für x64-basierte Systeme (KB2870699)

Error: (09/13/2013 07:53:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80071a91 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2872339)

Error: (09/13/2013 07:53:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80071a91 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2876315)

Error: (09/13/2013 07:53:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2868116)

Error: (09/13/2013 07:52:44 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "WINDOWS" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/13/2013 07:23:08 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/13/2013 07:10:15 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/13/2013 07:08:12 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/13/2013 07:06:00 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "C:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


Microsoft Office Sessions:
=========================
Error: (09/13/2013 08:07:09 PM) (Source: MsiInstaller)(User: -)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/13/2013 08:06:48 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:24:04 PM) (Source: MsiInstaller)(User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/13/2013 07:23:31 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:12:27 PM) (Source: MsiInstaller)(User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 1719. Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/13/2013 07:10:43 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:09:19 PM) (Source: MsiInstaller)(User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/13/2013 07:08:39 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (09/13/2013 07:07:14 PM) (Source: MsiInstaller)(User: 
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/13/2013 07:06:30 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3562.13 MB
Available physical RAM: 2012.88 MB
Total Pagefile: 7122.44 MB
Available Pagefile: 5523.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:233.57 GB) (Free:186.52 GB) NTFS
Drive d: (Data) (Fixed) (Total:231.8 GB) (Free:219.23 GB) NTFS
Drive f: () (Removable) (Total:3.7 GB) (Free:3.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F8D79D6B)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by  (administrator) on on 13-09-2013 20:35:35
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-01] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus SX400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Users\\AppData\Local\Temp\E_SC237.tmp" /EF "HKCU"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Free Download Manager] - C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe [6852096 2013-04-29] (FreeDownloadManager.ORG)
MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {50043d66-f435-11e1-b777-386077c4f9be} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {50043db4-f435-11e1-b777-386077c4f9be} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=22AB74DE2B858957&affID=121271&tsp=5001
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {06D33AFE-75DF-4EF4-B253-63F235E4C91F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=93ca33bf-0d0f-465c-82c0-8b5c6569074b&apn_sauid=4C9E9195-564A-4228-A350-229D0D154BAD
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=22AB74DE2B858957&affID=121271&tsp=5001
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\t\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\t\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by  (administrator) on on 13-09-2013 20:35:35
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-01] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus SX400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Users\\AppData\Local\Temp\E_SC237.tmp" /EF "HKCU"
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Free Download Manager] - C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe [6852096 2013-04-29] (FreeDownloadManager.ORG)
MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {50043d66-f435-11e1-b777-386077c4f9be} - F:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {50043db4-f435-11e1-b777-386077c4f9be} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=22AB74DE2B858957&affID=121271&tsp=5001
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {06D33AFE-75DF-4EF4-B253-63F235E4C91F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=93ca33bf-0d0f-465c-82c0-8b5c6569074b&apn_sauid=4C9E9195-564A-4228-A350-229D0D154BAD
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=22AB74DE2B858957&affID=121271&tsp=5001
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKCU\...\Firefox\Extensions: [7go@7go.com] - C:\Users\\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF Extension: 7Go Games - C:\Users\\AppData\Roaming\Mozilla\Extensions\7go@7go.com
FF HKCU\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF Extension: Speed Analysis 3 - C:\Users\t\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-13 19:07 - 2013-09-13 20:07 - 00001426 _____ C:\Users\\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-10 20:36 - 2013-09-10 20:36 - 00000314 _____ C:\Windows\Tasks\PC Performer_UPDATES.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000306 _____ C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\AppData\Roaming\SpeedAnalysis3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\\AppData\Roaming\PerformerSoft
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Speed Analysis 3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\FileKiddo Download Manager
