PDA

Visualizza versione completa : Virus e Spyware win.worm.palevo-4055



meringa
06-07-14, 10: 40
Buongiorno,
ho rilevato il virus suindicato sul mio PC, SO Windows 7. Ho usato per la scansione malwarebytes, Kaspersky e Clamwin, solo quest'ultimo ha rilevato questo virus ma non lo riesce a eliminare.
Ho cercato sul web ma spesso le pagine promuovono antivirus specifici che non so quanto possano essere attendibili :boh...
Potreste consigliarmi qualcosa?:triste

Grazie!:bai

LadyHawke
06-07-14, 11: 53
Ciao meringa, se hai usato Kaspersky mi pare strano perchè è abilitato a trovare quel worm: hai usato il RescueDisk di Kaspersky? Se si, hai fatto l'aggiornamento delle firme virus prima della scansione? Come ti sei accorto di avere il virus e quale antivirus hai normalmente sul PC?
Puoi allegare un log di HJT (http://sourceforge.net/projects/hjt/files/latest/download)?

:bai

Clairvoyant
06-07-14, 12: 08
Ciao meringa,

a parte ClamWin, con quale altro software/metodo hai rilevato la presenza di quel malware?
Il rilevamento è avvenuto dopo aver installato qualcosa o fatto qualcosa di particolare?
Quali sintomi si verificano sul computer infetto?

Fammi sapere in merito alle domande, nel frattempo diamo una controllata.

Scarica FRST (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) 32/64bit a seconda della versione del tuo sistema operativo e:


Lancia FRST con doppio click sull'icona
Rispondi SI al disclaimer che comparirà
Clicka sul pulsante Scan

Al termine della scansione verranno visualizzati il log di FRST ed il log addizionale. Chiudi FRST e copiaincolla il contenuto del file FRST.txt ed allega il file Addition.txt.

N.B.: dopo aver effettuato la scansione con FRST non installare/disintallare nulla e non apportare modifiche al sistema altrimenti eventuali azioni successive potrebbero risultare più difficoltose.


:bai

meringa
06-07-14, 20: 54
questo è Addition.txt


Only registered members can view code.

Clairvoyant
06-07-14, 23: 59
Ciao meringa,

non hai postato il contenuto del file FRST.txt, senza quello non abbiamo le informazioni per procedere.:hap
Invialo appena puoi.

:bai

meringa
07-07-14, 07: 57
Ciao meringa,

non hai postato il contenuto del file FRST.txt, senza quello non abbiamo le informazioni per procedere.:hap
Invialo appena puoi.

:bai

L'avevo postato ma non è apparso, ripeto :hap


Only registered members can view code.

meringa
07-07-14, 08: 00
Ciao meringa,

non hai postato il contenuto del file FRST.txt, senza quello non abbiamo le informazioni per procedere.:hap
Invialo appena puoi.

:bai

Scusa ho riprovato a postarlo per la terza volta, ma il sistema mi risponde che non sarà visibile finché un moderatore non l'avrà approvato :boh

Puoi verificare? :bai

Potreti

---------- Post Unito alle 08: 04 ----------


Ciao meringa, se hai usato Kaspersky mi pare strano perchè è abilitato a trovare quel worm: hai usato il RescueDisk di Kaspersky? Se si, hai fatto l'aggiornamento delle firme virus prima della scansione? Come ti sei accorto di avere il virus e quale antivirus hai normalmente sul PC?
Puoi allegare un log di HJT (http://sourceforge.net/projects/hjt/files/latest/download)?

:bai

Ho fatto l'aggiornamento e ho usato RescueDisk, ma in effetti succede una cosa strana perché quando avvio la scansione dura pochissimo, meno di un minuto, fino adesso l'ho sempre usato ed è stato sempre efficace :boh

Mi sono accorta del virus perché ho caricato un video da una chiavetta su FB e mi hanno risposto che conteneva un virus...

