Nationzoom entfernen

T2807 · 01.12.2013, 19:53

Hallo ich bin neu im Forum, ich habe seit heute Nationzoom im Browser und weiß nicht wie ich es los werde ich habe schon JRT benutzt das hat aber auch nichts geholfen

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by tina on 01.12.2013 at 18:10:23,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r484-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r484-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r484-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r484-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1D195E9C-7EDD-4D32-9840-BDA4663999CB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho3B56.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3D92.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3ED8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho686B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A86.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB425.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB59E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC4EA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD840.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDD76.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE0D2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF85B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF9FE.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\tina\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\web layers"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{0437F93D-3978-421C-9BE6-2FAA4FA612EE}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{098ED9DE-D685-4791-8446-9F699B617BB0}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{09DEF591-32E3-4EDB-ABA8-B8212266F82E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{0A48E771-1102-4341-9CF1-AC09F86F4142}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{11ADC4ED-7904-4089-AEAF-8B6FD0F9EEAA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{1224436D-D17D-4FEF-AC5F-AE440C8E6329}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{1282A494-5FFC-410B-826E-FCF8143DB3C7}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{18699120-F626-4EB4-A2B4-C2B539363672}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{1C3274EE-7B71-4825-AF50-A4166CB990D7}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{1E70DCC1-8C17-4B03-8374-3CAE5B273316}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{2CEB2755-FAD5-4DBC-BE14-DF320F3E1C21}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{33547216-1535-41FA-BF94-3E48D56F6510}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{34606DDA-1C4E-4C7F-A86B-B6A0678D12E8}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{355D1DC6-1FE2-4960-941E-C1BACECF45DB}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{3C0DD5C5-03F8-4DA0-8A18-7079D895A5A1}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{3D0284D6-D273-4225-807A-794C158E5961}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{41DAAD02-3560-487B-A9AA-419A5F1E5F39}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{4F19BD5E-74FD-45DE-A95A-EB802809CADA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{532CEE2D-1E27-4423-841B-4F852C9EF47B}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{58DF7D5C-30B7-4BDD-94FE-E1E7228C002E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{59F4BC9E-473B-4A9B-B036-E7A9E4045076}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{5C18D652-D008-407C-A28F-F5B92A71B21A}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{60F3C4D1-721B-43F4-805E-2D0F82B8FC8E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{62A60B8E-9422-4239-A42F-FDE70DFE29EA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{645C78AD-0814-4252-905D-947FC83CEC5E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{68D778DA-B9E2-4F52-B995-C8B2B165FD6A}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{6D41F914-83FA-46D6-ADE2-24EFCAF269BE}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{6DD3217B-E22C-4B17-AC3D-3CE85498E871}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{6F6349E1-0ACC-4443-9E54-DFD59602A99E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{72D13142-1C05-4BA9-B496-4D71BB38625D}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{79DD45CB-E2CE-4681-B205-666AF783362C}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{82B06088-0E8E-4BB1-B4F0-A9830E5CF30B}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{82C3A529-B384-419A-BE7D-A153DD980CD1}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{8C019FA9-2ABB-4536-AE20-C8ED0EFC3CE2}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{8C852815-02BF-433C-BC9E-408552BEABC0}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{8CEFD1B4-1EA8-4071-9709-C2FC7E280147}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{900509ED-D0AC-490A-B870-83F4E752D3B1}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{91E91CD5-D267-4229-89FA-BD3019BB690B}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{966F4BA1-481B-47C1-8E07-2A62E740E9D2}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{967C1D47-964E-41B9-ADAB-8BFF71B8BB4B}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{98185614-CD8C-4E71-9476-F893BE9516C9}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{98DAD9E7-A2BD-41C4-AA5D-99D77CAAE846}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9BAC4B08-57DC-4A5B-A486-0CAF481FF2B6}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9C2590B7-3684-40F9-8DE8-77D8F6E75DBA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9C724DFA-E2F4-4E5D-ABC3-5B101A49DEC1}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9D721370-BF9A-4060-8AA9-572D338B1747}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9DA35540-BDB0-4DDF-82CD-3C60BA098164}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{9FB5D883-E323-4453-ABB1-66D816A0C3A6}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{AE1E7EF4-6D48-49C6-B36B-263DC4B2797E}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{AFB1F77D-56DF-48DA-95D7-9FFA118C81CC}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{B3CA179B-A1D0-4DD8-AB83-5D0DA2D8DAEB}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{B4E098C3-0569-4286-AEBF-1DC1483306A2}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{B878F2D8-ACB4-4143-9A37-E661F4688067}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{B94931D1-DD07-48F4-8D40-CA94285F6EE6}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{BED12EC3-5BF2-40C6-93F5-7DB472E299FA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{BF0428EF-BDC2-4957-B49B-9B298F7B9025}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{C7534E62-7B6F-4CCE-9F02-A1CD5382F417}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{C7EC11A7-EAE7-40C8-8B6B-DB44E32A12F1}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{CCC73E1A-BD04-42E6-8018-545C7642760A}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{D04A9495-F4BF-4B76-8B20-4A9252DF0E65}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{D274FA2E-00CD-47E6-B331-B0B1B2B7D467}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{D9450D04-3230-4476-AAB1-29AF1724C502}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{D970BC76-9B92-4051-859B-38EA79C765B9}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{DAB82182-FA41-4131-A5F2-D2360CC8E9AD}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{DB906E68-BD61-4A54-BCD7-0F73C9BBA3F2}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{DD1E21ED-58FD-42F0-94B6-A400F2E62239}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{E2DFE288-BF57-468E-A5AB-8F0DC8A9270C}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{E61785ED-C897-4C46-AF44-D9B39D4F5CA7}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{E63A9ED2-B5E0-4A4B-B92F-3181043D14E8}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{F1020A33-0673-42F2-B8FE-2B70054CAEB9}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{F828DD97-3980-468E-A9DF-31CBBCCCE2BA}
Successfully deleted: [Empty Folder] C:\Users\tina\appdata\local\{FC009BCD-7D91-436F-85AD-20D7DE430B96}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2013 at 18:36:30,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B · 01.12.2013, 21:48

