Pagina 2 di 3 PrimoPrimo 123 UltimoUltimo
Mostra risultati da 11 a 20 di 22

Discussione: win.worm.palevo-4055

  1. #11
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: win.worm.palevo-4055

    Ciao meringa

    Scarica il file fixlist.txt e salvalo nella stessa cartella dove hai salvato FRST, poi lancia FRST e clicca sul pulsante Fix.
    Quando la scansione sarà terminata comparirà il log Fixlog.txt, copiaincolla i contenuti nel tuo prossimo post.

    Poi avrei qualche domanda e servirebbero un paio di scansioni online.
    1. Sei in LAN e/o conosci il computer MALON-2CB9A4D2A?
    2. Sai cos'è F:\DVAP.exe presente su una chiavetta USB?
    3. Il filmato che FB rilevava come infetto è uno di questi?

      2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.cos2
      2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Calper Filmato 1.cos2

    Se i filmati sono quelli, caricali su VirusTotal e vediamo se viene rilevato qualcosa.
    Se non sono quelli ma hai ancora quello rilevato come infetto, idem, e stesso discorso per il file DVAP.exe, a meno che tu non sappia cosa sia.
    Fammi sapere se vengono rilevati come infetti e nel caso posta i link che troverai nella barra degli indirizzi delle pagine dei report.

    Qualora servisse, per fare l'upload su VirusTotal dei file in questione devi cliccare su Choose File, scegliere il file da scansionare e infine cliccare su Scan It!.


    Rispondi citando Rispondi citando

  2. # ADS
    Google Adsense Circuito Adsense
    Data registrazione
    da sempre
    Messaggi
    molti
     
  3. #12
    Data registrazione
    Apr 2012
    Messaggi
    47
    Grazie dati 
    10
    Grazie ricevuti 
    3
    Ringraziato in
    2 post

    Riferimento: win.worm.palevo-4055

    Citazione Originariamente scritto da Clairvoyant Vedi messaggio
    Ciao meringa

    Scarica il file fixlist.txt e salvalo nella stessa cartella dove hai salvato FRST, poi lancia FRST e clicca sul pulsante Fix.
    Quando la scansione sarà terminata comparirà il log Fixlog.txt, copiaincolla i contenuti nel tuo prossimo post.

    Ecco il risultato:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
    Ran by Sabrisch at 2014-07-11 10:53:36 Run:1
    Running from C:\Users\Sabrisch\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Folder: C:\Users\Sabrisch\Downloads\Downloader
    Folder: C:\Users\Sabrisch\Documents\Updater
    *****************


    ========================= Folder: C:\Users\Sabrisch\Downloads\Downloader ========================

    The path is not a directory.

    ========================= Folder: C:\Users\Sabrisch\Documents\Updater ========================


    ====== End of Folder: ======


    ==== End of Fixlog ====



    Poi avrei qualche domanda e servirebbero un paio di scansioni online.
    1. Sei in LAN e/o conosci il computer MALON-2CB9A4D2A?
      è un PC che era in rete, ma adesso non riesco più ad accedere, comunque non è importante
    2. Sai cos'è F:\DVAP.exe presente su una chiavetta USB?
    3. Il filmato che FB rilevava come infetto è uno di questi?

      2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.cos2
      2014-07-04 19:35 - 2014-07-04 19:35 - 00006844 _____ () C:\Users\Sabrisch\Desktop\Calper Filmato 1.cos2

    Se i filmati sono quelli, caricali su VirusTotal e vediamo se viene rilevato qualcosa.
    Se non sono quelli ma hai ancora quello rilevato come infetto, idem, e stesso discorso per il file DVAP.exe, a meno che tu non sappia cosa sia.
    Fammi sapere se vengono rilevati come infetti e nel caso posta i link che troverai nella barra degli indirizzi delle pagine dei report.

    La chiavetta ho appurato essere infetta, i video venivano da lì, colpa mia troppo superficiale in realtà non mi servono quindi se li cancellassi?

