| |
| |||||||
Log-Analyse und Auswertung: Fehlermeldung AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.05.2014, 23:43
| #5 |
| |  Fehlermeldung AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiertCode:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 28/05/2014 um 21:20:37
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : ici522 - ICI522-PC
# Gestartet von : C:\Users\ici522\Downloads\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\AmiExt
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\ici522\AppData\Local\genienext
Ordner Gelöscht : C:\Users\ici522\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\ici522\Documents\Optimizer Pro
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\ici522\daemonprocess.txt
Datei Gelöscht : C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Bench
Schlüssel Gelöscht : HKLM\Software\Lightspark Team
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\prefs.js ]
*************************
AdwCleaner[R0].txt - [27876 octets] - [05/02/2014 00:57:33]
AdwCleaner[R1].txt - [920 octets] - [05/02/2014 01:16:00]
AdwCleaner[R2].txt - [1052 octets] - [09/02/2014 11:32:06]
AdwCleaner[R3].txt - [4903 octets] - [28/05/2014 21:15:54]
AdwCleaner[S0].txt - [27169 octets] - [05/02/2014 00:58:27]
AdwCleaner[S1].txt - [980 octets] - [05/02/2014 01:17:14]
AdwCleaner[S2].txt - [1114 octets] - [09/02/2014 11:33:43]
AdwCleaner[S3].txt - [4478 octets] - [28/05/2014 21:20:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4538 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ici522 on 28.05.2014 at 21:31:06,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\ici522\AppData\Roaming\mozilla\firefox\profiles\ik0h0tdg.default-1391892379588\minidumps [29 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2014 at 21:39:42,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 29.05.2014 00:00:51, SYSTEM, ICI522-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by ici522 on 29.05.2014 at 0:09:54,04.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ici522\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
29.05.2014 00:12:05 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3077067817-3106899449-803531836-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3077067817-3106899449-803531836-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3077067817-3106899449-803531836-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} deleted successfully
HKEY_USERS\S-1-5-21-3077067817-3106899449-803531836-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\prefs.js:
Added to C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\ici522\.android deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\ici522\AppData\Local\cache deleted
C:\Users\ici522\Downloads\DownloadSetup(1).exe deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3077067817-3106899449-803531836-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DCCD1566-6AAC-D6AA-5D79-B684121997BE} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ici522\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ici522\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ici522\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\ici522\AppData\Local\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1117 folders=115 34444367 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\ici522\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ici522\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\ici522\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 29.05.2014 at 0:29:53,13 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ici522 (administrator) on ICI522-PC on 29-05-2014 00:34:07
Running from C:\Users\ici522\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dassault Systemes SIMULIA Corp) C:\SIMULIA\License\ABAQUSLM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3077067817-3106899449-803531836-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [287536 2012-04-13] (BitTorrent, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: [NameServer]131.188.24.131
FireFox:
========