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

T2807 · 01.12.2013, 23:26

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by tina (administrator) on TIM-HP on 01-12-2013 23:11:34
Running from C:\Users\tina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-21] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-16] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [Windows] - "C:\Users\tina\AppData\Roaming\Picture_74596856.Exe"
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7c230f5e-f6a3-11e1-b967-2c27d70ce6a7} - G:\AutoRun.exe
MountPoints2: {8d45f60a-d87f-11e1-92df-2c27d70ce6a7} - F:\Startme.exe
MountPoints2: {a5b9625f-4257-11e3-9a91-2c27d70ce6a7} - G:\Startme.exe
MountPoints2: {d76d1ac5-4103-11e1-bb3e-2c27d70ce6a7} - G:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Tv-Plug-In] - "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\MAMA\...\Run: [Google Update] - C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-18] (Google Inc.)
HKU\MAMA\...\Run: [Facebook Update] - C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-19] (Facebook Inc.)
HKU\MAMA\...\Policies\system: [LogonHoursAction] 2
HKU\MAMA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Tom\...\Run: [Google Update] - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-11] (Google Inc.)
HKU\Tom\...\Run: [Facebook Update] - C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Tom\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\Tom\...\Policies\system: [LogonHoursAction] 2
HKU\Tom\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs:     [ ] ()
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-26] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (ProxTube) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.5_0
CHR Extension: (YouTube) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (KWICK! Community) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmlccgdifmjkichgfmelkappjdfabka\1_1
CHR Extension: (Google Wallet) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Mass Effect 3 1920x1080) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajkfcoapbkccklekmjkhikfdcciojo\1_0
CHR Extension: (Gmail) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-26] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-08-02] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [1157240 2011-12-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-01-16] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-01-16] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120124.005\IDSvia64.sys [488568 2011-12-16] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.035\ENG64.SYS [117880 2012-01-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120124.035\EX64.SYS [2048632 2012-01-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1206000.01D\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [386168 2011-07-08] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 23:11 - 2013-12-01 23:11 - 00018415 _____ C:\Users\tina\Desktop\FRST.txt
2013-12-01 18:10 - 2013-12-01 18:10 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 18:05 - 2013-12-01 18:06 - 01034531 _____ (Thisisu) C:\Users\tina\Downloads\JRT.exe
2013-12-01 16:54 - 2013-12-01 16:56 - 00033270 _____ C:\Users\tina\Downloads\Addition.txt
2013-12-01 16:52 - 2013-12-01 18:57 - 00000000 ____D C:\AdwCleaner
2013-12-01 16:51 - 2013-12-01 16:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-01 16:46 - 2013-12-01 16:46 - 01959184 _____ (Farbar) C:\Users\tina\Downloads\FRST64 (1).exe
2013-12-01 16:25 - 2013-12-01 16:26 - 58901968 _____ (GridinSoft LLC) C:\Users\tina\Downloads\gtk-2.1.9.8-setup.exe
2013-12-01 16:18 - 2013-12-01 16:56 - 00065106 _____ C:\Users\tina\Downloads\FRST.txt
2013-12-01 16:18 - 2013-12-01 16:18 - 00000000 ____D C:\FRST
2013-12-01 16:17 - 2013-12-01 16:18 - 01959184 _____ (Farbar) C:\Users\tina\Desktop\FRST64.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill64.exe
2013-11-26 23:38 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 23:28 - 2013-11-26 23:28 - 32004832 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\tina\Downloads\FreeYouTubeDownload (2).exe
2013-11-24 08:52 - 2013-11-24 08:52 - 105869762 _____ C:\Windows\SysWOW64\륙뭭ᵌ˜
2013-11-23 19:55 - 2013-11-23 19:55 - 105869762 _____ C:\Windows\SysWOW64\룩ᵌ
2013-11-16 00:07 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-15 23:52 - 2013-11-15 23:52 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 23:52 - 2013-11-15 23:52 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 23:52 - 2013-11-15 23:52 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 23:52 - 2013-11-15 23:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 23:52 - 2013-11-15 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 23:51 - 2013-11-15 23:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 23:51 - 2013-11-15 23:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 23:51 - 2013-11-15 23:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 23:51 - 2013-11-15 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 23:51 - 2013-11-15 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 23:48 - 2013-11-16 00:07 - 00011303 _____ C:\Windows\IE11_main.log
2013-11-15 21:02 - 2013-11-28 21:04 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleFortina
2013-11-15 21:02 - 2013-11-28 21:04 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleFortina.job
2013-11-15 16:29 - 2013-11-15 16:29 - 104401821 _____ C:\Windows\SysWOW64\ᳳᵌZ
2013-11-13 19:48 - 2013-11-13 19:48 - 00000000 ____D C:\190e394a0aceaadfb494
2013-11-13 19:44 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:44 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:43 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 19:43 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 19:43 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:43 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:43 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:43 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 19:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 19:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 19:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 19:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 19:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 19:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 19:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 19:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 19:39 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 19:39 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:39 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 19:39 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:39 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 19:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-05 17:47 - 2013-11-05 17:47 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-02 14:59 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-02 14:59 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-12-01 23:14 - 2013-12-01 23:11 - 00018415 _____ C:\Users\tina\Desktop\FRST.txt
2013-12-01 23:06 - 2012-01-16 20:56 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job
2013-12-01 23:05 - 2012-04-16 14:21 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 22:58 - 2012-06-05 12:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 22:54 - 2012-01-18 16:29 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job
2013-12-01 22:35 - 2012-03-11 20:29 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job
2013-12-01 22:19 - 2012-06-16 08:55 - 00001130 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job
2013-12-01 22:15 - 2009-07-14 05:51 - 00155243 _____ C:\Windows\setupact.log
2013-12-01 21:12 - 2012-01-21 22:49 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job
2013-12-01 21:04 - 2012-04-16 14:21 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 20:32 - 2012-01-17 21:23 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job
2013-12-01 20:06 - 2012-01-16 20:56 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job
2013-12-01 19:54 - 2012-01-18 16:29 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job
2013-12-01 18:57 - 2013-12-01 16:52 - 00000000 ____D C:\AdwCleaner
2013-12-01 18:10 - 2013-12-01 18:10 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 18:09 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 18:09 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 18:06 - 2013-12-01 18:05 - 01034531 _____ (Thisisu) C:\Users\tina\Downloads\JRT.exe
2013-12-01 17:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 17:54 - 2011-05-27 13:39 - 01485945 _____ C:\Windows\WindowsUpdate.log
2013-12-01 17:50 - 2012-02-25 00:21 - 00000000 ____D C:\ProgramData\ICQ
2013-12-01 17:34 - 2010-11-21 04:47 - 00197000 _____ C:\Windows\PFRO.log
2013-12-01 17:32 - 2012-01-17 21:23 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job
2013-12-01 17:01 - 2013-05-01 17:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 16:56 - 2013-12-01 16:54 - 00033270 _____ C:\Users\tina\Downloads\Addition.txt
2013-12-01 16:56 - 2013-12-01 16:18 - 00065106 _____ C:\Users\tina\Downloads\FRST.txt
2013-12-01 16:53 - 2013-12-01 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-01 16:46 - 2013-12-01 16:46 - 01959184 _____ (Farbar) C:\Users\tina\Downloads\FRST64 (1).exe
2013-12-01 16:26 - 2013-12-01 16:25 - 58901968 _____ (GridinSoft LLC) C:\Users\tina\Downloads\gtk-2.1.9.8-setup.exe
2013-12-01 16:19 - 2012-06-16 08:55 - 00001108 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job
2013-12-01 16:18 - 2013-12-01 16:18 - 00000000 ____D C:\FRST
2013-12-01 16:18 - 2013-12-01 16:17 - 01959184 _____ (Farbar) C:\Users\tina\Desktop\FRST64.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill64.exe
2013-12-01 15:54 - 2012-01-16 19:42 - 00000000 ___RD C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 15:47 - 2012-01-16 20:57 - 00002571 _____ C:\Users\tina\Desktop\Google Chrome.lnk
2013-12-01 15:47 - 2012-01-16 19:42 - 00001655 _____ C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 13:35 - 2012-03-11 20:29 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job
2013-11-29 20:44 - 2013-01-18 20:46 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 20:44 - 2012-02-18 21:41 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-29 12:12 - 2012-01-21 22:49 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job
2013-11-28 21:04 - 2013-11-15 21:02 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleFortina
2013-11-28 21:04 - 2013-11-15 21:02 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleFortina.job
2013-11-27 00:11 - 2012-07-29 00:25 - 00000000 ___RD C:\Users\tina\Desktop\Für Handy
2013-11-26 23:45 - 2013-02-12 12:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-26 23:39 - 2013-06-07 17:05 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-26 23:38 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 23:37 - 2012-07-17 22:25 - 00000000 ____D C:\Users\tina\AppData\Roaming\DVDVideoSoft
2013-11-26 23:28 - 2013-11-26 23:28 - 32004832 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\tina\Downloads\FreeYouTubeDownload (2).exe
2013-11-26 12:17 - 2011-04-26 23:57 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-26 12:17 - 2011-04-26 23:57 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-26 12:17 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 19:29 - 2013-05-22 20:00 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 19:53 - 2012-08-21 17:01 - 00000000 ____D C:\Users\tina\AppData\Roaming\.minecraft
2013-11-24 18:20 - 2012-06-04 13:26 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2013-11-24 08:52 - 2013-11-24 08:52 - 105869762 _____ C:\Windows\SysWOW64\륙뭭ᵌ˜
2013-11-23 19:55 - 2013-11-23 19:55 - 105869762 _____ C:\Windows\SysWOW64\룩ᵌ
2013-11-23 08:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 19:20 - 2012-05-10 18:05 - 00000000 ____D C:\Users\tina\AppData\Roaming\Spotify
2013-11-19 18:58 - 2012-05-10 18:05 - 00000000 ____D C:\Users\tina\AppData\Local\Spotify
2013-11-19 15:51 - 2012-01-21 08:56 - 00001425 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 16:37 - 2012-04-12 16:45 - 00000000 ____D C:\Users\tina\AppData\Local\CrashDumps
2013-11-16 18:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-16 00:07 - 2013-11-15 23:48 - 00011303 _____ C:\Windows\IE11_main.log
2013-11-15 23:52 - 2013-11-15 23:52 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 23:52 - 2013-11-15 23:52 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 23:52 - 2013-11-15 23:52 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 23:52 - 2013-11-15 23:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 23:52 - 2013-11-15 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 23:51 - 2013-11-15 23:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 23:51 - 2013-11-15 23:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 23:51 - 2013-11-15 23:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 23:51 - 2013-11-15 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 23:51 - 2013-11-15 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 16:29 - 2013-11-15 16:29 - 104401821 _____ C:\Windows\SysWOW64\ᳳᵌZ
2013-11-13 19:48 - 2013-11-13 19:48 - 00000000 ____D C:\190e394a0aceaadfb494
2013-11-13 19:48 - 2013-07-22 22:18 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:48 - 2012-01-22 18:00 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 18:39 - 2012-01-23 11:58 - 00000000 ____D C:\Users\MAMA\AppData\Local\CrashDumps
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-05 17:47 - 2013-11-05 17:47 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-05 17:47 - 2011-05-27 13:39 - 00284520 _____ C:\Windows\DPINST.LOG
2013-11-05 17:46 - 2011-04-26 14:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-02 15:31 - 2012-08-28 16:18 - 00103424 ___SH C:\Users\tina\Desktop\Thumbs.db