    Qualora servisse, per fare l'upload su VirusTotal dei file in questione devi cliccare su Choose File, scegliere il file da scansionare e infine cliccare su Scan It!.


    e per il tuo aiuto

    Rispondi citando Rispondi citando

  4. #13
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: win.worm.palevo-4055

    Ciao meringa

    Avevo chiesto se conoscevi quel computer perchè se non fosse stato in LAN non sarebbe stato bello.
    Cancella pure quei file e magari fai una scansione alla chiavetta, poi diamo una pulita al resto. E' robetta ma intanto che ci siamo togliamola.

    Prima di effettuare le operazioni sotto riportate, ricordati di tenere la protezione in tempo reale di Malwarebytes Antimalware disattivata.

    1- Fix con FRST

    1. Scarica il file fixlist.txt
    2. Lancia FRST
    3. Clicca su Fix

    Una volta terminato comparirà il log, chiudilo e chiudi anche FRST.

    2- Fix con AdwCleaner

    1. Chiudi tutti programmi aperti, compresi i browser internet
    2. Click Dx sull'icona di AdwCleaner => Esegui come Amministratore
    3. Clicca sul pulsante Scansiona ed attendi
    4. Clicca sul pulsante Pulisci

    Una volta terminata la scansione, riavvia il computer se richiesto.


    3- Fix con JRT

    1. Scarica JRT
    2. Chiudi tutti programmi aperti, compresi i browser internet
    3. Click Dx sull'icona di JRT => Esegui come Amministratore
    4. Quando comparirà la schermata nera del prompt, premi un tasto per continuare
    5. Attendi che la scansione termini

    Al termine esegui ancora una scansione con FRST, poi nella risposta copiaincolla (senza usare i box quote, code o altro) il contenuto dei seguenti log:

    1. Fixlog.txt
    2. C:\AdwCleaner[S#].txt
    3. JRT.txt
    4. FRST.log


    Ciao

    Rispondi citando Rispondi citando

  5. #14
    Data registrazione
    Apr 2012
    Messaggi
    47
    Grazie dati 
    10
    Grazie ricevuti 
    3
    Ringraziato in
    2 post

    Riferimento: win.worm.palevo-4055

    Fixlog.txt
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
    Ran by Sabrisch at 2014-07-15 14:52:09 Run:2
    Running from C:\Users\Sabrisch\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    2014-07-02 10:48 - 2014-07-02 10:48 - 00110697 _____ () C:\Users\Sabrisch\Downloads\Downloader
    C:\Users\Sabrisch\AppData\Local\Temp\ICReinstall_D ownloadManagerSetup.exe
    C:\Users\Sabrisch\AppData\Local\Temp\sp58915.exe
    C:\Users\Sabrisch\AppData\Local\Temp\uninstall.exe
    C:\Users\Sabrisch\AppData\Local\Temp\UninstallHPSA .exe
    C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.5-win32.exe
    C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.6-win32.exe
    C:\Users\Sabrisch\AppData\Local\Temp\Welcome.exe
    C:\Users\Sabrisch\AppData\Local\Temp\_is1DCC.exe
    C:\Users\Sabrisch\AppData\Local\Temp\_is4A2C.exe
    C:\Users\Sabrisch\AppData\Local\Temp\_is782E.exe
    C:\Users\Sabrisch\AppData\Local\Temp\_is8371.exe
    C:\Users\Sabrisch\AppData\Local\Temp\_isF0D.exe


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\\ => value deleted successfully.
    'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
    'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
    'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
    'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
    'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
    'HKCR\PROTOCOLS\Filter\text/xml' => Key deleted successfully.
    'HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}'=> Key not found.
    C:\Users\Sabrisch\Downloads\Downloader => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\ICReinstall_D ownloadManagerSetup.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\sp58915.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\uninstall.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\UninstallHPSA .exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\vlc-2.0.6-win32.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\Welcome.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\_is1DCC.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\_is4A2C.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\_is782E.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\_is8371.exe => Moved successfully.
    C:\Users\Sabrisch\AppData\Local\Temp\_isF0D.exe => Moved successfully.