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\\AppData\Roaming\File Scout
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\\AppData\Roaming\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\\AppData\Roaming\BabSolution
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\\AppData\Roaming\7go
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\7Go Games
2013-09-10 20:26 - 2013-09-10 20:38 - 00418069 _____ C:\Users\Vott\Desktop\RCPscanlog.xml
2013-09-10 20:22 - 2013-09-11 17:24 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-09-10 20:22 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-09-10 18:41 - 2013-09-10 18:42 - 00268816 _____ C:\Windows\Minidump\091013-51698-01.dmp
2013-09-10 18:41 - 2013-09-10 18:41 - 135739922 _____ C:\Windows\MEMORY.DMP
2013-09-10 18:41 - 2013-09-10 18:41 - 00000000 ____D C:\Windows\Minidump
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 ____D C:\Users\Vott\AppData\Roaming\Avira
2013-09-09 19:31 - 2013-09-09 19:31 - 00023892 _____ C:\Users\Vott\Desktop\AVSCAN-20130909-192921-CB18A73F.LOG
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-09 17:22 - 2013-09-09 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\Users\\AppData\Roaming\Malwarebytes
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 22:33 - 2013-09-08 22:33 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cprwtjbo.sys
2013-09-08 21:44 - 2013-09-08 21:44 - 00000000 _____ C:\autoexec.bat
2013-09-08 21:41 - 2013-09-08 21:41 - 00000126 _____ C:\sh4_service.log
2013-09-08 21:31 - 2013-09-09 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-08 21:31 - 2012-11-02 16:23 - 00285747 _____ C:\shldr
2013-09-08 21:30 - 2013-09-09 22:22 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-08 18:12 - 2013-09-08 18:12 - 00000000 ____D C:\ProgramData\APN
2013-09-08 18:11 - 2013-09-09 19:43 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-08 16:29 - 2013-09-10 19:13 - 00000000 ____D C:\ProgramData\7gX9lVXn
2013-09-07 13:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-07 13:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-07 13:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(27).dll
2013-09-07 13:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-07 13:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(29).dll
2013-09-07 13:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-07 13:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-07 13:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-07 13:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(30).dll
2013-09-07 13:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-07 13:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-07 13:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-07 13:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-07 13:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-21 21:45 - 2013-08-21 21:45 - 00004843 _____ C:\Users\\Downloads\
2013-08-21 20:14 - 2013-09-07 16:21 - 00000000 ____D C:\Users\
2013-08-21 20:11 - 2013-08-21 20:12 - 00000000 ____D C:\Users\
2013-08-16 22:53 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 22:53 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 22:53 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 22:53 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 22:53 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 22:53 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 22:53 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 22:53 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 22:52 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 22:52 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 22:52 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 22:52 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 22:52 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 21:24 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 21:24 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 21:24 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 21:24 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 21:24 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 21:24 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 21:24 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 21:24 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 21:23 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 21:23 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 20:22 - 2013-05-25 16:07 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 20:13 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 20:13 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 20:12 - 2011-02-11 10:21 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-09-13 20:12 - 2011-02-11 10:21 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-09-13 20:12 - 2009-07-14 07:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 20:11 - 2011-11-11 19:32 - 01543433 _____ C:\Windows\WindowsUpdate.log
2013-09-13 20:10 - 2013-09-13 20:10 - 00000000 ____D C:\FRST
2013-09-13 20:07 - 2013-09-13 19:07 - 00001426 _____ C:\Users\\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-13 20:06 - 2013-05-25 16:07 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 20:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 20:06 - 2009-07-14 06:51 - 00065009 _____ C:\Windows\setupact.log