FF ProfilePath: C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-18] (ANSYS, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [36864 2010-02-20] (Dassault Systemes)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SIMULIA FLEXnet License Server; C:\SIMULIA\License\lmgrd.exe [1767688 2011-07-18] (Acresso Software Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-12-14] (DT Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 00:31 - 2014-05-29 00:31 - 00009960 _____ () C:\Users\ici522\Desktop\zoek-results.txt
2014-05-29 00:24 - 2014-05-29 00:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-29 00:11 - 2014-05-29 00:29 - 00009960 _____ () C:\zoek-results.log
2014-05-29 00:07 - 2014-05-29 00:21 - 00000000 ____D () C:\zoek_backup
2014-05-29 00:07 - 2014-05-29 00:07 - 01285120 _____ () C:\Users\ici522\Downloads\zoek.exe
2014-05-29 00:04 - 2014-05-29 00:04 - 00000165 _____ () C:\Users\ici522\Desktop\mbam.txt
2014-05-28 22:37 - 2014-05-29 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 22:35 - 2014-05-28 22:35 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 22:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 22:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 21:54 - 2014-05-28 22:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ici522\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 21:39 - 2014-05-28 21:39 - 00000843 _____ () C:\Users\ici522\Desktop\JRT.txt
2014-05-28 21:28 - 2014-05-28 21:28 - 01016261 _____ (Thisisu) C:\Users\ici522\Downloads\JRT.exe
2014-05-28 21:14 - 2014-05-28 21:14 - 01327971 _____ () C:\Users\ici522\Downloads\adwcleaner_3.211.exe
2014-05-28 00:21 - 2014-05-28 00:21 - 00026551 _____ () C:\ComboFix.txt
2014-05-28 00:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-28 00:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-28 00:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 17:18 - 2014-05-28 00:21 - 00000000 ____D () C:\Qoobox
2014-05-27 17:17 - 2014-05-28 00:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 17:14 - 2014-05-27 17:15 - 05203612 ____R (Swearware) C:\Users\ici522\Downloads\ComboFix.exe
2014-05-27 15:00 - 2014-05-27 15:00 - 00000000 ____D () C:\Users\ici522\AppData\Local\Adobe
2014-05-27 13:31 - 2014-05-27 13:31 - 00380416 _____ () C:\Users\ici522\Downloads\Gmer-19357.exe
2014-05-27 13:27 - 2014-05-28 21:40 - 00000000 ____D () C:\Users\ici522\Documents\Virus
2014-05-27 13:24 - 2014-05-27 13:25 - 00044021 _____ () C:\Users\ici522\Downloads\Addition.txt
2014-05-27 13:23 - 2014-05-29 00:34 - 00018630 _____ () C:\Users\ici522\Downloads\FRST.txt
2014-05-27 13:23 - 2014-05-29 00:34 - 00000000 ____D () C:\FRST
2014-05-27 13:22 - 2014-05-27 13:22 - 02066944 _____ (Farbar) C:\Users\ici522\Downloads\FRST64.exe
2014-05-27 13:18 - 2014-05-27 15:02 - 00000474 _____ () C:\Users\ici522\Downloads\defogger_disable.log
2014-05-27 13:18 - 2014-05-27 13:18 - 00000000 _____ () C:\Users\ici522\defogger_reenable
2014-05-27 13:17 - 2014-05-27 13:17 - 00050477 _____ () C:\Users\ici522\Downloads\Defogger.exe
2014-05-27 12:53 - 2014-05-27 12:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-27 12:53 - 2014-05-27 12:53 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-27 12:33 - 2014-05-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 12:32 - 2014-05-27 12:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 12:26 - 2014-05-27 12:26 - 00921512 _____ (Oracle Corporation) C:\Users\ici522\Downloads\jxpiinstall(1).exe
2014-05-27 12:17 - 2014-05-27 12:17 - 00000119 _____ () C:\Users\ici522\Desktop\regfix.reg
2014-05-27 12:09 - 2014-05-27 12:09 - 00700783 ____R (Swearware) C:\Users\ici522\Downloads\dds+.exe
2014-05-27 00:36 - 2014-05-27 00:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:47 - 2014-05-22 17:47 - 01847937 _____ () C:\Users\ici522\Downloads\Brunel-Stellenangebot-197001302
2014-05-02 20:04 - 2014-05-02 20:04 - 00000098 _____ () C:\Users\ici522\Desktop\dügün.txt
2014-05-02 19:39 - 2014-05-02 19:40 - 29676067 _____ () C:\Users\ici522\Downloads\grupdortmevsim.zip
==================== One Month Modified Files and Folders =======
2014-05-29 00:34 - 2014-05-27 13:23 - 00018630 _____ () C:\Users\ici522\Downloads\FRST.txt
2014-05-29 00:34 - 2014-05-27 13:23 - 00000000 ____D () C:\FRST
2014-05-29 00:33 - 2010-09-23 17:52 - 01548644 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 00:32 - 2012-04-13 14:04 - 00000000 ____D () C:\Users\ici522\AppData\Roaming\uTorrent