Some content of TEMP:
====================
C:\Users\MAMA\AppData\Local\Temp\AskSLib.dll
C:\Users\tina\AppData\Local\Temp\air38BF.exe
C:\Users\tina\AppData\Local\Temp\airBF5D.exe
C:\Users\tina\AppData\Local\Temp\AskSLib.dll
C:\Users\tina\AppData\Local\Temp\avgnt.exe
C:\Users\tina\AppData\Local\Temp\BackupSetup.exe
C:\Users\tina\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\tina\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\tina\AppData\Local\Temp\Extract.exe
C:\Users\tina\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\MybabylonTB.exe
C:\Users\tina\AppData\Local\Temp\propsys.dll
C:\Users\tina\AppData\Local\Temp\ResetDevice.exe
C:\Users\tina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\tina\AppData\Local\Temp\SP55152.exe
C:\Users\tina\AppData\Local\Temp\SP56929.exe
C:\Users\tina\AppData\Local\Temp\SP57049.exe
C:\Users\tina\AppData\Local\Temp\SP60713.exe
C:\Users\tina\AppData\Local\Temp\xyhhsbqw.dll
C:\Users\Tom\AppData\Local\Temp\AskSLib.dll
C:\Users\Tom\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-23 08:25

==================== End Of Log ============================

--- --- ---

Das kam jetzt nach dem ich den scan gemacht habe

M-K-D-B · 02.12.2013, 14:29

Servus,

Schritt 1
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:

Code:

ATTFilter

Norton Internet Security
Avira

Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
FFdefaults;
CHRdefaults;
iedefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek.

T2807 · 02.12.2013, 22:02

Wegen dem Antiviren programm hab ich mich für Avira entschieden und Norton deinstalliert

Code:

ATTFilter

# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 18:31:18
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : tina - TIM-HP
# Gestartet von : C:\Users\tina\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gelöscht : C:\Users\MAMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
Ordner Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
Datei Gelöscht : C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ Datei : C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup

[ Datei : C:\Users\MAMA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10561 octets] - [01/12/2013 17:46:27]
AdwCleaner[R1].txt - [1641 octets] - [01/12/2013 18:54:32]
AdwCleaner[R2].txt - [1863 octets] - [02/12/2013 18:26:15]
AdwCleaner[S0].txt - [9968 octets] - [01/12/2013 17:50:04]
AdwCleaner[S1].txt - [1745 octets] - [02/12/2013 18:31:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1805 octets] ##########

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
tina :: TIM-HP [Administrator]

02.12.2013 18:43:51
mbam-log-2013-12-02 (18-43-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 286105
Laufzeit: 26 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Das hat alles geklappt aber dann bei zoek kam das

und wenn ich auf ok klicke kommt das immer wieder.