2013-09-13 19:42 - 2012-09-18 14:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 19:26 - 2013-07-13 20:32 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-13 19:10 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 22:30 - 2013-07-13 21:17 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 22:28 - 2012-09-01 15:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 21:20 - 2009-07-14 06:45 - 00349360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 19:43 - 2012-09-18 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 19:43 - 2012-09-18 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 18:53 - 2010-11-21 05:47 - 00147692 _____ C:\Windows\PFRO.log
2013-09-11 18:18 - 2012-07-01 20:52 - 00000000 ___RD C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-11 17:24 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-10 20:38 - 2013-09-10 20:26 - 00418069 _____ C:\Users\2013-09-10 20:36 - 2013-09-10 20:36 - 00000314 _____ C:\Windows\Tasks\PC Performer_UPDATES.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000306 _____ C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\\AppData\Roaming\SpeedAnalysis3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\AppData\Roaming\PerformerSoft
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Speed Analysis 3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\FileKiddo Download Manager
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\ClVott\AppData\Roaming\File Scout
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\\AppData\Roaming\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\ClaVott\AppData\Roaming\BabSolution
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\\AppData\Roaming\7go
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\7Go Games
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-09-10 20:22 - 2013-05-15 14:48 - 00000000 ____D C:\Users\\AppData\Roaming\Systweak
2013-09-10 20:22 - 2013-05-15 14:48 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-09-10 20:22 - 2012-07-01 20:52 - 00000000 ___RD C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 19:13 - 2013-09-08 16:29 - 00000000 ____D C:\ProgramData\7gX9lVXn
2013-09-10 18:42 - 2013-09-10 18:41 - 00268816 _____ C:\Windows\Minidump\091013-51698-01.dmp
2013-09-10 18:42 - 2012-07-01 20:52 - 00000000 ____D C:\Users\2013-09-10 18:41 - 2013-09-10\Windows\MEMORY.DMP
2013-09-10 18:41 - 2013-09-10 18:41 - 00000000 ____D C:\Windows\Minidump
2013-09-10 18:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-10 18:04 - 2012-09-01 16:31 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-10 18:04 - 2012-09-01 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-10 18:04 - 2012-09-01 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-10 18:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-10 00:23 - 2012-09-01 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 00:22 - 2012-09-05 20:14 - 00000000 ____D C:\Users\C\Documents\Outlook-Dateien
2013-09-09 23:57 - 2011-11-11 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-09 23:52 - 2013-09-09 17:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 22:23 - 2012-09-01 15:11 - 00000000 ____D C:\Users\Documents\Bluetooth
2013-09-09 22:23 - 2012-09-01 14:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-09 22:22 - 2013-09-08 21:30 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-09 22:22 - 2012-09-01 14:44 - 00000000 __RHD C:\MSOCache
2013-09-09 19:43 - 2013-09-08 21:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-09 19:43 - 2013-09-08 18:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 ____D C:\Users\AppData\Roaming\Avira
2013-09-09 19:31 - 2013-09-09 19:31 - 00023892 _____ C:\Users\Desktop\AVSCAN-20130909-192921-CB18A73F.LOG
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-09 19:29 - 2012-09-01 15:24 - 00000000 ____D C:\Users\\AppData\Roaming\Mozilla
2013-09-09 19:26 - 2012-08-22 16:22 - 00000000 ____D C:\ProgramData\Avira
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\\AppData\Roaming\Malwarebytes
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 22:33 - 2013-09-08 22:33 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cprwtjbo.sys
2013-09-08 21:44 - 2013-09-08 21:44 - 00000000 _____ C:\autoexec.bat
2013-09-08 21:44 - 2013-02-02 15:35 - 00000000 ____D C:\Users\
2013-09-08 21:41 - 2013-09-08 21:41 - 00000126 _____ C:\sh4_service.log
2013-09-08 18:12 - 2013-09-08 18:12 - 00000000 ____D C:\ProgramData\APN
2013-09-08 17:23 - 2011-08-01 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-08 17:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-08 17:22 - 2009-07-14 04:34 - 00000419 _____ C:\Windows\win.ini
2013-09-08 17:15 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2013-09-07 16:23 - 2012-09-01 15:11 - 00000000 ____D 
2013-09-07 16:21 - 2013-08-21 20:14 - 00000000 ____D C:
2013-09-07 15:47 - 2012-11-25 17:36 - 00000000 ____D 2 -
2013-08-25 00:36 - 2012-09-01 15:08 - 00000000 ____D C:
2013-08-25 00:31 - 2012-09-01 15:11 - 00000000 ____D C:\
2013-08-25 00:30 - 2012-09-01 15:11 - 00000000 ____D C:\
2013-08-25 00:28 - 2012-09-01 15:11 - 00000000 ____D 
2013-08-25 00:24 - 2012-09-01 15:11 - 00000000 ____D C:\Users
2013-08-25 00:21 - 2012-09-01 15:08 - 00000000 ____D C:\Users\
2013-08-23 23:38 - 2013-08-11 21:39 - 00000000 ____D C:\Users\
2013-08-22 23:44 - 2013-04-22 18:44 - 00000000 ____D C:\Users\21 21:45 - 00004843 _____ 
2013-08-21 20:41 - 2012-09-01 15:13 - 00000000 ____D C:\Users\
2013-08-21 20:31 - 2013-05-29 13:54 - 00000000 ____D C:\Users\\Doc
2013-08-21 20:12 - 2013-08-21 20:11 - 00000000 ____D C:\Users\V20____D 14:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-17 18:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 14:55 - 2013-08-13 18:45 - 00000000 ____D C:\Users\t\