2014-05-29 00:31 - 2014-05-29 00:31 - 00009960 _____ () C:\Users\ici522\Desktop\zoek-results.txt
2014-05-29 00:30 - 2014-05-28 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 00:29 - 2014-05-29 00:11 - 00009960 _____ () C:\zoek-results.log
2014-05-29 00:26 - 2010-09-23 17:49 - 00200514 _____ () C:\Windows\PFRO.log
2014-05-29 00:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 00:26 - 2009-07-14 06:51 - 00138747 _____ () C:\Windows\setupact.log
2014-05-29 00:21 - 2014-05-29 00:07 - 00000000 ____D () C:\zoek_backup
2014-05-29 00:21 - 2011-03-29 00:06 - 00000000 ____D () C:\Users\ici522
2014-05-29 00:09 - 2014-05-29 00:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-29 00:07 - 2014-05-29 00:07 - 01285120 _____ () C:\Users\ici522\Downloads\zoek.exe
2014-05-29 00:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:05 - 2012-07-01 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 00:04 - 2014-05-29 00:04 - 00000165 _____ () C:\Users\ici522\Desktop\mbam.txt
2014-05-28 23:57 - 2014-02-09 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 22:35 - 2014-05-28 22:35 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-02-09 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 22:01 - 2014-05-28 21:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ici522\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 21:40 - 2014-05-27 13:27 - 00000000 ____D () C:\Users\ici522\Documents\Virus
2014-05-28 21:39 - 2014-05-28 21:39 - 00000843 _____ () C:\Users\ici522\Desktop\JRT.txt
2014-05-28 21:28 - 2014-05-28 21:28 - 01016261 _____ (Thisisu) C:\Users\ici522\Downloads\JRT.exe
2014-05-28 21:21 - 2014-02-05 00:57 - 00000000 ____D () C:\AdwCleaner
2014-05-28 21:14 - 2014-05-28 21:14 - 01327971 _____ () C:\Users\ici522\Downloads\adwcleaner_3.211.exe
2014-05-28 16:06 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\ici522\AppData\Local\CrashDumps
2014-05-28 16:05 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 00:21 - 2014-05-28 00:21 - 00026551 _____ () C:\ComboFix.txt
2014-05-28 00:21 - 2014-05-27 17:18 - 00000000 ____D () C:\Qoobox
2014-05-28 00:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-28 00:18 - 2014-05-27 17:17 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 00:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 17:15 - 2014-05-27 17:14 - 05203612 ____R (Swearware) C:\Users\ici522\Downloads\ComboFix.exe
2014-05-27 15:02 - 2014-05-27 13:18 - 00000474 _____ () C:\Users\ici522\Downloads\defogger_disable.log
2014-05-27 15:00 - 2014-05-27 15:00 - 00000000 ____D () C:\Users\ici522\AppData\Local\Adobe
2014-05-27 13:31 - 2014-05-27 13:31 - 00380416 _____ () C:\Users\ici522\Downloads\Gmer-19357.exe
2014-05-27 13:25 - 2014-05-27 13:24 - 00044021 _____ () C:\Users\ici522\Downloads\Addition.txt
2014-05-27 13:22 - 2014-05-27 13:22 - 02066944 _____ (Farbar) C:\Users\ici522\Downloads\FRST64.exe
2014-05-27 13:18 - 2014-05-27 13:18 - 00000000 _____ () C:\Users\ici522\defogger_reenable
2014-05-27 13:17 - 2014-05-27 13:17 - 00050477 _____ () C:\Users\ici522\Downloads\Defogger.exe
2014-05-27 12:53 - 2014-05-27 12:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-27 12:53 - 2014-05-27 12:53 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-27 12:53 - 2010-07-02 13:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-27 12:53 - 2010-07-02 13:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-27 12:33 - 2014-05-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 12:32 - 2014-05-27 12:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 12:26 - 2014-05-27 12:26 - 00921512 _____ (Oracle Corporation) C:\Users\ici522\Downloads\jxpiinstall(1).exe
2014-05-27 12:17 - 2014-05-27 12:17 - 00000119 _____ () C:\Users\ici522\Desktop\regfix.reg
2014-05-27 12:09 - 2014-05-27 12:09 - 00700783 ____R (Swearware) C:\Users\ici522\Downloads\dds+.exe
2014-05-27 10:35 - 2010-09-24 03:44 - 00701426 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 10:35 - 2010-09-24 03:44 - 00150118 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 10:35 - 2009-07-14 07:13 - 01623788 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 09:18 - 2011-03-31 21:02 - 00000000 ____D () C:\Users\ici522\Documents\Studium