M-K-D-B · 03.12.2013, 19:12

Servus,

Wir spüren die letzten Reste auf, damit wir sie später entfernen können:

Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*nationzoom*

:folderfind
*nationzoom*

:regfind
nationzoom
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von FRST,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

T2807 · 03.12.2013, 22:04

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by tina at 2013-12-03 21:44:36
Running from C:\Users\tina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
AMD Fuel (Version: 2011.0304.1135.20703)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.808.0)
Avira Free Antivirus (x32 Version: 14.0.1.749)
Battlefield Heroes (x32)
Battlelog Web Plugins (x32 Version: 1.104.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0304.1135.20703)
Catalyst Control Center InstallProxy (x32 Version: 2011.0304.1135.20703)
Catalyst Control Center Localization All (x32 Version: 2011.0304.1135.20703)
CCC Help Chinese Standard (x32 Version: 2011.0304.1134.20703)
CCC Help Chinese Traditional (x32 Version: 2011.0304.1134.20703)
CCC Help Czech (x32 Version: 2011.0304.1134.20703)
CCC Help Danish (x32 Version: 2011.0304.1134.20703)
CCC Help Dutch (x32 Version: 2011.0304.1134.20703)
CCC Help English (x32 Version: 2011.0304.1134.20703)
CCC Help Finnish (x32 Version: 2011.0304.1134.20703)
CCC Help French (x32 Version: 2011.0304.1134.20703)
CCC Help German (x32 Version: 2011.0304.1134.20703)
CCC Help Greek (x32 Version: 2011.0304.1134.20703)
CCC Help Hungarian (x32 Version: 2011.0304.1134.20703)
CCC Help Italian (x32 Version: 2011.0304.1134.20703)
CCC Help Japanese (x32 Version: 2011.0304.1134.20703)
CCC Help Korean (x32 Version: 2011.0304.1134.20703)
CCC Help Norwegian (x32 Version: 2011.0304.1134.20703)
CCC Help Polish (x32 Version: 2011.0304.1134.20703)
CCC Help Portuguese (x32 Version: 2011.0304.1134.20703)
CCC Help Russian (x32 Version: 2011.0304.1134.20703)
CCC Help Spanish (x32 Version: 2011.0304.1134.20703)
CCC Help Swedish (x32 Version: 2011.0304.1134.20703)
CCC Help Thai (x32 Version: 2011.0304.1134.20703)
CCC Help Turkish (x32 Version: 2011.0304.1134.20703)
ccc-core-static (x32 Version: 2011.0304.1135.20703)
ccc-utility64 (Version: 2011.0304.1135.20703)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compaq Setup Manager (x32 Version: 1.1.13155.3599)
Counter-Strike 2D 0.1.2.0 (x32)
CyberLink YouCam (x32 Version: 3.2.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DriverFinder (x32 Version: 2.1.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESN Sonar (x32 Version: 0.70.4)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Fraps (x32)
Free Video to Sony Phones Converter version 5.0.18.1005 (x32 Version: 5.0.18.1005)
Free YouTube Download version 3.2.17.1125 (x32 Version: 3.2.17.1125)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.2.1)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.6.4516.3597)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
HUAWEI DataCard Driver 4.05.00.00 (x32 Version: 4.05.00.00)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
League of Legends (x32 Version: 3.0.1)
Magic Desktop (x32 Version: 3.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Connection Manager (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Pando Media Booster (x32 Version: 2.6.0.8)
Penguins! (x32 Version: 2.2.0.95)
PictureMover (x32 Version: 3.5.0.35)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
PunkBuster Services (x32 Version: 0.993)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6287)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
Recovery Manager (x32 Version: 1.0.22)
Screenshot Captor 3.08.01 (x32)
Skype™ 6.7 (x32 Version: 6.7.102)
Slingo Deluxe (x32 Version: 2.2.0.95)
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Star Wars: The Old Republic (x32 Version: 1.00)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.2.4.3)
System Requirements Lab CYRI (x32 Version: 5.0.6.0)
TeamSpeak 3 Client (x32 Version: 3.0.12)
TERA (x32 Version: 19.04.02.03.hf3)
Tunatic (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinZip 17.0 (x32 Version: 17.0.10381)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
World of Warcraft (x32 Version: 5.0.5.16135)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

13-11-2013 18:14:56 Windows Update
13-11-2013 18:46:40 Windows Update
15-11-2013 22:44:38 Windows Update
19-11-2013 15:06:19 Windows Update
26-11-2013 14:37:09 Windows Update
26-11-2013 22:34:27 Removed iTunes
02-12-2013 19:20:17 zoek.exe restore point
03-12-2013 16:03:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {033DDF08-E8B7-415B-9492-F1970BBCDCBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {11CA9A6B-B5DA-4CB8-8F1D-8105A456E8D9} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2010-12-10] (Microsoft)
Task: {187B5554-A427-4839-9DC9-1F8668E2D9E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {19D9E5FF-B508-43BF-811E-BFA5169D9847} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA => C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {1A2ACEF9-864E-4AB5-A411-9D934CB86F1C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {2FF13B05-F3F1-4DC3-98E0-C89BE11A7187} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core => C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {379450D3-6EC7-4BFC-B4F7-C61A8FB8A5B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA => C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19] (Facebook Inc.)
Task: {3C67FD23-ABF5-4533-BB55-3B839CD7AC7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-27] (Microsoft)
Task: {44497554-E5F9-4C3A-BEBC-45A616EDA565} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {5477CCAE-5E42-4005-8653-F6CAF588D408} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core => C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {6C721A43-5507-4B5D-B795-89A21AE8E52F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {6F978BD8-01FB-4DBE-BCC7-F53B2975BF52} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA => C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {708CC49E-11BB-4D48-98F7-4112639A5A8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7AE68F54-DE84-4BB2-9A29-17E90CC6CE8A} - \Dealply No Task File
Task: {7F0A00D8-22B3-41B8-9B6A-D470202A085A} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-12-08] ()
Task: {80A21541-F188-4F1C-9ADD-198494DB547A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {8ADF914F-473A-473C-810F-086E67F6573A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8BF69143-C023-49DB-8B9B-BDE2084519EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {A0D99B16-FAAC-4EF7-B749-A8709DB1ABF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA => C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)
Task: {A9675984-670C-443D-965E-B21E74CF40B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core => C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {AB48DB5F-2D5D-42A8-8BED-80AED900ADE2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {B20BB365-74B6-4D83-A53B-3D231AD7D4A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {C1B5CDCD-6E60-4ED1-A7C6-4D5269CF406C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {C24E7BBE-EA13-4779-8D83-B8BDBB61B2FB} - System32\Tasks\{01049084-A1BE-4321-95D8-97BD57566FD3} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe [2013-04-01] (BioWare)
Task: {D3416318-64F4-4B26-963A-1B33ADCAF775} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {DCBA8E67-2983-4BEE-81FF-3ECC27B32D20} - System32\Tasks\HPCeeScheduleFortina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E918C4CA-C757-4E32-AB94-A6644A51C05D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F3B79EBC-CF34-466E-889A-7D63E4947819} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core => C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job => C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job => C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job => C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job => C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job => C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job => C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job => C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job => C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job => C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFortina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-07-21 13:33 - 2010-07-21 13:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 13:33 - 2010-07-21 13:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 06:22:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (12/03/2013 05:38:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (12/03/2013 04:53:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:44:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:13:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:12:33 PM) (Source: Bonjour Service) (User: )
Description: 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (12/02/2013 09:12:33 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (12/02/2013 06:36:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 06:19:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 05:19:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/03/2013 04:56:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (12/03/2013 04:51:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (12/02/2013 09:46:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (12/02/2013 09:42:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (12/02/2013 09:20:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/02/2013 09:15:35 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (12/02/2013 09:12:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (12/02/2013 08:55:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (12/02/2013 08:55:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (12/02/2013 08:55:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (12/03/2013 06:22:37 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\WinZip\mw3 hack\adxloader.dll.ManifestC:\Program Files (x86)\WinZip\mw3 hack\adxloader.dll.Manifest2