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-13 02:04

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---
t\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com
FF Extension: Speed Analysis 3 - C:\Users\t\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [x]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [x]

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 TDEIO; \??\c:\Windows\SysWOW64\sysprep\Bootprio\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-13 19:07 - 2013-09-13 20:07 - 00001426 _____ C:\Users\t\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-10 20:36 - 2013-09-10 20:36 - 00000314 _____ C:\Windows\Tasks\PC Performer_UPDATES.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000306 _____ C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\t\AppData\Roaming\SpeedAnalysis3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\t\AppData\Roaming\PerformerSoft
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Speed Analysis 3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\FileKiddo Download Manager
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\t\AppData\Roaming\File Scout
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\t\AppData\Roaming\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\tt\AppData\Roaming\BabSolution
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\t\AppData\Roaming\7go
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\7Go Games
2013-09-10 20:26 - 2013-09-10 20:38 - 00418069 _____ C:\Users\t\Desktop\RCPscanlog.xml
2013-09-10 20:22 - 2013-09-11 17:24 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-09-10 20:22 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-09-10 18:41 - 2013-09-10 18:42 - 00268816 _____ C:\Windows\Minidump\091013-51698-01.dmp
2013-09-10 18:41 - 2013-09-10 18:41 - 135739922 _____ C:\Windows\MEMORY.DMP
2013-09-10 18:41 - 2013-09-10 18:41 - 00000000 ____D C:\Windows\Minidump
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 ____D C:\Users\\AppData\Roaming\Avira
2013-09-09 19:31 - 2013-09-09 19:31 - 00023892 _____ C:\Users\\Desktop\AVSCAN-20130909-192921-CB18A73F.LOG
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-09 17:22 - 2013-09-09 23:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\Users\tt\AppData\Roaming\Malwarebytes
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 22:33 - 2013-09-08 22:33 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cprwtjbo.sys
2013-09-08 21:44 - 2013-09-08 21:44 - 00000000 _____ C:\autoexec.bat
2013-09-08 21:41 - 2013-09-08 21:41 - 00000126 _____ C:\sh4_service.log
2013-09-08 21:31 - 2013-09-09 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-08 21:31 - 2012-11-02 16:23 - 00285747 _____ C:\shldr
2013-09-08 21:30 - 2013-09-09 22:22 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-08 18:12 - 2013-09-08 18:12 - 00000000 ____D C:\ProgramData\APN
2013-09-08 18:11 - 2013-09-09 19:43 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-08 16:29 - 2013-09-10 19:13 - 00000000 ____D C:\ProgramData\7gX9lVXn
2013-09-07 13:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-07 13:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-07 13:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(27).dll
2013-09-07 13:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-07 13:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(29).dll
2013-09-07 13:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-07 13:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-07 13:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-07 13:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(30).dll
2013-09-07 13:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-07 13:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-07 13:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-07 13:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-07 13:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-21 21:45 - 2013-08-21 21:45 - 00004843 _____ C:\Users\t\Downloads\
2013-08-21 20:14 - 2013-09-07 16:21 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 20:11 - 2013-08-21 20:12 - 00000000 ____D C:\Users\t\Documents\