:bai

LadyHawke
07-07-14, 11: 29
Confermo che alcuni messaggi erano finiti in moderazione, adesso dovrebbe essere tutto a posto.


ma in effetti succede una cosa strana perché quando avvio la scansione dura pochissimo, meno di un minuto,
Probabile che tu abbia lasciato la selezione di default sulle aree di scansione senza selezionare anche il disco C: :sisi

:bai

Clairvoyant
09-07-14, 00: 11
Ciao meringa,

purtroppo non ho avuto tempo di analizzare nel dettaglio i log che hai mandato :ehmm, però a prima vista non sembrano esserci grosse cose.
Al momento diamo una controllata anche con AdwCleaner, dopodichè partiamo con le pulizie.

Scarica AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) e salvalo sul desktop, poi:


Chiudi tutti programmi aperti, compresi i browser internet
Click Dx sull'icona di AdwCleaner => Esegui come Ammnistratore
Nel caso comparisse un disclaimer, clicca su SI
Clicca sul pulsante Scansiona ed attendi
Una volta terminata la scansione, clicca sul pulsante Rapporto


Si aprirà un log, copiaincollalo nel tuo prossimo post.

:bai

meringa
09-07-14, 08: 21
:bai
Rapporto

# AdwCleaner v3.215 - Rapporto creato 09/07/2014 in 08:18:54
# Aggiornato 09/07/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Sabrisch - SABRISCH-HP
# In esecuzione da : C:\Users\Sabrisch\Downloads\AdwCleaner.exe
# Opzione : Scansiona

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\Users\Sabrisch\Documents\Updater
File Trovato : C:\Users\Sabrisch\AppData\Local\Temp\Uninstall.exe

***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKCU\Software\Myfree Codec
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : [x64] HKCU\Software\Myfree Codec
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r
Chiave Trovati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r.1
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI 32
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMAN CS
Chiave Trovati : HKLM\Software\Myfree Codec
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Trovati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3522 octets] - [09/07/2014 08:18:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3582 octets] ##########

Clairvoyant
09-07-14, 22: 56
Ciao meringa :hap

Scarica il file fixlist.txt (http://www.fileconvoy.com/gf.php?id=g8e18389573e364fc999527358.556223193ba8b 641e47d9b&sts=14049391337924229196454ee46578b4157e43c289bcdd 447767) e salvalo nella stessa cartella dove hai salvato FRST, poi lancia FRST e clicca sul pulsante Fix.
Quando la scansione sarà terminata comparirà il log Fixlog.txt, copiaincolla i contenuti nel tuo prossimo post.

Poi avrei qualche domanda e servirebbero un paio di scansioni online.

Sei in LAN e/o conosci il computer MALON-2CB9A4D2A?
Sai cos'è F:\DVAP.exe presente su una chiavetta USB?
Il filmato che FB rilevava come infetto è uno di questi?

2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.cos2
2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Calper Filmato 1.cos2


Se i filmati sono quelli, caricali su VirusTotal (https://www.virustotal.com/ro/) e vediamo se viene rilevato qualcosa.
Se non sono quelli ma hai ancora quello rilevato come infetto, idem, e stesso discorso per il file DVAP.exe, a meno che tu non sappia cosa sia.
Fammi sapere se vengono rilevati come infetti e nel caso posta i link che troverai nella barra degli indirizzi delle pagine dei report.

Qualora servisse, per fare l'upload su VirusTotal dei file in questione devi cliccare su Choose File, scegliere il file da scansionare e infine cliccare su Scan It!.

:bai

meringa
11-07-14, 10: 59
Ciao meringa :hap

Scarica il file fixlist.txt (http://www.fileconvoy.com/gf.php?id=g8e18389573e364fc999527358.556223193ba8b 641e47d9b&sts=14049391337924229196454ee46578b4157e43c289bcdd 447767) e salvalo nella stessa cartella dove hai salvato FRST, poi lancia FRST e clicca sul pulsante Fix.
Quando la scansione sarà terminata comparirà il log Fixlog.txt, copiaincolla i contenuti nel tuo prossimo post.