2014-05-27 01:38 - 2011-03-29 01:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-27 00:38 - 2014-05-27 00:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:47 - 2014-05-22 17:47 - 01847937 _____ () C:\Users\ici522\Downloads\Brunel-Stellenangebot-197001302
2014-05-22 14:57 - 2013-08-31 11:58 - 00000000 ____D () C:\Users\ici522\Documents\Bewerbungen
2014-05-22 14:49 - 2011-05-16 21:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 09:40 - 2013-03-29 19:56 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 09:40 - 2013-03-29 19:56 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-14 12:36 - 2012-04-26 13:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 12:36 - 2009-07-14 06:45 - 00442144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-13 11:12 - 2014-02-16 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-05-28 22:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 22:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 22:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 01:03 - 2011-03-29 00:06 - 00115624 _____ () C:\Users\ici522\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 17:12 - 2012-06-02 14:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-03 15:42 - 2011-03-29 01:03 - 00000000 ____D () C:\Users\ici522\AppData\Roaming\Skype
2014-05-02 20:04 - 2014-05-02 20:04 - 00000098 _____ () C:\Users\ici522\Desktop\dügün.txt
2014-05-02 19:40 - 2014-05-02 19:39 - 29676067 _____ () C:\Users\ici522\Downloads\grupdortmevsim.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 18:34
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ici522 (administrator) on ICI522-PC on 29-05-2014 00:34:07
Running from C:\Users\ici522\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dassault Systemes) C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Acresso Software Inc.) C:\SIMULIA\License\lmgrd.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Dassault Systemes SIMULIA Corp) C:\SIMULIA\License\ABAQUSLM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3077067817-3106899449-803531836-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [287536 2012-04-13] (BitTorrent, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: [NameServer]131.188.24.131
FireFox:
========
FF ProfilePath: C:\Users\ici522\AppData\Roaming\Mozilla\Firefox\Profiles\ik0h0tdg.default-1391892379588
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-18] (ANSYS, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [36864 2010-02-20] (Dassault Systemes)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SIMULIA FLEXnet License Server; C:\SIMULIA\License\lmgrd.exe [1767688 2011-07-18] (Acresso Software Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-12-14] (DT Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 00:31 - 2014-05-29 00:31 - 00009960 _____ () C:\Users\ici522\Desktop\zoek-results.txt
2014-05-29 00:24 - 2014-05-29 00:09 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-29 00:11 - 2014-05-29 00:29 - 00009960 _____ () C:\zoek-results.log
2014-05-29 00:07 - 2014-05-29 00:21 - 00000000 ____D () C:\zoek_backup
2014-05-29 00:07 - 2014-05-29 00:07 - 01285120 _____ () C:\Users\ici522\Downloads\zoek.exe
2014-05-29 00:04 - 2014-05-29 00:04 - 00000165 _____ () C:\Users\ici522\Desktop\mbam.txt
2014-05-28 22:37 - 2014-05-29 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 22:35 - 2014-05-28 22:35 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 22:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 22:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 21:54 - 2014-05-28 22:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ici522\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 21:39 - 2014-05-28 21:39 - 00000843 _____ () C:\Users\ici522\Desktop\JRT.txt
2014-05-28 21:28 - 2014-05-28 21:28 - 01016261 _____ (Thisisu) C:\Users\ici522\Downloads\JRT.exe
2014-05-28 21:14 - 2014-05-28 21:14 - 01327971 _____ () C:\Users\ici522\Downloads\adwcleaner_3.211.exe
2014-05-28 00:21 - 2014-05-28 00:21 - 00026551 _____ () C:\ComboFix.txt
2014-05-28 00:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-28 00:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-28 00:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-28 00:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-27 17:18 - 2014-05-28 00:21 - 00000000 ____D () C:\Qoobox