    ==== End of Fixlog ====

    ---------- Post Unito alle 22: 28 ----------

    AdwCleaner
    # AdwCleaner v3.215 - Rapporto creato 15/07/2014 in 14:54:53
    # Aggiornato 09/07/2014 di Xplode
    # Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nome utente : Sabrisch - SABRISCH-HP
    # In esecuzione da : C:\Users\Sabrisch\Downloads\AdwCleaner.exe
    # Opzione : Pulisci

    ***** [ Servizi ] *****


    ***** [ File / Cartelle ] *****

    Cartella Eliminato : C:\Users\Sabrisch\Documents\Updater

    ***** [ Collegamenti ] *****


    ***** [ Registro ] *****

    Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r
    Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r.1
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI 32
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMAN CS
    Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Chiave Eliminati : HKCU\Software\Myfree Codec
    Chiave Eliminati : HKLM\Software\Myfree Codec

    ***** [ Browser ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Google Chrome v35.0.1916.153

    [ File : C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3698 octets] - [09/07/2014 08:18:54]
    AdwCleaner[R1].txt - [3231 octets] - [15/07/2014 14:54:11]
    AdwCleaner[S0].txt - [2896 octets] - [15/07/2014 14:54:53]

    ---------- Post Unito alle 22: 28 ----------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Sabrisch on 15/07/2014 at 15:00:20,44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



    ~~~ Event Viewer Logs were cleared

    ---------- Post Unito alle 22: 28 ----------

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
    Ran by Sabrisch (administrator) on SABRISCH-HP on 15-07-2014 15:09:54
    Running from C:\Users\Sabrisch\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSy ncCalReminderApp.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
    () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    () Q:\140066.ita\Office14\WINWORDC.EXE
    () Q:\140066.ita\Office14\OffSpon.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-21] ()
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [613384 2013-12-20] (EasyBits Software AS)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
    HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-01-26] (alch)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe " Update [21720 2014-07-08] (Hewlett-Packard)
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\system: [DisableChangePassword] 0
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-966107191-3705874800-198757279-1001\...\MountPoints2: {1661b105-3b00-11e2-ac9f-806e6f6e6963} - F:\DVAP.exe
    Startup: C:\Users\Sabrisch\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/servizi/fastmail/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/23
    SearchScopes: HKLM - {54DFE05D-0C1C-4CF3-A4E7-3C25BC2872A2} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/724-111084-4166-2/4?mpre=http://www.ebay.it/sch/i.html?_nkw={searchTerms}
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll (Hewlett-Packard)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll (Hewlett-Packard)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-02] ()
    ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-02] ()
    Tcpip\Parameters: [DhcpNameServer] 62.101.93.101 83.103.25.250

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp .dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage:
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Pepp erFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGo ogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf. dll ()
    CHR Plugin: (Norton Confidential) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2012.5.0.140_0\npcoplgn.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2012-10-16]
    CHR Extension: (Ricerca Google) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2012-10-16]
    CHR Extension: (Leopard) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\godonogejncfejlhhgapgnceno ipjbji [2012-10-16]
    CHR Extension: (Google Wallet) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Users\Sabrisch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2012-10-16]