Error: (12/03/2013 05:38:45 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\WinZip\mw3 hack\adxloader.dll.ManifestC:\Program Files (x86)\WinZip\mw3 hack\adxloader.dll.Manifest2

Error: (12/03/2013 04:53:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:44:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:13:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:12:33 PM) (Source: Bonjour Service)(User: )
Description: 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (12/02/2013 09:12:33 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (12/02/2013 06:36:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 06:19:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 05:19:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-02-12 12:03:01.231
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-12 12:03:00.997
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 80%
Total physical RAM: 1642.91 MB
Available physical RAM: 315.75 MB
Total Pagefile: 3285.81 MB
Available Pagefile: 935.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.08 GB) (Free:136.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.72 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2AE82D91)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by tina (administrator) on TIM-HP on 03-12-2013 21:39:25
Running from C:\Users\tina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\tina\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-21] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-16] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [Windows] - "C:\Users\tina\AppData\Roaming\Picture_74596856.Exe"
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7c230f5e-f6a3-11e1-b967-2c27d70ce6a7} - G:\AutoRun.exe
MountPoints2: {8d45f60a-d87f-11e1-92df-2c27d70ce6a7} - F:\Startme.exe
MountPoints2: {a5b9625f-4257-11e3-9a91-2c27d70ce6a7} - G:\Startme.exe
MountPoints2: {d76d1ac5-4103-11e1-bb3e-2c27d70ce6a7} - G:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Tv-Plug-In] - "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\MAMA\...\Run: [Google Update] - C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-18] (Google Inc.)
HKU\MAMA\...\Run: [Facebook Update] - C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-19] (Facebook Inc.)
HKU\MAMA\...\Policies\system: [LogonHoursAction] 2
HKU\MAMA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Tom\...\Run: [Google Update] - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-11] (Google Inc.)
HKU\Tom\...\Run: [Facebook Update] - C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Tom\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\Tom\...\Policies\system: [LogonHoursAction] 2
HKU\Tom\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs:     [ ] ()
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-26] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.searchnu.com/406?appid=484", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=80554a2200000000000068a3c4bb350d", "hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX", "hxxp://www.google.com"
CHR Extension: (ProxTube) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.5_0
CHR Extension: (Docs) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (KWICK! Community) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmlccgdifmjkichgfmelkappjdfabka\1_0
CHR Extension: (Google Wallet) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Mass Effect 3 1920x1080) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbajkfcoapbkccklekmjkhikfdcciojo\1_0
CHR Extension: (Gmail) - C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-26] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-08-02] (Telefónica I+D)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 21:37 - 2013-12-03 21:37 - 00165376 _____ C:\Users\tina\Downloads\SystemLook_x64.exe
2013-12-02 21:33 - 2013-12-02 21:04 - 00000373 _____ C:\zoek-results2013-12-02-200450.log
2013-12-02 21:04 - 2013-12-02 20:58 - 00006935 _____ C:\zoek-results2013-12-02-195824.log
2013-12-02 20:52 - 2013-12-02 20:52 - 00000021 _____ C:\folders.log
2013-12-02 20:20 - 2013-12-02 21:33 - 00000421 _____ C:\zoek-results.log
2013-12-02 20:08 - 2013-12-02 20:14 - 00000000 ____D C:\Users\tina\Desktop\zoek
2013-12-02 20:05 - 2013-12-02 20:07 - 04050563 _____ C:\Users\tina\Downloads\zoek.zip
2013-12-02 20:04 - 2013-12-02 20:04 - 04186953 _____ C:\Users\tina\Downloads\zoek.rar
2013-12-02 19:48 - 2013-12-02 19:48 - 00003146 _____ C:\Windows\System32\Tasks\{6D987DA7-AC1C-4453-AF3E-66F200C35F9A}
2013-12-02 19:43 - 2013-12-02 19:43 - 00003130 _____ C:\Windows\System32\Tasks\{F526267A-8AD6-4299-841E-040B2F6DC008}
2013-12-02 19:37 - 2013-12-02 19:37 - 00003112 _____ C:\Windows\System32\Tasks\{FD9F8EF1-24F8-495F-870E-558133277107}
2013-12-02 19:28 - 2013-12-02 19:28 - 00003134 _____ C:\Windows\System32\Tasks\{EB342B37-1812-4CEE-B641-94F0D6FE673E}
2013-12-02 19:24 - 2013-12-02 20:57 - 00000000 ____D C:\zoek_backup
2013-12-02 19:21 - 2013-12-02 19:21 - 00000000 ____D C:\Users\tina\AppData\Local\WinZip
2013-12-02 17:48 - 2013-12-02 17:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:46 - 2013-12-02 17:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (2).exe
2013-12-02 17:44 - 2013-12-02 17:44 - 00869456 _____ C:\Users\tina\Downloads\Norton21_Removal_Tool.exe
2013-12-02 17:37 - 2013-12-02 17:38 - 01110034 _____ C:\Users\tina\Desktop\adwcleaner.exe
2013-12-01 18:10 - 2013-12-01 18:10 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 18:05 - 2013-12-01 18:06 - 01034531 _____ (Thisisu) C:\Users\tina\Downloads\JRT.exe
2013-12-01 16:54 - 2013-12-01 16:56 - 00033270 _____ C:\Users\tina\Downloads\Addition.txt
2013-12-01 16:52 - 2013-12-02 18:38 - 00000000 ____D C:\AdwCleaner
2013-12-01 16:51 - 2013-12-01 16:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-01 16:46 - 2013-12-01 16:46 - 01959184 _____ (Farbar) C:\Users\tina\Desktop\FRST64.exe
2013-12-01 16:25 - 2013-12-01 16:26 - 58901968 _____ (GridinSoft LLC) C:\Users\tina\Downloads\gtk-2.1.9.8-setup.exe
2013-12-01 16:18 - 2013-12-03 21:41 - 00016171 _____ C:\Users\tina\Downloads\FRST.txt
2013-12-01 16:18 - 2013-12-01 16:18 - 00000000 ____D C:\FRST
2013-12-01 16:09 - 2013-12-01 16:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill64.exe
2013-11-26 23:38 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 23:28 - 2013-11-26 23:28 - 32004832 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\tina\Downloads\FreeYouTubeDownload (2).exe
2013-11-24 08:52 - 2013-11-24 08:52 - 105869762 _____ C:\Windows\SysWOW64\륙뭭ᵌ˜
2013-11-23 19:55 - 2013-11-23 19:55 - 105869762 _____ C:\Windows\SysWOW64\룩ᵌ
2013-11-16 00:07 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-15 23:52 - 2013-11-15 23:52 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 23:52 - 2013-11-15 23:52 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 23:52 - 2013-11-15 23:52 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 23:52 - 2013-11-15 23:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 23:52 - 2013-11-15 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 23:51 - 2013-11-15 23:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 23:51 - 2013-11-15 23:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 23:51 - 2013-11-15 23:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 23:51 - 2013-11-15 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 23:51 - 2013-11-15 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 23:48 - 2013-11-16 00:07 - 00011303 _____ C:\Windows\IE11_main.log
2013-11-15 21:02 - 2013-12-02 21:04 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleFortina
2013-11-15 21:02 - 2013-12-02 21:04 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleFortina.job
2013-11-15 16:29 - 2013-11-15 16:29 - 104401821 _____ C:\Windows\SysWOW64\ᳳᵌZ
2013-11-13 19:48 - 2013-11-13 19:48 - 00000000 ____D C:\190e394a0aceaadfb494
2013-11-13 19:44 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:44 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:43 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 19:43 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 19:43 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:43 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:43 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:43 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 19:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 19:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 19:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 19:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 19:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 19:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 19:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 19:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 19:39 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 19:39 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:39 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 19:39 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:39 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 19:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-05 17:47 - 2013-11-05 17:47 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