2014-05-27 17:17 - 2014-05-28 00:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 17:14 - 2014-05-27 17:15 - 05203612 ____R (Swearware) C:\Users\ici522\Downloads\ComboFix.exe
2014-05-27 15:00 - 2014-05-27 15:00 - 00000000 ____D () C:\Users\ici522\AppData\Local\Adobe
2014-05-27 13:31 - 2014-05-27 13:31 - 00380416 _____ () C:\Users\ici522\Downloads\Gmer-19357.exe
2014-05-27 13:27 - 2014-05-28 21:40 - 00000000 ____D () C:\Users\ici522\Documents\Virus
2014-05-27 13:24 - 2014-05-27 13:25 - 00044021 _____ () C:\Users\ici522\Downloads\Addition.txt
2014-05-27 13:23 - 2014-05-29 00:34 - 00018630 _____ () C:\Users\ici522\Downloads\FRST.txt
2014-05-27 13:23 - 2014-05-29 00:34 - 00000000 ____D () C:\FRST
2014-05-27 13:22 - 2014-05-27 13:22 - 02066944 _____ (Farbar) C:\Users\ici522\Downloads\FRST64.exe
2014-05-27 13:18 - 2014-05-27 15:02 - 00000474 _____ () C:\Users\ici522\Downloads\defogger_disable.log
2014-05-27 13:18 - 2014-05-27 13:18 - 00000000 _____ () C:\Users\ici522\defogger_reenable
2014-05-27 13:17 - 2014-05-27 13:17 - 00050477 _____ () C:\Users\ici522\Downloads\Defogger.exe
2014-05-27 12:53 - 2014-05-27 12:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-27 12:53 - 2014-05-27 12:53 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-27 12:33 - 2014-05-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 12:32 - 2014-05-27 12:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 12:26 - 2014-05-27 12:26 - 00921512 _____ (Oracle Corporation) C:\Users\ici522\Downloads\jxpiinstall(1).exe
2014-05-27 12:17 - 2014-05-27 12:17 - 00000119 _____ () C:\Users\ici522\Desktop\regfix.reg
2014-05-27 12:09 - 2014-05-27 12:09 - 00700783 ____R (Swearware) C:\Users\ici522\Downloads\dds+.exe
2014-05-27 00:36 - 2014-05-27 00:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:47 - 2014-05-22 17:47 - 01847937 _____ () C:\Users\ici522\Downloads\Brunel-Stellenangebot-197001302
2014-05-02 20:04 - 2014-05-02 20:04 - 00000098 _____ () C:\Users\ici522\Desktop\dügün.txt
2014-05-02 19:39 - 2014-05-02 19:40 - 29676067 _____ () C:\Users\ici522\Downloads\grupdortmevsim.zip
==================== One Month Modified Files and Folders =======
2014-05-29 00:34 - 2014-05-27 13:23 - 00018630 _____ () C:\Users\ici522\Downloads\FRST.txt
2014-05-29 00:34 - 2014-05-27 13:23 - 00000000 ____D () C:\FRST
2014-05-29 00:33 - 2010-09-23 17:52 - 01548644 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 00:32 - 2012-04-13 14:04 - 00000000 ____D () C:\Users\ici522\AppData\Roaming\uTorrent
2014-05-29 00:31 - 2014-05-29 00:31 - 00009960 _____ () C:\Users\ici522\Desktop\zoek-results.txt
2014-05-29 00:30 - 2014-05-28 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 00:29 - 2014-05-29 00:11 - 00009960 _____ () C:\zoek-results.log
2014-05-29 00:26 - 2010-09-23 17:49 - 00200514 _____ () C:\Windows\PFRO.log
2014-05-29 00:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 00:26 - 2009-07-14 06:51 - 00138747 _____ () C:\Windows\setupact.log
2014-05-29 00:21 - 2014-05-29 00:07 - 00000000 ____D () C:\zoek_backup
2014-05-29 00:21 - 2011-03-29 00:06 - 00000000 ____D () C:\Users\ici522
2014-05-29 00:09 - 2014-05-29 00:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-29 00:07 - 2014-05-29 00:07 - 01285120 _____ () C:\Users\ici522\Downloads\zoek.exe
2014-05-29 00:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 00:05 - 2012-07-01 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 00:04 - 2014-05-29 00:04 - 00000165 _____ () C:\Users\ici522\Desktop\mbam.txt
2014-05-28 23:57 - 2014-02-09 12:07 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 22:35 - 2014-05-28 22:35 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-05-28 22:35 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-28 22:35 - 2014-02-09 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 22:01 - 2014-05-28 21:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ici522\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 21:40 - 2014-05-27 13:27 - 00000000 ____D () C:\Users\ici522\Documents\Virus
2014-05-28 21:39 - 2014-05-28 21:39 - 00000843 _____ () C:\Users\ici522\Desktop\JRT.txt
2014-05-28 21:28 - 2014-05-28 21:28 - 01016261 _____ (Thisisu) C:\Users\ici522\Downloads\JRT.exe
2014-05-28 21:21 - 2014-02-05 00:57 - 00000000 ____D () C:\AdwCleaner