Ecco il risultato:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by Sabrisch at 2014-07-11 10:53:36 Run:1
Running from C:\Users\Sabrisch\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Folder: C:\Users\Sabrisch\Downloads\Downloader
Folder: C:\Users\Sabrisch\Documents\Updater
*****************


========================= Folder: C:\Users\Sabrisch\Downloads\Downloader ========================

The path is not a directory.

========================= Folder: C:\Users\Sabrisch\Documents\Updater ========================


====== End of Folder: ======


==== End of Fixlog ====



Poi avrei qualche domanda e servirebbero un paio di scansioni online.

Sei in LAN e/o conosci il computer MALON-2CB9A4D2A?
è un PC che era in rete, ma adesso non riesco più ad accedere, comunque non è importante

Sai cos'è F:\DVAP.exe presente su una chiavetta USB?

Il filmato che FB rilevava come infetto è uno di questi?

2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.cos2
2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Calper Filmato 1.cos2


Se i filmati sono quelli, caricali su VirusTotal (https://www.virustotal.com/ro/) e vediamo se viene rilevato qualcosa.
Se non sono quelli ma hai ancora quello rilevato come infetto, idem, e stesso discorso per il file DVAP.exe, a meno che tu non sappia cosa sia.
Fammi sapere se vengono rilevati come infetti e nel caso posta i link che troverai nella barra degli indirizzi delle pagine dei report.

La chiavetta ho appurato essere infetta, i video venivano da lì, colpa mia troppo superficiale:ehmm in realtà non mi servono quindi se li cancellassi?

Qualora servisse, per fare l'upload su VirusTotal dei file in questione devi cliccare su Choose File, scegliere il file da scansionare e infine cliccare su Scan It!.

:bai


:bai e :thx per il tuo aiuto

Clairvoyant
11-07-14, 21: 25
Ciao meringa :hap

Avevo chiesto se conoscevi quel computer perchè se non fosse stato in LAN non sarebbe stato bello.:tong2
Cancella pure quei file e magari fai una scansione alla chiavetta, poi diamo una pulita al resto. E' robetta ma intanto che ci siamo togliamola.:eye

Prima di effettuare le operazioni sotto riportate, ricordati di tenere la protezione in tempo reale di Malwarebytes Antimalware disattivata.

1- Fix con FRST


Scarica il file fixlist.txt (http://www.fileconvoy.com/dfl.php?id=g27764da99691282599952834804820f3cd0922 e47)
Lancia FRST
Clicca su Fix

Una volta terminato comparirà il log, chiudilo e chiudi anche FRST.

2- Fix con AdwCleaner


Chiudi tutti programmi aperti, compresi i browser internet
Click Dx sull'icona di AdwCleaner => Esegui come Amministratore
Clicca sul pulsante Scansiona ed attendi
Clicca sul pulsante Pulisci

Una volta terminata la scansione, riavvia il computer se richiesto.


3- Fix con JRT


Scarica JRT (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
Chiudi tutti programmi aperti, compresi i browser internet
Click Dx sull'icona di JRT => Esegui come Amministratore
Quando comparirà la schermata nera del prompt, premi un tasto per continuare
Attendi che la scansione termini

Al termine esegui ancora una scansione con FRST, poi nella risposta copiaincolla (senza usare i box quote, code o altro) il contenuto dei seguenti log:


Fixlog.txt
C:\AdwCleaner[S#].txt
JRT.txt
FRST.log


Ciao :bai

meringa
15-07-14, 22: 27
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
Ran by Sabrisch at 2014-07-15 14:52:09 Run:2
Running from C:\Users\Sabrisch\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
2014-07-02 10:48 - 2014-07-02 10:48 - 00110697 _____ () C:\Users\Sabrisch\Downloads\Downloader
C:\Users\Sabrisch\AppData\Local\Temp\ICReinstall_D ownloadManagerSetup.exe
C:\Users\Sabrisch\AppData\Local\Temp\sp58915.exe
C:\Users\Sabrisch\AppData\Local\Temp\uninstall.exe
C:\Users\Sabrisch\AppData\Local\Temp\UninstallHPSA .exe
C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Sabrisch\AppData\Local\Temp\Welcome.exe
C:\Users\Sabrisch\AppData\Local\Temp\_is1DCC.exe
C:\Users\Sabrisch\AppData\Local\Temp\_is4A2C.exe
C:\Users\Sabrisch\AppData\Local\Temp\_is782E.exe
C:\Users\Sabrisch\AppData\Local\Temp\_is8371.exe
C:\Users\Sabrisch\AppData\Local\Temp\_isF0D.exe