    ==================== Services (Whitelisted) =================

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-10-19] (Adobe Systems) [File not signed]
    R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.ex e [16384 2011-08-16] (Hewlett-Packard) [File not signed]
    R2 ezSharedSvc; C:\windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-15 15:07 - 2014-07-15 15:07 - 00000993 _____ () C:\Users\Sabrisch\Desktop\JRT.txt
    2014-07-15 15:00 - 2014-07-15 15:00 - 00000000 ____D () C:\windows\ERUNT
    2014-07-15 14:58 - 2014-07-15 14:59 - 01016261 _____ (Thisisu) C:\Users\Sabrisch\Downloads\JRT.exe
    2014-07-11 10:53 - 2014-07-15 14:50 - 00000000 ____D () C:\Users\Sabrisch\Downloads\FRST-OlderVersion
    2014-07-11 08:52 - 2014-07-11 08:52 - 04996210 _____ (Tim Kosse) C:\Users\Sabrisch\Downloads\FileZilla_3.8.1_win32-setup.exe
    2014-07-09 08:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
    2014-07-09 08:18 - 2014-07-15 14:55 - 00000000 ____D () C:\AdwCleaner
    2014-07-09 08:14 - 2014-07-09 08:14 - 01348263 _____ () C:\Users\Sabrisch\Downloads\AdwCleaner.exe
    2014-07-06 20:33 - 2014-07-15 15:09 - 00015408 _____ () C:\Users\Sabrisch\Downloads\FRST.txt
    2014-07-06 20:33 - 2014-07-15 15:09 - 00000000 ____D () C:\FRST
    2014-07-06 20:33 - 2014-07-06 20:36 - 00035674 _____ () C:\Users\Sabrisch\Downloads\Addition.txt
    2014-07-06 20:32 - 2014-07-15 14:50 - 02086912 _____ (Farbar) C:\Users\Sabrisch\Downloads\FRST64.exe
    2014-07-06 11:08 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
    2014-07-06 11:03 - 2014-07-06 11:03 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-07-06 11:03 - 2014-07-06 11:03 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-07-06 11:03 - 2014-07-06 11:03 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-07-06 11:03 - 2014-07-06 11:03 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
    2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
    2014-07-06 11:03 - 2014-07-06 11:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-07-06 11:03 - 2014-07-06 11:03 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-07-06 11:03 - 2014-07-06 11:03 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-07-06 11:03 - 2014-07-06 11:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2014-07-06 11:01 - 2014-07-06 11:08 - 00011524 _____ () C:\windows\IE11_main.log
    2014-07-06 11:01 - 2014-07-06 11:01 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
    2014-07-06 11:01 - 2014-07-06 11:01 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
    2014-07-06 10:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-07-06 10:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2014-07-06 10:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-07-06 10:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
    2014-07-06 10:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2014-07-06 10:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-07-06 10:52 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-07-06 10:52 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-07-06 10:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
    2014-07-06 10:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2014-07-06 10:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2014-07-06 10:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-07-06 10:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
    2014-07-06 10:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-07-06 10:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2014-07-06 10:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2014-07-06 10:51 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-07-06 10:51 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2014-07-06 10:51 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2014-07-06 10:51 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2014-07-06 10:51 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2014-07-06 10:51 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2014-07-06 10:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-07-06 10:51 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-07-06 10:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-07-06 10:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-07-06 10:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
    2014-07-06 10:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-07-06 10:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
    2014-07-06 10:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-07-06 10:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
    2014-07-06 10:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-07-06 10:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
    2014-07-06 10:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-07-06 10:51 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-07-06 10:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2014-07-06 10:51 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
    2014-07-06 10:51 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-07-06 10:51 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2014-07-06 10:51 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2014-07-06 10:51 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2014-07-06 10:51 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2014-07-06 10:51 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2014-07-06 10:51 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2014-07-06 10:51 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2014-07-06 10:51 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-07-06 10:51 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2014-07-06 10:51 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2014-07-06 10:51 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2014-07-06 10:51 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2014-07-06 10:51 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2014-07-04 16:22 - 2014-07-15 14:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-04 16:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-07-04 16:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-07-04 15:38 - 2014-07-04 15:43 - 27663244 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.wmv