==================== One Month Modified Files and Folders =======

2013-12-03 21:41 - 2013-12-01 16:18 - 00016171 _____ C:\Users\tina\Downloads\FRST.txt
2013-12-03 21:37 - 2013-12-03 21:37 - 00165376 _____ C:\Users\tina\Downloads\SystemLook_x64.exe
2013-12-03 21:35 - 2012-03-11 20:29 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job
2013-12-03 21:35 - 2009-07-14 05:51 - 00155803 _____ C:\Windows\setupact.log
2013-12-03 21:14 - 2012-01-16 20:56 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job
2013-12-03 21:12 - 2012-01-21 22:49 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job
2013-12-03 21:04 - 2012-04-16 14:21 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 21:04 - 2012-04-16 14:21 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 20:58 - 2012-06-05 12:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 20:54 - 2012-01-18 16:29 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002UA.job
2013-12-03 20:32 - 2012-01-17 21:23 - 00001134 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA.job
2013-12-03 20:25 - 2011-05-27 13:39 - 01592761 _____ C:\Windows\WindowsUpdate.log
2013-12-03 19:54 - 2012-01-18 16:29 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job
2013-12-03 19:19 - 2012-06-16 08:55 - 00001130 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003UA.job
2013-12-03 17:32 - 2012-01-17 21:23 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job
2013-12-03 17:14 - 2012-01-16 20:56 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core.job
2013-12-03 17:09 - 2012-01-16 20:56 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001UA
2013-12-03 17:09 - 2012-01-16 20:56 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1001Core
2013-12-03 17:03 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 17:03 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 16:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 21:42 - 2010-11-21 04:47 - 00215014 _____ C:\Windows\PFRO.log
2013-12-02 21:33 - 2013-12-02 20:20 - 00000421 _____ C:\zoek-results.log
2013-12-02 21:04 - 2013-12-02 21:33 - 00000373 _____ C:\zoek-results2013-12-02-200450.log
2013-12-02 21:04 - 2013-11-15 21:02 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleFortina
2013-12-02 21:04 - 2013-11-15 21:02 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleFortina.job
2013-12-02 20:58 - 2013-12-02 21:04 - 00006935 _____ C:\zoek-results2013-12-02-195824.log
2013-12-02 20:57 - 2013-12-02 19:24 - 00000000 ____D C:\zoek_backup
2013-12-02 20:52 - 2013-12-02 20:52 - 00000021 _____ C:\folders.log
2013-12-02 20:14 - 2013-12-02 20:08 - 00000000 ____D C:\Users\tina\Desktop\zoek
2013-12-02 20:07 - 2013-12-02 20:05 - 04050563 _____ C:\Users\tina\Downloads\zoek.zip
2013-12-02 20:04 - 2013-12-02 20:04 - 04186953 _____ C:\Users\tina\Downloads\zoek.rar
2013-12-02 19:48 - 2013-12-02 19:48 - 00003146 _____ C:\Windows\System32\Tasks\{6D987DA7-AC1C-4453-AF3E-66F200C35F9A}
2013-12-02 19:43 - 2013-12-02 19:43 - 00003130 _____ C:\Windows\System32\Tasks\{F526267A-8AD6-4299-841E-040B2F6DC008}
2013-12-02 19:37 - 2013-12-02 19:37 - 00003112 _____ C:\Windows\System32\Tasks\{FD9F8EF1-24F8-495F-870E-558133277107}
2013-12-02 19:28 - 2013-12-02 19:28 - 00003134 _____ C:\Windows\System32\Tasks\{EB342B37-1812-4CEE-B641-94F0D6FE673E}
2013-12-02 19:21 - 2013-12-02 19:21 - 00000000 ____D C:\Users\tina\AppData\Local\WinZip
2013-12-02 18:38 - 2013-12-01 16:52 - 00000000 ____D C:\AdwCleaner
2013-12-02 18:17 - 2011-05-27 14:06 - 00000000 ____D C:\ProgramData\Norton
2013-12-02 17:50 - 2011-05-27 14:07 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-02 17:48 - 2013-12-02 17:48 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:48 - 2013-05-01 17:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 17:47 - 2013-12-02 17:46 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (2).exe
2013-12-02 17:44 - 2013-12-02 17:44 - 00869456 _____ C:\Users\tina\Downloads\Norton21_Removal_Tool.exe
2013-12-02 17:38 - 2013-12-02 17:37 - 01110034 _____ C:\Users\tina\Desktop\adwcleaner.exe
2013-12-01 18:10 - 2013-12-01 18:10 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 18:06 - 2013-12-01 18:05 - 01034531 _____ (Thisisu) C:\Users\tina\Downloads\JRT.exe
2013-12-01 17:50 - 2012-02-25 00:21 - 00000000 ____D C:\ProgramData\ICQ
2013-12-01 16:56 - 2013-12-01 16:54 - 00033270 _____ C:\Users\tina\Downloads\Addition.txt
2013-12-01 16:53 - 2013-12-01 16:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\tina\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-01 16:46 - 2013-12-01 16:46 - 01959184 _____ (Farbar) C:\Users\tina\Desktop\FRST64.exe
2013-12-01 16:26 - 2013-12-01 16:25 - 58901968 _____ (GridinSoft LLC) C:\Users\tina\Downloads\gtk-2.1.9.8-setup.exe
2013-12-01 16:19 - 2012-06-16 08:55 - 00001108 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job
2013-12-01 16:18 - 2013-12-01 16:18 - 00000000 ____D C:\FRST
2013-12-01 16:09 - 2013-12-01 16:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill.exe
2013-12-01 16:09 - 2013-12-01 16:09 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\tina\Downloads\rkill64.exe
2013-12-01 15:54 - 2012-01-16 19:42 - 00000000 ___RD C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-01 15:47 - 2012-01-16 20:57 - 00002571 _____ C:\Users\tina\Desktop\Google Chrome.lnk
2013-12-01 15:47 - 2012-01-16 19:42 - 00001655 _____ C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-01 13:35 - 2012-03-11 20:29 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1003Core.job
2013-11-29 20:44 - 2013-01-18 20:46 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-29 20:44 - 2012-02-18 21:41 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-29 12:12 - 2012-01-21 22:49 - 00001112 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445592238-4143421246-3948701370-1002Core.job
2013-11-27 00:11 - 2012-07-29 00:25 - 00000000 ___RD C:\Users\tina\Desktop\Für Handy
2013-11-26 23:45 - 2013-02-12 12:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-26 23:39 - 2013-06-07 17:05 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-26 23:38 - 2013-11-26 23:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 23:37 - 2012-07-17 22:25 - 00000000 ____D C:\Users\tina\AppData\Roaming\DVDVideoSoft
2013-11-26 23:28 - 2013-11-26 23:28 - 32004832 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\tina\Downloads\FreeYouTubeDownload (2).exe