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\\ => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
'HKCR\PROTOCOLS\Filter\text/xml' => Key deleted successfully.
'HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}'=> Key not found.
C:\Users\Sabrisch\Downloads\Downloader => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\ICReinstall_D ownloadManagerSetup.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\uninstall.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\UninstallHPSA .exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.6-win32.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\Welcome.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\_is1DCC.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\_is4A2C.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\_is782E.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\_is8371.exe => Moved successfully.
C:\Users\Sabrisch\AppData\Local\Temp\_isF0D.exe => Moved successfully.

==== End of Fixlog ====

---------- Post Unito alle 22: 28 ----------

AdwCleaner
# AdwCleaner v3.215 - Rapporto creato 15/07/2014 in 14:54:53
# Aggiornato 09/07/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Sabrisch - SABRISCH-HP
# In esecuzione da : C:\Users\Sabrisch\Downloads\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Users\Sabrisch\Documents\Updater

***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI 32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMAN CS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chiave Eliminati : HKCU\Software\Myfree Codec
Chiave Eliminati : HKLM\Software\Myfree Codec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3698 octets] - [09/07/2014 08:18:54]
AdwCleaner[R1].txt - [3231 octets] - [15/07/2014 14:54:11]
AdwCleaner[S0].txt - [2896 octets] - [15/07/2014 14:54:53]

---------- Post Unito alle 22: 28 ----------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sabrisch on 15/07/2014 at 15:00:20,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared

---------- Post Unito alle 22: 28 ----------

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Sabrisch (administrator) on SABRISCH-HP on 15-07-2014 15:09:54
Running from C:\Users\Sabrisch\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSy ncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.ita\Office14\WINWORDC.EXE
() Q:\140066.ita\Office14\OffSpon.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [613384 2013-12-20] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-07-08] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\MountPoints2: {1661b105-3b00-11e2-ac9f-806e6f6e6963} - F:\DVAP.exe
Startup: C:\Users\Sabrisch\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/servizi/fastmail/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/23
SearchScopes: HKLM - {54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-02] ()
ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-02] ()
Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp .dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Pepp erFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGo ogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf. dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2012-10-16]
CHR Extension: (Ricerca Google) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2012-10-16]
CHR Extension: (Leopard) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\godonogejncfejlhhgapgnceno ipjbji [2012-10-16]
CHR Extension: (Google Wallet) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2012-10-16]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-10-19] (Adobe Systems) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ezSharedSvc; C:\windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 15:07 - 2014-07-15 15:07 - 00000993 _____ () C:\Users\Sabrisch\Desktop\JRT.txt
2014-07-15 15:00 - 2014-07-15 15:00 - 00000000 ____D () C:\windows\ERUNT
2014-07-15 14:58 - 2014-07-15 14:59 - 01016261 _____ (Thisisu) C:\Users\Sabrisch\Downloads\JRT.exe
2014-07-11 10:53 - 2014-07-15 14:50 - 00000000 ____D () C:\Users\Sabrisch\Downloads\FRST-OlderVersion
2014-07-11 08:52 - 2014-07-11 08:52 - 04996210 _____ (Tim Kosse) C:\Users\Sabrisch\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-09 08:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-09 08:18 - 2014-07-15 14:55 - 00000000 ____D () C:\AdwCleaner
2014-07-09 08:14 - 2014-07-09 08:14 - 01348263 _____ () C:\Users\Sabrisch\Downloads\AdwCleaner.exe
2014-07-06 20:33 - 2014-07-15 15:09 - 00015408 _____ () C:\Users\Sabrisch\Downloads\FRST.txt
2014-07-06 20:33 - 2014-07-15 15:09 - 00000000 ____D () C:\FRST
2014-07-06 20:33 - 2014-07-06 20:36 - 00035674 _____ () C:\Users\Sabrisch\Downloads\Addition.txt
2014-07-06 20:32 - 2014-07-15 14:50 - 02086912 _____ (Farbar) C:\Users\Sabrisch\Downloads\FRST64.exe
2014-07-06 11:08 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-07-06 11:03 - 2014-07-06 11:03 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-06 11:03 - 2014-07-06 11:03 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-06 11:03 - 2014-07-06 11:03 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-06 11:03 - 2014-07-06 11:03 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-06 11:03 - 2014-07-06 11:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-06 11:03 - 2014-07-06 11:03 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-07-06 11:03 - 2014-07-06 11:03 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-06 11:03 - 2014-07-06 11:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-07-06 11:01 - 2014-07-06 11:08 - 00011524 _____ () C:\windows\IE11_main.log
2014-07-06 11:01 - 2014-07-06 11:01 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-07-06 11:01 - 2014-07-06 11:01 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-07-06 10:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-06 10:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-06 10:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-06 10:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-07-06 10:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-07-06 10:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-06 10:52 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-06 10:52 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-06 10:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-07-06 10:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-07-06 10:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-07-06 10:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-06 10:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-07-06 10:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-06 10:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-06 10:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-07-06 10:51 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-07-06 10:51 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-07-06 10:51 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-07-06 10:51 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-07-06 10:51 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-07-06 10:51 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-07-06 10:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-06 10:51 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-06 10:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-06 10:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-06 10:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-06 10:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-06 10:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-06 10:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-06 10:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-07-06 10:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-07-06 10:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-07-06 10:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-07-06 10:51 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-07-06 10:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-07-06 10:51 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-07-06 10:51 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-06 10:51 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-07-06 10:51 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-07-06 10:51 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-07-06 10:51 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-07-06 10:51 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-07-06 10:51 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-07-06 10:51 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-07-06 10:51 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-06 10:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-06 10:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-06 10:51 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-07-06 10:51 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-07-06 10:51 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-07-04 16:22 - 2014-07-15 14:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 16:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-04 16:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-04 15:38 - 2014-07-04 15:43 - 27663244 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.wmv