2014-05-28 21:14 - 2014-05-28 21:14 - 01327971 _____ () C:\Users\ici522\Downloads\adwcleaner_3.211.exe
2014-05-28 16:06 - 2012-12-12 19:52 - 00000000 ____D () C:\Users\ici522\AppData\Local\CrashDumps
2014-05-28 16:05 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 00:21 - 2014-05-28 00:21 - 00026551 _____ () C:\ComboFix.txt
2014-05-28 00:21 - 2014-05-27 17:18 - 00000000 ____D () C:\Qoobox
2014-05-28 00:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-28 00:18 - 2014-05-27 17:17 - 00000000 ____D () C:\Windows\erdnt
2014-05-28 00:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 17:15 - 2014-05-27 17:14 - 05203612 ____R (Swearware) C:\Users\ici522\Downloads\ComboFix.exe
2014-05-27 15:02 - 2014-05-27 13:18 - 00000474 _____ () C:\Users\ici522\Downloads\defogger_disable.log
2014-05-27 15:00 - 2014-05-27 15:00 - 00000000 ____D () C:\Users\ici522\AppData\Local\Adobe
2014-05-27 13:31 - 2014-05-27 13:31 - 00380416 _____ () C:\Users\ici522\Downloads\Gmer-19357.exe
2014-05-27 13:25 - 2014-05-27 13:24 - 00044021 _____ () C:\Users\ici522\Downloads\Addition.txt
2014-05-27 13:22 - 2014-05-27 13:22 - 02066944 _____ (Farbar) C:\Users\ici522\Downloads\FRST64.exe
2014-05-27 13:18 - 2014-05-27 13:18 - 00000000 _____ () C:\Users\ici522\defogger_reenable
2014-05-27 13:17 - 2014-05-27 13:17 - 00050477 _____ () C:\Users\ici522\Downloads\Defogger.exe
2014-05-27 12:53 - 2014-05-27 12:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-27 12:53 - 2014-05-27 12:53 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-27 12:53 - 2010-07-02 13:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-27 12:53 - 2010-07-02 13:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-27 12:33 - 2014-05-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 12:32 - 2014-05-27 12:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 12:32 - 2014-05-27 12:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 12:26 - 2014-05-27 12:26 - 00921512 _____ (Oracle Corporation) C:\Users\ici522\Downloads\jxpiinstall(1).exe
2014-05-27 12:17 - 2014-05-27 12:17 - 00000119 _____ () C:\Users\ici522\Desktop\regfix.reg
2014-05-27 12:09 - 2014-05-27 12:09 - 00700783 ____R (Swearware) C:\Users\ici522\Downloads\dds+.exe
2014-05-27 10:35 - 2010-09-24 03:44 - 00701426 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 10:35 - 2010-09-24 03:44 - 00150118 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 10:35 - 2009-07-14 07:13 - 01623788 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 09:18 - 2011-03-31 21:02 - 00000000 ____D () C:\Users\ici522\Documents\Studium
2014-05-27 01:38 - 2011-03-29 01:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-27 00:38 - 2014-05-27 00:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-22 17:47 - 2014-05-22 17:47 - 01847937 _____ () C:\Users\ici522\Downloads\Brunel-Stellenangebot-197001302
2014-05-22 14:57 - 2013-08-31 11:58 - 00000000 ____D () C:\Users\ici522\Documents\Bewerbungen
2014-05-22 14:49 - 2011-05-16 21:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 09:40 - 2013-03-29 19:56 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 09:40 - 2013-03-29 19:56 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-14 12:36 - 2012-04-26 13:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 12:36 - 2009-07-14 06:45 - 00442144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-13 11:12 - 2014-02-16 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-05-28 22:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 22:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 22:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 01:03 - 2011-03-29 00:06 - 00115624 _____ () C:\Users\ici522\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 17:12 - 2012-06-02 14:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-03 15:42 - 2011-03-29 01:03 - 00000000 ____D () C:\Users\ici522\AppData\Roaming\Skype
2014-05-02 20:04 - 2014-05-02 20:04 - 00000098 _____ () C:\Users\ici522\Desktop\dügün.txt
2014-05-02 19:40 - 2014-05-02 19:39 - 29676067 _____ () C:\Users\ici522\Downloads\grupdortmevsim.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 18:34
==================== End Of Log ============================
--- --- --- |
Baum-Darstellung