    ==================== One Month Modified Files and Folders =======

    2014-07-15 15:10 - 2014-07-06 20:33 - 00015408 _____ () C:\Users\Sabrisch\Downloads\FRST.txt
    2014-07-15 15:09 - 2014-07-06 20:33 - 00000000 ____D () C:\FRST
    2014-07-15 15:07 - 2014-07-15 15:07 - 00000993 _____ () C:\Users\Sabrisch\Desktop\JRT.txt
    2014-07-15 15:03 - 2009-07-14 06:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-15 15:03 - 2009-07-14 06:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-15 15:00 - 2014-07-15 15:00 - 00000000 ____D () C:\windows\ERUNT
    2014-07-15 15:00 - 2012-09-01 00:44 - 00739448 _____ () C:\windows\system32\perfh010.dat
    2014-07-15 15:00 - 2012-09-01 00:44 - 00146262 _____ () C:\windows\system32\perfc010.dat
    2014-07-15 15:00 - 2009-07-14 07:13 - 01655254 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-07-15 14:59 - 2014-07-15 14:58 - 01016261 _____ (Thisisu) C:\Users\Sabrisch\Downloads\JRT.exe
    2014-07-15 14:59 - 2012-10-15 19:56 - 01574232 _____ () C:\windows\WindowsUpdate.log
    2014-07-15 14:56 - 2014-07-04 16:22 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-15 14:56 - 2014-03-04 11:37 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForSabrisch.job
    2014-07-15 14:56 - 2012-10-16 10:41 - 00001150 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-15 14:56 - 2012-09-01 01:22 - 00000000 ____D () C:\ProgramData\PDFC
    2014-07-15 14:56 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-07-15 14:55 - 2014-07-09 08:18 - 00000000 ____D () C:\AdwCleaner
    2014-07-15 14:55 - 2010-11-21 05:47 - 00492908 _____ () C:\windows\PFRO.log
    2014-07-15 14:55 - 2009-07-14 06:51 - 00144621 _____ () C:\windows\setupact.log
    2014-07-15 14:50 - 2014-07-11 10:53 - 00000000 ____D () C:\Users\Sabrisch\Downloads\FRST-OlderVersion
    2014-07-15 14:50 - 2014-07-06 20:32 - 02086912 _____ (Farbar) C:\Users\Sabrisch\Downloads\FRST64.exe
    2014-07-15 14:45 - 2012-10-16 10:42 - 00001154 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-15 14:35 - 2012-09-01 01:16 - 00000978 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-07-15 13:22 - 2012-10-18 15:42 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\vlc
    2014-07-15 11:48 - 2014-03-04 11:37 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSabrisch
    2014-07-15 11:48 - 2012-10-16 10:50 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2014-07-15 11:47 - 2013-04-09 10:09 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED. txt
    2014-07-15 11:46 - 2012-10-16 10:47 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\HpUpdate
    2014-07-15 11:46 - 2012-10-16 10:47 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\HP Support Assistant
    2014-07-14 16:43 - 2012-10-15 20:01 - 00003970 _____ () C:\windows\System32\Tasks\User_Feed_Synchronizatio n-{96A67313-8CB2-4AA8-9EE8-A6DAFB473406}
    2014-07-14 10:11 - 2012-10-16 10:58 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\SoftGrid Client
    2014-07-11 09:06 - 2012-10-16 12:23 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\FileZilla
    2014-07-11 08:52 - 2014-07-11 08:52 - 04996210 _____ (Tim Kosse) C:\Users\Sabrisch\Downloads\FileZilla_3.8.1_win32-setup.exe
    2014-07-11 08:52 - 2013-10-01 08:18 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
    2014-07-11 08:52 - 2012-11-27 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2014-07-10 17:16 - 2012-10-18 12:55 - 00044032 _____ () C:\Users\Sabrisch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-10 15:57 - 2012-10-18 12:45 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2014-07-10 15:54 - 2013-09-30 10:57 - 00000000 ____D () C:\Users\Sabrisch\Documents\Sceluq
    2014-07-09 08:35 - 2012-09-01 01:16 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-07-09 08:35 - 2012-09-01 01:16 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-09 08:35 - 2012-09-01 01:16 - 00003916 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-09 08:14 - 2014-07-09 08:14 - 01348263 _____ () C:\Users\Sabrisch\Downloads\AdwCleaner.exe
    2014-07-06 20:36 - 2014-07-06 20:33 - 00035674 _____ () C:\Users\Sabrisch\Downloads\Addition.txt
    2014-07-06 19:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
    2014-07-06 12:58 - 2012-10-15 20:01 - 00001395 _____ () C:\Users\Sabrisch\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Internet Explorer.lnk
    2014-07-06 12:56 - 2009-07-14 06:45 - 00440776 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-07-06 12:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-07-06 11:10 - 2013-10-03 10:51 - 00000000 ____D () C:\windows\system32\MRT
    2014-07-06 11:08 - 2014-07-06 11:01 - 00011524 _____ () C:\windows\IE11_main.log
    2014-07-06 11:03 - 2014-07-06 11:03 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-07-06 11:03 - 2014-07-06 11:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-07-06 11:03 - 2014-07-06 11:03 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-07-06 11:03 - 2014-07-06 11:03 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-07-06 11:03 - 2014-07-06 11:03 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
    2014-07-06 11:03 - 2014-07-06 11:03 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
    2014-07-06 11:03 - 2014-07-06 11:03 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-07-06 11:03 - 2014-07-06 11:03 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-07-06 11:03 - 2014-07-06 11:03 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00266456 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00240856 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2014-07-06 11:03 - 2014-07-06 11:03 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2014-07-06 11:03 - 2014-07-06 11:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
    2014-07-06 11:03 - 2014-07-06 11:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2014-07-06 11:02 - 2014-07-06 11:02 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2014-07-06 11:01 - 2014-07-06 11:01 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
    2014-07-06 11:01 - 2014-07-06 11:01 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
    2014-07-04 16:26 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-04 16:22 - 2014-07-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-04 16:22 - 2012-10-19 08:57 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-04 16:22 - 2012-10-19 08:57 - 00000000 ____D () C:\Users\Sabrisch\AppData\Roaming\Malwarebytes
    2014-07-04 16:22 - 2012-10-19 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-04 16:22 - 2012-10-19 08:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-07-04 15:43 - 2014-07-04 15:38 - 27663244 _____ () C:\Users\Sabrisch\Desktop\Sfilata by Carmen.wmv
    2014-06-30 11:02 - 2013-03-05 11:44 - 00000000 ____D () C:\Users\Sabrisch\Desktop\temp
    2014-06-24 11:08 - 2013-01-18 13:44 - 00026624 _____ () C:\Users\Sabrisch\Documents\Compagni bimbi.xls
    2014-06-23 11:00 - 2012-10-16 20:12 - 00000000 ____D () C:\Users\Sabrisch\Documents\Foto
    2014-06-22 08:40 - 2012-10-16 10:42 - 00004150 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineU A
    2014-06-22 08:40 - 2012-10-16 10:41 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineC ore
    2014-06-17 14:01 - 2012-10-16 21:06 - 00000000 ____D () C:\windows\System32\Tasks\Games