2013-11-26 12:17 - 2011-04-26 23:57 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-11-26 12:17 - 2011-04-26 23:57 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-11-26 12:17 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 19:29 - 2013-05-22 20:00 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 19:29 - 2013-05-01 23:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 19:53 - 2012-08-21 17:01 - 00000000 ____D C:\Users\tina\AppData\Roaming\.minecraft
2013-11-24 18:20 - 2012-06-04 13:26 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2013-11-24 08:52 - 2013-11-24 08:52 - 105869762 _____ C:\Windows\SysWOW64\륙뭭ᵌ˜
2013-11-23 19:55 - 2013-11-23 19:55 - 105869762 _____ C:\Windows\SysWOW64\룩ᵌ
2013-11-23 08:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 19:20 - 2012-05-10 18:05 - 00000000 ____D C:\Users\tina\AppData\Roaming\Spotify
2013-11-19 18:58 - 2012-05-10 18:05 - 00000000 ____D C:\Users\tina\AppData\Local\Spotify
2013-11-19 15:51 - 2012-01-21 08:56 - 00001425 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 16:37 - 2012-04-12 16:45 - 00000000 ____D C:\Users\tina\AppData\Local\CrashDumps
2013-11-16 18:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-16 00:07 - 2013-11-15 23:48 - 00011303 _____ C:\Windows\IE11_main.log
2013-11-15 23:52 - 2013-11-15 23:52 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 23:52 - 2013-11-15 23:52 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 23:52 - 2013-11-15 23:52 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 23:52 - 2013-11-15 23:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 23:52 - 2013-11-15 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 23:52 - 2013-11-15 23:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 23:52 - 2013-11-15 23:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 23:51 - 2013-11-15 23:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 23:51 - 2013-11-15 23:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 23:51 - 2013-11-15 23:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 23:51 - 2013-11-15 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 23:51 - 2013-11-15 23:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 23:51 - 2013-11-15 23:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 23:51 - 2013-11-15 23:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-15 16:29 - 2013-11-15 16:29 - 104401821 _____ C:\Windows\SysWOW64\ᳳᵌZ
2013-11-13 19:48 - 2013-11-13 19:48 - 00000000 ____D C:\190e394a0aceaadfb494
2013-11-13 19:48 - 2013-07-22 22:18 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 19:48 - 2012-01-22 18:00 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 18:39 - 2012-01-23 11:58 - 00000000 ____D C:\Users\MAMA\AppData\Local\CrashDumps
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-05 17:47 - 2013-11-05 17:47 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-11-05 17:47 - 2011-05-27 13:39 - 00284520 _____ C:\Windows\DPINST.LOG
2013-11-05 17:46 - 2011-04-26 14:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\MAMA\AppData\Local\Temp\AskSLib.dll
C:\Users\tina\AppData\Local\Temp\7za.exe
C:\Users\tina\AppData\Local\Temp\air38BF.exe
C:\Users\tina\AppData\Local\Temp\airBF5D.exe
C:\Users\tina\AppData\Local\Temp\AskSLib.dll
C:\Users\tina\AppData\Local\Temp\avgnt.exe
C:\Users\tina\AppData\Local\Temp\BackupSetup.exe
C:\Users\tina\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\tina\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\tina\AppData\Local\Temp\Extract.exe
C:\Users\tina\AppData\Local\Temp\hijackthis.exe
C:\Users\tina\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\tina\AppData\Local\Temp\MybabylonTB.exe
C:\Users\tina\AppData\Local\Temp\NirCmd.exe
C:\Users\tina\AppData\Local\Temp\PEVZ.EXE
C:\Users\tina\AppData\Local\Temp\propsys.dll
C:\Users\tina\AppData\Local\Temp\Quarantine.exe
C:\Users\tina\AppData\Local\Temp\remove.exe
C:\Users\tina\AppData\Local\Temp\ResetDevice.exe
C:\Users\tina\AppData\Local\Temp\sed.exe
C:\Users\tina\AppData\Local\Temp\shortcut.exe
C:\Users\tina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\tina\AppData\Local\Temp\SP55152.exe
C:\Users\tina\AppData\Local\Temp\SP56929.exe
C:\Users\tina\AppData\Local\Temp\SP57049.exe
C:\Users\tina\AppData\Local\Temp\SP60713.exe
C:\Users\tina\AppData\Local\Temp\swreg.exe
C:\Users\tina\AppData\Local\Temp\swxcacls.exe
C:\Users\tina\AppData\Local\Temp\wget.exe
C:\Users\tina\AppData\Local\Temp\xyhhsbqw.dll
C:\Users\tina\AppData\Local\Temp\zoek-delete.exe
C:\Users\Tom\AppData\Local\Temp\AskSLib.dll
C:\Users\Tom\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-03 17:38

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 21:49 on 03/12/2013 by tina
Administrator - Elevation successful

========== filefind ==========

Searching for "*nationzoom*"
No files found.

========== folderfind ==========

Searching for "*nationzoom*"
No folders found.

========== regfind ==========

Searching for "nationzoom"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Search_URL"="hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Search Page"="hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}"

-= EOF =-

Ich glaub es gibt sonst keine Probleme mit Malware mehr, mir sind zumindest keine bekannt.
Ansonsten läuft alles ziemlich gut.

M-K-D-B · 04.12.2013, 19:57

Servus,

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKCU\...\Run: [Windows] - "C:\Users\tina\AppData\Roaming\Picture_74596856.Exe"
C:\Users\tina\AppData\Roaming\Picture_74596856.Exe
AppInit_DLLs:     [ ] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Program Files\Enigma Software Group
C:\Users\MAMA\AppData\Local\Temp\*.dll
C:\Users\MAMA\AppData\Local\Temp\*.exe
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

T2807 · 06.12.2013, 02:33

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013
Ran by tina at 2013-12-04 23:58:23 Run:1
Running from C:\Users\tina\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [Windows] - "C:\Users\tina\AppData\Roaming\Picture_74596856.Exe"
C:\Users\tina\AppData\Roaming\Picture_74596856.Exe
AppInit_DLLs:     [ ] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385909237&from=tugs&uid=HitachiXHTS543232A7A384_E2034243C4K1ZDC4K1ZDX&q={searchTerms}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Program Files\Enigma Software Group
C:\Users\MAMA\AppData\Local\Temp\*.dll
C:\Users\MAMA\AppData\Local\Temp\*.exe
end
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows => Value deleted successfully.
"C:\Users\tina\AppData\Roaming\Picture_74596856.Exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\MAMA\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\MAMA\AppData\Local\Temp\*.exe => Moved successfully.