==================== One Month Modified Files and Folders =======

2014-07-15 15:10 - 2014-07-06 20:33 - 00015408 _____ () C:\Users\Sabrisch\Downloads\FRST.txt
2014-07-15 15:09 - 2014-07-06 20:33 - 00000000 ____D () C:\FRST
2014-07-15 15:07 - 2014-07-15 15:07 - 00000993 _____ () C:\Users\Sabrisch\Desktop\JRT.txt
2014-07-15 15:03 - 2009-07-14 06:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 15:03 - 2009-07-14 06:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 15:00 - 2014-07-15 15:00 - 00000000 ____D () C:\windows\ERUNT
2014-07-15 15:00 - 2012-09-01 00:44 - 00739448 _____ () C:\windows\system32\perfh010.dat
2014-07-15 15:00 - 2012-09-01 00:44 - 00146262 _____ () C:\windows\system32\perfc010.dat
2014-07-15 15:00 - 2009-07-14 07:13 - 01655254 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-15 14:59 - 2014-07-15 14:58 - 01016261 _____ (Thisisu) C:\Users\Sabrisch\Downloads\JRT.exe
2014-07-15 14:59 - 2012-10-15 19:56 - 01574232 _____ () C:\windows\WindowsUpdate.log
2014-07-15 14:56 - 2014-07-04 16:22 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 14:56 - 2014-03-04 11:37 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForSabrisch.job
2014-07-15 14:56 - 2012-10-16 10:41 - 00001150 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 14:56 - 2012-09-01 01:22 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-15 14:56 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-15 14:55 - 2014-07-09 08:18 - 00000000 ____D () C:\AdwCleaner
2014-07-15 14:55 - 2010-11-21 05:47 - 00492908 _____ () C:\windows\PFRO.log
2014-07-15 14:55 - 2009-07-14 06:51 - 00144621 _____ () C:\windows\setupact.log
2014-07-15 14:50 - 2014-07-11 10:53 - 00000000 ____D () C:\Users\Sabrisch\Downloads\FRST-OlderVersion
2014-07-15 14:50 - 2014-07-06 20:32 - 02086912 _____ (Farbar) C:\Users\Sabrisch\Downloads\FRST64.exe
2014-07-15 14:45 - 2012-10-16 10:42 - 00001154 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 14:35 - 2012-09-01 01:16 - 00000978 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 13:22 - 2012-10-18 15:42 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\vlc
2014-07-15 11:48 - 2014-03-04 11:37 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSabrisch
2014-07-15 11:48 - 2012-10-16 10:50 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-07-15 11:47 - 2013-04-09 10:09 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED. txt
2014-07-15 11:46 - 2012-10-16 10:47 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\HpUpdate
2014-07-15 11:46 - 2012-10-16 10:47 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\HP Support Assistant
2014-07-14 16:43 - 2012-10-15 20:01 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronizatio n-{96A67313-8CB2-4AA8-9EE8-A6DAFB473406}
2014-07-14 10:11 - 2012-10-16 10:58 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\SoftGrid Client
2014-07-11 09:06 - 2012-10-16 12:23 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\FileZilla
2014-07-11 08:52 - 2014-07-11 08:52 - 04996210 _____ (Tim Kosse) C:\Users\Sabrisch\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-07-11 08:52 - 2013-10-01 08:18 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-11 08:52 - 2012-11-27 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-10 17:16 - 2012-10-18 12:55 - 00044032 _____ () C:\Users\Sabrisch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-10 15:57 - 2012-10-18 12:45 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-10 15:54 - 2013-09-30 10:57 - 00000000 ____D () C:\Users\Sabrisch\Documents\Sceluq
2014-07-09 08:35 - 2012-09-01 01:16 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 08:35 - 2012-09-01 01:16 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 08:35 - 2012-09-01 01:16 - 00003916 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 08:14 - 2014-07-09 08:14 - 01348263 _____ () C:\Users\Sabrisch\Downloads\AdwCleaner.exe
2014-07-06 20:36 - 2014-07-06 20:33 - 00035674 _____ () C:\Users\Sabrisch\Downloads\Addition.txt
2014-07-06 19:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-06 12:58 - 2012-10-15 20:01 - 00001395 _____ () C:\Users\Sabrisch\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Internet Explorer.lnk
2014-07-06 12:56 - 2009-07-14 06:45 - 00440776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-06 12:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-07-06 11:10 - 2013-10-03 10:51 - 00000000 ____D () C:\windows\system32\MRT
2014-07-06 11:08 - 2014-07-06 11:01 - 00011524 _____ () C:\windows\IE11_main.log
2014-07-06 11:03 - 2014-07-06 11:03 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-06 11:03 - 2014-07-06 11:03 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-06 11:03 - 2014-07-06 11:03 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-06 11:03 - 2014-07-06 11:03 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-06 11:03 - 2014-07-06 11:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-06 11:03 - 2014-07-06 11:03 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-07-06 11:03 - 2014-07-06 11:03 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-06 11:03 - 2014-07-06 11:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-07-06 11:03 - 2014-07-06 11:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-07-06 11:03 - 2014-07-06 11:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-07-06 11:02 - 2014-07-06 11:02 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-07-06 11:01 - 2014-07-06 11:01 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-07-06 11:01 - 2014-07-06 11:01 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-07-04 16:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 16:22 - 2012-10-19 08:57 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 16:22 - 2012-10-19 08:57 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\Malwarebytes
2014-07-04 16:22 - 2012-10-19 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 16:22 - 2012-10-19 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-04 15:43 - 2014-07-04 15:38 - 27663244 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.wmv
2014-06-30 11:02 - 2013-03-05 11:44 - 00000000 ____D () C:\Users\Sabrisch\Desktop\temp
2014-06-24 11:08 - 2013-01-18 13:44 - 00026624 _____ () C:\Users\Sabrisch\Documents\Compagni bimbi.xls
2014-06-23 11:00 - 2012-10-16 20:12 - 00000000 ____D () C:\Users\Sabrisch\Documents\Foto
2014-06-22 08:40 - 2012-10-16 10:42 - 00004150 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineU A
2014-06-22 08:40 - 2012-10-16 10:41 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2014-06-17 14:01 - 2012-10-16 21:06 - 00000000 ____D () C:\windows\System32\Tasks\Games