2013-08-16 22:53 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 22:53 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 22:53 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 22:53 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 22:53 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 22:53 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 22:53 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 22:53 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 22:53 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 22:53 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 22:52 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 22:52 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 22:52 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 22:52 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 22:52 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 22:52 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 22:52 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 21:24 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 21:24 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 21:24 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 21:24 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 21:24 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 21:24 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 21:24 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 21:24 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 21:24 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 21:24 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 21:23 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 21:23 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-13 20:22 - 2013-05-25 16:07 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-13 20:13 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 20:13 - 2009-07-14 06:45 - 00024912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 20:12 - 2011-02-11 10:21 - 00657910 _____ C:\Windows\system32\perfh007.dat
2013-09-13 20:12 - 2011-02-11 10:21 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-09-13 20:12 - 2009-07-14 07:13 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 20:11 - 2011-11-11 19:32 - 01543433 _____ C:\Windows\WindowsUpdate.log
2013-09-13 20:10 - 2013-09-13 20:10 - 00000000 ____D C:\FRST
2013-09-13 20:07 - 2013-09-13 19:07 - 00001426 _____ C:\Users\t\Desktop\Registry kostenlos entrümpeln!.lnk
2013-09-13 20:06 - 2013-05-25 16:07 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-13 20:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 20:06 - 2009-07-14 06:51 - 00065009 _____ C:\Windows\setupact.log
2013-09-13 19:42 - 2012-09-18 14:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 19:26 - 2013-07-13 20:32 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-13 19:10 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 22:30 - 2013-07-13 21:17 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 22:28 - 2012-09-01 15:10 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 21:20 - 2009-07-14 06:45 - 00349360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 19:43 - 2012-09-18 14:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 19:43 - 2012-09-18 14:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 18:53 - 2010-11-21 05:47 - 00147692 _____ C:\Windows\PFRO.log
2013-09-11 18:18 - 2012-07-01 20:52 - 00000000 ___RD C:\Users\tt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-11 17:24 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-10 20:38 - 2013-09-10 20:26 - 00418069 _____ C:\Users\tt\Desktop\RCPscanlog.xml
2013-09-10 20:36 - 2013-09-10 20:36 - 00000314 _____ C:\Windows\Tasks\PC Performer_UPDATES.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000306 _____ C:\Windows\Tasks\PC Performer_DEFAULT.job
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\tt\AppData\Roaming\SpeedAnalysis3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Users\ott\AppData\Roaming\PerformerSoft
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Speed Analysis 3
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\PC Performer
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\FileKiddo Download Manager
2013-09-10 20:36 - 2013-09-10 20:36 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\tt\AppData\Roaming\File Scout
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\tt\AppData\Roaming\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\Ctt\AppData\Roaming\BabSolution
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Users\ott\AppData\Roaming\7go
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 20:35 - 2013-09-10 20:35 - 00000000 ____D C:\Program Files (x86)\7Go Games
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\ProgramData\Systweak
2013-09-10 20:22 - 2013-09-10 20:22 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-09-10 20:22 - 2013-05-15 14:48 - 00000000 ____D C:\Users\t\AppData\Roaming\Systweak
2013-09-10 20:22 - 2013-05-15 14:48 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-09-10 20:22 - 2012-07-01 20:52 - 00000000 ___RD C:\Users\t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 19:13 - 2013-09-08 16:29 - 00000000 ____D C:\ProgramData\7gX9lVXn
2013-09-10 18:42 - 2013-09-10 18:41 - 00268816 _____ C:\Windows\Minidump\091013-51698-01.dmp