    Some content of TEMP:
    ====================
    C:\Users\Sabrisch\AppData\Local\Temp\Quarantine.ex e


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-11 11:17

    ==================== End Of Log ============================

    ---------- Post Unito alle 22: 35 ----------

    Dopo queste procedure ho riavviato clamwin, ma purtroppo mi ha segnalato sempre la presenza del virus + un altro, ma non riesco a salvare il log dell'antivirus. , nel frattempo non ho né installato sw né usato chiavette o navigato.

    Spero di aver seguito correttamente le tue indicazioni , ti ringrazio per l'aiuto e aspetto tue istruzioni

    Rispondi citando Rispondi citando

  6. #15
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: win.worm.palevo-4055

    Ciao meringa,

    hai seguito tutto correttamente e quello che avevo visto da rimuovere è andato.

    Per quanto riguarda Clamwin, a questo punto non vorrei fosse un falso positivo, a meno che non mi sia sfuggito qualcosa.
    Non so di preciso dove Clamwin salvi i report ma dovrebbe essere in C:\ProgramData\.clamwin\log\ o qualcosa di simile.
    Comunque il problema dei report non salvati sembra non sia una rarità con quel programma sui sistemi 64 bit.
    Prova a vedere se trovi qualcosa nella cartella che ti ho indicato (o similare), o nel caso e se riesci posta uno screenshot.

    A questo punto direi di fare una scansione online con ESET, però attenzione che ci potrebbe volere un pò e nel mentre sarebbe bene non usare il computer.

    Disattiva tutte le protezioni in tempo reale, vai a questa pagina utilizzando IE e clicca sul pulsante Run ESET Online Scanner. Dopodichè:

    1. Spunta la casella accanto a YES per accettare i termini di utilizzo e clicca sul pulsante Start
    2. Quando richiesto, consenti l'installazione del controllo ActiveX per l'installazione
    3. clicca su Advanced Settings
    4. Verifica che l'opzione Remove found threats sia deselezionata
    5. Seleziona queste opzioni:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology

    6. Fare clic su Start
    7. Attendi il termine della scansione

    Se vengono individuate minacce, clicca su List of found threats, e poi su Export to text file....
    Salva il file sul desktop e copia e incolla i risultati del log nel prossimo post, ed eventualmente anche log/screenshot di ClamWin.


    Rispondi citando Rispondi citando

  7. #16
    Data registrazione
    Apr 2012
    Messaggi
    47
    Grazie dati 
    10
    Grazie ricevuti 
    3
    Ringraziato in
    2 post

    Riferimento: win.worm.palevo-4055

    OK, trovato

    non riesco a postarlo per intero, sono 499 pagine perché su molti file mi dà il messaggio "permission denied", perciò ti indico solo le segnalazioni dei virus:

    C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Power2Go.msi: Win.Worm.Palevo-4055 FOUND
    C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Power2Go.msi: Removed.