Some content of TEMP:
====================
C:\Users\Sabrisch\AppData\Local\Temp\Quarantine.ex e


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-11 11:17

==================== End Of Log ============================

---------- Post Unito alle 22: 35 ----------

Dopo queste procedure ho riavviato clamwin, ma purtroppo mi ha segnalato sempre la presenza del virus + un altro, ma non riesco a salvare il log dell'antivirus. :shock, nel frattempo non ho né installato sw né usato chiavette o navigato.

Spero di aver seguito correttamente le tue indicazioni :boh, ti ringrazio per l'aiuto e aspetto tue istruzioni :bai

Clairvoyant
16-07-14, 00: 40
Ciao meringa,

hai seguito tutto correttamente e quello che avevo visto da rimuovere è andato.:hap

Per quanto riguarda Clamwin, a questo punto non vorrei fosse un falso positivo, a meno che non mi sia sfuggito qualcosa.
Non so di preciso dove Clamwin salvi i report ma dovrebbe essere in C:\ProgramData\.clamwin\log\ o qualcosa di simile.
Comunque il problema dei report non salvati sembra non sia una rarità con quel programma sui sistemi 64 bit.
Prova a vedere se trovi qualcosa nella cartella che ti ho indicato (o similare), o nel caso e se riesci posta uno screenshot.

A questo punto direi di fare una scansione online con ESET, però attenzione che ci potrebbe volere un pò e nel mentre sarebbe bene non usare il computer.

Disattiva tutte le protezioni in tempo reale, vai a questa (http://www.eset.com/int/home//products/online-scanner/) pagina utilizzando IE e clicca sul pulsante Run ESET Online Scanner. Dopodichè:


Spunta la casella accanto a YES per accettare i termini di utilizzo e clicca sul pulsante Start
Quando richiesto, consenti l'installazione del controllo ActiveX per l'installazione
clicca su Advanced Settings
Verifica che l'opzione Remove found threats sia deselezionata
Seleziona queste opzioni:



Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Fare clic su Start
Attendi il termine della scansione
Se vengono individuate minacce, clicca su List of found threats, e poi su Export to text file....
Salva il file sul desktop e copia e incolla i risultati del log nel prossimo post, ed eventualmente anche log/screenshot di ClamWin.

:bai

meringa
16-07-14, 21: 57
OK, trovato :sisi

non riesco a postarlo per intero, sono 499 pagine perché su molti file mi dà il messaggio "permission denied", perciò ti indico solo le segnalazioni dei virus:

C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Power2Go.msi: Win.Worm.Palevo-4055 FOUND
C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Power2Go.msi: Removed.

C:\Program Files (x86)\Pinnacle\Studio 15\Bin\amcap.exe: Win.Trojan.Agent-552268 FOUND
C:\Program Files (x86)\Pinnacle\Studio 15\Bin\amcap.exe: Removed.