2013-09-10 18:42 - 2012-07-01 20:52 - 00000000 ____D C:\Users\t
2013-09-10 18:41 - 2013-09-10 18:41 - 135739922 _____ C:\Windows\MEMORY.DMP
2013-09-10 18:41 - 2013-09-10 18:41 - 00000000 ____D C:\Windows\Minidump
2013-09-10 18:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-10 18:04 - 2012-09-01 16:31 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-10 18:04 - 2012-09-01 15:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-10 18:04 - 2012-09-01 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-10 18:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-10 00:23 - 2012-09-01 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 00:22 - 2012-09-05 20:14 - 00000000 ____D C:\Users\Documents\Outlook-Dateien
2013-09-09 23:57 - 2011-11-11 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-09 23:52 - 2013-09-09 17:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-09 22:23 - 2012-09-01 15:11 - 00000000 ____D C:\Users\\Documents\Bluetooth
2013-09-09 22:23 - 2012-09-01 14:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-09 22:22 - 2013-09-08 21:30 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-09 22:22 - 2012-09-01 14:44 - 00000000 __RHD C:\MSOCache
2013-09-09 19:43 - 2013-09-08 21:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-09 19:43 - 2013-09-08 18:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 ____D C:\Users\t\AppData\Roaming\Avira
2013-09-09 19:31 - 2013-09-09 19:31 - 00023892 _____ C:\Users\t\Desktop\AVSCAN-20130909-192921-CB18A73F.LOG
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-09 19:29 - 2013-09-09 19:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-09 19:29 - 2012-09-01 15:24 - 00000000 ____D C:\Users\Ct\AppData\Roaming\Mozilla
2013-09-09 19:26 - 2012-08-22 16:22 - 00000000 ____D C:\ProgramData\Avira
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\Users\tt\AppData\Roaming\Malwarebytes
2013-09-09 17:22 - 2013-09-09 17:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 22:33 - 2013-09-08 22:33 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cprwtjbo.sys
2013-09-08 21:44 - 2013-09-08 21:44 - 00000000 _____ C:\autoexec.bat
2013-09-08 21:44 - 2013-02-02 15:35 - 00000000 ____D C:\Users\t\Documents\Fax
2013-09-08 21:41 - 2013-09-08 21:41 - 00000126 _____ C:\sh4_service.log
2013-09-08 18:12 - 2013-09-08 18:12 - 00000000 ____D C:\ProgramData\APN
2013-09-08 17:23 - 2011-08-01 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-08 17:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-08 17:22 - 2009-07-14 04:34 - 00000419 _____ C:\Windows\win.ini
2013-09-08 17:15 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\ShellNew
2013-09-07 16:23 - 2012-09-01 15:11 - 00000000 ____D C:\Users\t\Documents\
2013-09-07 16:21 - 2013-08-21 20:14 - 00000000 ____D C:\Users\t\Documents\
2013-09-07 15:47 - 2012-11-25 17:36 - 00000000 ____D C:\Users\t\Documents\
2013-09-07 15:46 - 2012-09-01 15:11 - 00000000 ____D C:\Users\tt\Documents\
2013-08-25 00:36 - 2012-09-01 15:08 - 00000000 ____D C:\Users\t\Documents\
2013-08-25 00:31 - 2012-09-01 15:11 - 00000000 ____D C:\Users\t\Documents\
2013-08-25 00:30 - 2012-09-01 15:11 - 00000000 ____D C:\Users\t\Documents\
2013-08-25 00:28 - 2012-09-01 15:11 - 00000000 ____D C:\Users\t\Documents\
2013-08-25 00:24 - 2012-09-01 15:11 - 00000000 ____D C:\Users\t\Documents\
2013-08-25 00:21 - 2012-09-01 15:08 - 00000000 ____D C:\Users\t\Documents\
2013-08-23 23:38 - 2013-08-11 21:39 - 00000000 ____D C:\Users\t\Desktop\
2013-08-22 23:44 - 2013-04-22 18:44 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 20:50 - 2012-11-25 18:16 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 20:41 - 2012-09-01 15:13 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 20:31 - 2013-05-29 13:54 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 20:12 - 2013-08-21 20:11 - 00000000 ____D C:\Users\t\Documents\
2013-08-21 16:17 - 2013-04-22 18:28 - 00000000 ____D C:\Users\t\Documents\
2013-08-20 23:55 - 2012-09-18 14:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-17 18:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 14:55 - 2013-08-13 18:45 - 00000000 ____D C:\Users\t\Desktop\

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-13 02:04

==================== End Of Log ============================. Teil

schrauber · 14.09.2013, 19:54

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

13.09.2013, 08:34	#6
schrauber /// the machine /// TB-Ausbilder	Windows 7 infiziert: Spyhunter 4 + antivirus security pro +? Geh den Weg über DVD, das muss gehen. __________________ --> Windows 7 infiziert: Spyhunter 4 + antivirus security pro +?

Windows 7 infiziert: Spyhunter 4 + antivirus security pro +?

Log-Analyse und Auswertung: Windows 7 infiziert: Spyhunter 4 + antivirus security pro +?