    C:\Program Files (x86)\Pinnacle\Studio 15\Bin\amcap.exe: Win.Trojan.Agent-552268 FOUND
    C:\Program Files (x86)\Pinnacle\Studio 15\Bin\amcap.exe: Removed.

    C:\Users\Sabrisch\AppData\Local\Temp\.Net 3.51 SP1\WindowsXP-KB942288-v3-x86.exe: Win.Trojan.11453783 FOUND
    C:\Windows\Installer\269b2c.msi: Win.Worm.Palevo-4055 FOUND

    ----------- SCAN SUMMARY -----------
    Known viruses: 3499748
    Engine version: 0.98.1
    Scanned directories: 40361
    Scanned files: 336370
    Infected files: 4
    Total errors: 35
    Data scanned: 163374.34 MB
    Data read: 460778.96 MB (ratio 0.35:1)
    Time: 22940.990 sec (382 m 20 s)

    The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:
    C:\Program Files (x86)\Windows Media Player\wmpconfig.exe: [Win.Worm.Whiteice-17] FALSE POSITIVE FOUND
    Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/


    questo invece è il log della scansione in rete, solo uno

    Che ne pensi?

    :

    ---------- Post Unito alle 21: 58 ----------

    C:\FRST\Quarantine\C\Users\Sabrisch\AppData\Local\ Temp\ICReinstall_DownloadManagerSetup.exe.xBAD a variant of Win32/InstallCore.BB potentially unwanted application

    Rispondi citando Rispondi citando

  8. #17
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: win.worm.palevo-4055

    Ciao meringa

    Quello rilevato da ESET lo avevamo rimosso prima con FRST, dove è messo adesso non fa danno.
    Per gli altri 2 rilevati da ClamWin,

    C:\Users\Sabrisch\AppData\Local\Temp\.Net 3.51 SP1\WindowsXP-KB942288-v3-x86.exe
    C:\Windows\Installer\269b2c.msi

    a questo punto direi che sono falsi positivi.

    Per toglierci il dubbio non ci resta che caricarli su VirusTotal e vedere cosa viene fuori (per dubbi sull'utilizzo vds. post #11).
    Fammi sapere.


    Rispondi citando Rispondi citando

  9. #18
    Data registrazione
    Apr 2012
    Messaggi
    47
    Grazie dati 
    10
    Grazie ricevuti 
    3
    Ringraziato in
    2 post

    Riferimento: win.worm.palevo-4055

    Per il primo VirusInstaller lo ha segnalato OK ma il secondo non riesco a trovarlo nel PC



    che ne pensi?

    Rispondi citando Rispondi citando

  10. #19
    Data registrazione
    Oct 2009
    Messaggi
    255
    Grazie dati 
    173
    Grazie ricevuti 
    259
    Ringraziato in
    141 post

    Riferimento: win.worm.palevo-4055

    Uhm, per il primo direi che siamo a posto, per il secondo direi di provare a cercarlo per vedere se è effettivamente sparito.

    1. Lancia FRST
    2. Nel campo vuoto copiaincolla *269b2c*
    3. Clicca su Search Files


    Al termine della scansione si aprirà il log Search.txt, se il file esiste ancora da lì potrai vedere dov'è e poi caricarlo su VirusTotal.
    Se nel log compaiono più risultati posta il contenuto del log.


    Rispondi citando Rispondi citando

  11. #20
    Data registrazione
    Apr 2012
    Messaggi
    47
    Grazie dati 
    10
    Grazie ricevuti 
    3
    Ringraziato in
    2 post

    Riferimento: win.worm.palevo-4055

    Non trova il file neanche FRST ... scusa l'ignoranza potresti spiegarmi la funzione "fix" di FRST? :

    Rispondi citando Rispondi citando

Segnalibri

Regole di scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  
Cookies:direttiva 2009/136/CE (E-Privacy)

Il sito utilizza cookies propri e di terze parti per maggiori informazioni faq - Termini di servizio - Cookies
Il forum non puo' funzionare senza l'uso dei cookies pertanto l'uso della community è vincolato dall'accettazione degli stessi, nel caso contrario siete pregati di lasciare la community, proseguendo la navigazione acconsenti all’uso dei cookie