C:\Users\Sabrisch\AppData\Local\Temp\.Net 3.51 SP1\WindowsXP-KB942288-v3-x86.exe: Win.Trojan.11453783 FOUND
C:\Windows\Installer\269b2c.msi: Win.Worm.Palevo-4055 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3499748
Engine version: 0.98.1
Scanned directories: 40361
Scanned files: 336370
Infected files: 4
Total errors: 35
Data scanned: 163374.34 MB
Data read: 460778.96 MB (ratio 0.35:1)
Time: 22940.990 sec (382 m 20 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe: [Win.Worm.Whiteice-17] FALSE POSITIVE FOUND
Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/


questo invece è il log della scansione in rete, solo uno

Che ne pensi? :m:

:bai:

---------- Post Unito alle 21: 58 ----------

C:\FRST\Quarantine\C\Users\Sabrisch\AppData\Local\ Temp\ICReinstall_DownloadManagerSetup.exe.xBAD a variant of Win32/InstallCore.BB potentially unwanted application

Clairvoyant
16-07-14, 22: 43
Ciao meringa :hap

Quello rilevato da ESET lo avevamo rimosso prima con FRST, dove è messo adesso non fa danno.
Per gli altri 2 rilevati da ClamWin,


C:\Users\Sabrisch\AppData\Local\Temp\.Net 3.51 SP1\WindowsXP-KB942288-v3-x86.exe
C:\Windows\Installer\269b2c.msi


a questo punto direi che sono falsi positivi.

Per toglierci il dubbio non ci resta che caricarli su VirusTotal (https://www.virustotal.com/ro/) e vedere cosa viene fuori (per dubbi sull'utilizzo vds. post #11 (http://www.collectiontricks.it/forum/security/Ct5810-win-worm-palevo-4055-a/index2.html#post204884)).
Fammi sapere.

:bai

meringa
19-07-14, 17: 24
Per il primo VirusInstaller lo ha segnalato OK ma il secondo non riesco a trovarlo nel PC :boh

:m:

che ne pensi? :bai

Clairvoyant
20-07-14, 11: 52
Uhm, per il primo direi che siamo a posto, per il secondo direi di provare a cercarlo per vedere se è effettivamente sparito.


Lancia FRST
Nel campo vuoto copiaincolla *269b2c*
Clicca su Search Files


Al termine della scansione si aprirà il log Search.txt, se il file esiste ancora da lì potrai vedere dov'è e poi caricarlo su VirusTotal.
Se nel log compaiono più risultati posta il contenuto del log.

:bai

meringa
20-07-14, 20: 14
Non trova il file neanche FRST :nono... scusa l'ignoranza :leg1: potresti spiegarmi la funzione "fix" di FRST? :thx: :bai

Clairvoyant
20-07-14, 22: 46
Ciao meringa.

Se FRST non lo trova, vuol dire che quel file è in qualche modo sparito.:hap

Per rispondere brevemente e per forza di cose non esaustivamente alla tua domanda, il pulsante Fix serve per eseguire il file Fixlist.txt che va compilato ogni volta a seconda di quello che bisogna trattare, altrimenti di per sè non fa nulla.
Con le istruzioni scritte in quel file puoi fare un buon numero di azioni, del tipo eliminare file o cartelle, agire su servizi e driver, ripristinare file etc.

Se ti interessa approfondire l'argomento ti rimando qui (http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/), dove c'è un tutorial operativo per FRST, che però è in inglese.
Altrimenti devi aspettare (spero non molto :tong2) che finisca di lavorare sulla traduzione italiana autorizzata sulla quale sto già lavorando da un pò.

Tornando al tuo problema di malware, il computer direi che è pulito.
Ti consiglierei però di non fare troppo affidamento su ClamWin, ed a dirla tutta potresti anche non usarlo.
Se la tua versione di Malwarebytes è la pro con licenza dovrebbe bastare quello sul tuo sistema, anche se io sono di altre vedute.

Se invece è la free, allora ti consiglierei di andare su una configurazione tipo Antivir/Avast Free + Comodo/Online Armor e tenere MBAM free come scanner on demand.

Fammi sapere a proposito della versione di MBAM e se riscontri altri problemi.

:bai

meringa
21-07-14, 19: 28
Grazie di tutto :thx sei stato veramente molto gentile :bai