==== End of Fixlog ====

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : TIM-HP
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : TIM-HP\tina
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-12-05 18:43:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 94

   Objects scanned . . . : 1.585.409
   Files scanned . . . . : 57.496
   Remnants scanned  . . : 601.076 files / 926.837 keys

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-1445592238-4143421246-3948701370-1003\Software\Softonic\ (Softonic) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.123-template.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.12mnkys.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.doubleclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ics-int.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adtiger.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cartown.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.eurogamer.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.jinkads.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.locopengu.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.msvp.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.oomz.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.socialvi.be
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.visionads.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserv.me
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.airmotion-games.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.directcorp.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:promperu.solution.weborama.fr
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.com
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d73053a38e2bf54598979c1142d93851
# engine=16150
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-05 06:31:22
# local_time=2013-12-05 07:31:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 9896 132031302 2568 0
# compatibility_mode=5893 16776573 100 94 165200 137898132 0 0
# scanned=1156
# found=0
# cleaned=0
# scan_time=524
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d73053a38e2bf54598979c1142d93851
# engine=16150
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-06 12:59:08
# local_time=2013-12-06 01:59:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 33162 132054568 25834 0
# compatibility_mode=5893 16776573 100 94 192066 137921398 0 0
# scanned=225904
# found=4
# cleaned=0
# scan_time=22983
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats" ac=I fn="C:\Users\tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USWUNLCS\PCHealthKit[1].exe"
sh=948C83C98A86C129E5B49D61A6004D3BB940B0EA ft=1 fh=84d52bf3a9d301a7 vn="multiple threats" ac=I fn="C:\Users\tina\AppData\Local\Temp\airBF5D.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="multiple threats" ac=I fn="C:\Users\tina\AppData\Local\Temp\{B61914AE-6875-4FEB-92DC-AEB9DCB8BF98}\setup.exe"
sh=DD9883F9D9D539CB6C49A562F3AFF28DFF26549D ft=0 fh=0000000000000000 vn="MSIL/Spy.Agent.BP trojan" ac=I fn="C:\zoek_backup\C_Users_tina_AppData_Roaming_mbhcx.vbs.vir"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java(TM) 6 Update 22  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

M-K-D-B · 06.12.2013, 20:09

Servus,

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1

Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Java(TM) 6 Update 22
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:

Bitte besuche diese Seite von Adobe.
Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
Installiere die neuste Version auf deinem Computer.

Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 4
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 5
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

T2807 · 07.12.2013, 00:08

Ich hab jetzt immer noch Nationzoom wenn ich Chrome öffne. Ich hab jetzt mal Firefox runtergeladen und da hab ich das nicht.

M-K-D-B · 07.12.2013, 10:53

Servus,

ok, dann mach mal bitte folgendes in Chrome:

Schritt 1

Öffne Google Chrome.
Klicke rechts oben auf Google Chrome anpassen.
Wähle Einstellungen.
-------------------------------------------------------------
Unter Erscheinungsbild > Haken setzen bei "Schaltfläche Startseite anzeigen"
Unter "Neuer Tab"-Seite klicke auf Ändern
Unter Diese Seite öffnen gib deine gewünschte Seite ein, z. B. www.google.de
Bestätige mit Ok.
-------------------------------------------------------------
Unter Beim Start > Wähle "Bestimmte Seite oder Seiten öffnen" aus und klicke auf Seiten festlegen.
Gib die gewünschte Startseite ein und bestätige mit Ok.
-------------------------------------------------------------
Unter Suche klicke auf Suchmachinen verwalten.
Bewege den Mauszeiger auf Google.de und klicke auf den blau hinterlegten Button Als Standard festlegen.
Bewege nun den Mauszeiger auf Nationzoom und klicke rechts auf das Symbol X.
Bestätige mit Fertig.
-------------------------------------------------------------
Klicke links oben auf Erweiterungen und setze nun ein Häkchen vor Entwicklermodus.
Kopiere dir die Namen aller Erweiterungen, inklusive der jeweiligen ID, wie z. B.
avast! WebRep 8.0.1483 -> ID: icmlaeflemplmjndnaapfdbbnpncnbda
und poste mir die Namen und IDs mit deiner nächsten Antwort.
Schließe Google Chrome.

Schritt 2
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bitte poste mit deiner nächsten Antwort

die Liste der IDs von Google Chrome,
die neuen Logdateien von FRST.

T2807 · 07.12.2013, 19:46

ID: aohghmighlieiainnegkcijnfilokake

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by tina (administrator) on TIM-HP on 07-12-2013 19:43:41
Running from C:\Users\tina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe
(Facebook Inc.) C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Spotify Ltd) C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-21] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-16] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\tina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-19] (Spotify Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {7c230f5e-f6a3-11e1-b967-2c27d70ce6a7} - G:\AutoRun.exe
MountPoints2: {8d45f60a-d87f-11e1-92df-2c27d70ce6a7} - F:\Startme.exe
MountPoints2: {a5b9625f-4257-11e3-9a91-2c27d70ce6a7} - G:\Startme.exe
MountPoints2: {d76d1ac5-4103-11e1-bb3e-2c27d70ce6a7} - G:\AutoRun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Tv-Plug-In] - "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKU\MAMA\...\Run: [Google Update] - C:\Users\MAMA\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-18] (Google Inc.)
HKU\MAMA\...\Run: [Facebook Update] - C:\Users\MAMA\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-19] (Facebook Inc.)
HKU\MAMA\...\Policies\system: [LogonHoursAction] 2
HKU\MAMA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Tom\...\Run: [Google Update] - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-11] (Google Inc.)
HKU\Tom\...\Run: [Facebook Update] - C:\Users\Tom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Tom\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\Tom\...\Policies\system: [LogonHoursAction] 2
HKU\Tom\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-26] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\yscjzhxt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\tina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\tina\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\tina\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/

M-K-D-B · 08.12.2013, 11:21

Servus,

Logdateien von FRST sind unvollständig.

noch Probleme mit Nationzoom?

M-K-D-B · 12.12.2013, 17:12

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

08.12.2013, 11:21	#14
M-K-D-B /// TB-Ausbilder	Nationzoom entfernen Servus, Logdateien von FRST sind unvollständig. noch Probleme mit Nationzoom?

12.12.2013, 17:12	#15
M-K-D-B /// TB-Ausbilder	Nationzoom entfernen Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Nationzoom entfernen

Log-Analyse und Auswertung: Nationzoom entfernen