Daten weg durch Viren?

Bootsektor · 25.04.2014, 22:39

Hallo Ak07,

kein Problem

Leider läuft das Teil schon wieder.... du hast das damals aus der Quarantäne nur gezippt und hochgeladen, oder?

Schritt 1
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Ak07 · 26.04.2014, 13:20

Hey ja hab gezippt und da Hochgeladen, aber glaub ich hab da Mist gemacht

, hatte die Zip Datei da auf dem Desktop gespeichert damit ichs schnell finde zum Hochladen

Kann sein das das deswegen wieder im Gange ist?

Oh man....
Mache Schritt 1 jetzt

Hey meinst du mit Entpacken die Datei die ich gezippt hab?,weil die hab ich nach dem hochladen gelöscht....
Also hab das Program jetzt durchlaufen lassen der hat aber nix gefunden:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Anna :: ANNA-PC [administrator]

26.04.2014 12:34:30
mbar-log-2014-04-26 (12-34-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 46627
Time elapsed: 32 minute(s), 59 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4060147712, free: 187801600

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4060147712, free: 178667520

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4060147712, free: 421605376

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4060147712, free: 370360320

Initializing...
======================
------------ Kernel report ------------
     04/26/2014 12:34:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80072f3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004a8a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80072f3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800719b9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80072f3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a86550, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004a8a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ED6495C

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 52428800

    Partition 1 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 52635648  Numsec = 390709248

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 443344896  Numsec = 533428272

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan Interrupted
Scan was aborted.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17041

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4060147712, free: 925265920

=======================================

Bootsektor · 27.04.2014, 00:25

Hallo Ak07,

ich möchte mir das von außen anschauen,

Schritt 1

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu und starte von der CD.
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Ak07 · 27.04.2014, 12:11

sooo hingekriegt :-)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-OQOIOB4 on 27-04-2014 13:02:53
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-05-04] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\Anna\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\Anna\...\Run: [Java TM Platform] => C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\New.Girl.S02E01.Penis.Party.GERMAN.DUBBED.WS.BDRip.XviD-TVP.exe [86985376 2014-04-14] ()

==================== Services (Whitelisted) =================

S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-03] (ASUS)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-01] ()
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-01] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 14:15 - 2014-04-27 02:55 - 00000224 _____ () C:\Windows\setupact.log
2014-04-26 14:15 - 2014-04-26 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-26 03:09 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-26 02:34 - 2014-04-26 03:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 02:29 - 2014-04-26 03:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-26 02:29 - 2014-04-26 03:07 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-04-26 02:27 - 2014-04-26 02:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1009.exe
2014-04-26 02:21 - 2014-04-26 02:21 - 00003288 ____N () C:\bootsqm.dat
2014-04-25 06:14 - 2014-04-25 06:16 - 00039068 _____ () C:\Users\Anna\Desktop\Addition.txt
2014-04-25 06:11 - 2014-04-25 06:16 - 00058549 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-04-25 06:11 - 2014-04-25 06:11 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion
2014-04-25 06:09 - 2014-04-25 06:16 - 00000000 ____D () C:\Users\Anna\Desktop\es
2014-04-25 02:54 - 2014-04-25 02:54 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2014-04-24 09:21 - 2014-04-24 09:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieUserList
2014-04-24 09:21 - 2014-04-24 09:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieSiteList
2014-04-24 04:12 - 2013-10-14 08:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2014-04-24 03:41 - 2014-04-24 03:41 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 03:41 - 2014-04-24 03:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-24 03:41 - 2014-04-24 03:41 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-24 03:41 - 2014-04-24 03:41 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 03:41 - 2014-04-24 03:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-24 03:41 - 2014-04-24 03:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2014-04-24 03:41 - 2014-04-24 03:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2014-04-24 03:41 - 2014-04-24 03:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-24 03:41 - 2014-04-24 03:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2014-04-24 03:41 - 2014-04-24 03:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-24 03:41 - 2014-04-24 03:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 _____ () C:\Windows\SysWOW64\shoE8D0.tmp
2014-04-16 01:24 - 2014-04-16 01:24 - 00000000 __SHD () C:\found.002
2014-04-14 11:52 - 2014-04-14 11:52 - 00000000 __SHD () C:\found.001
2014-04-14 11:29 - 2014-04-14 11:30 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Anna\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe
2014-04-14 11:18 - 2014-04-14 11:18 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-14 11:18 - 2014-04-14 11:18 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-14 11:17 - 2014-04-14 11:30 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\DVDVideoSoft
2014-04-14 04:43 - 2014-04-14 05:09 - 00002976 _____ () C:\Users\Anna\Desktop\unhide.txt
2014-04-14 04:42 - 2014-04-14 04:42 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\unhide.exe
2014-04-13 05:06 - 2014-04-13 05:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\{B95F153C-A7D7-4BE0-A08B-0ABBC892D529}
2014-04-13 05:02 - 2014-04-25 06:09 - 00000000 ____D () C:\Users\Anna\Desktop\muuu
2014-04-13 02:55 - 2014-04-13 02:55 - 00409600 _____ (Farbar) C:\Users\Anna\Desktop\FSS.exe
2014-04-11 02:12 - 2014-04-11 02:12 - 00000000 ____D () C:\Users\Anna\AppData\Local\{635CF1DD-FE37-49D4-99A1-B858CBD51089}
2014-04-11 01:15 - 2014-04-11 01:15 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-11 01:14 - 2014-04-11 01:14 - 01376768 _____ () C:\Users\Anna\Desktop\7z920-x64.msi
2014-04-10 13:24 - 2014-04-10 13:24 - 00001417 _____ () C:\Users\Anna\Desktop\ComboFix-quarantined-files.txt
2014-04-10 13:11 - 2014-04-10 13:12 - 01199544 _____ (1&1 Mail & Media GmbH) C:\Users\Anna\Downloads\GMX_IE_Setup.exe
2014-04-10 05:40 - 2014-04-10 05:40 - 00019203 _____ () C:\ComboFix.txt
2014-04-10 05:05 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-10 05:05 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-10 05:05 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-10 05:05 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-10 05:05 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-10 05:05 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-10 05:05 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-10 05:05 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-10 05:04 - 2014-04-10 05:41 - 00000000 ____D () C:\Qoobox
2014-04-10 05:03 - 2014-04-10 05:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 06:37 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-09 06:37 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-09 06:37 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-09 06:37 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-09 06:37 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 06:36 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-09 06:36 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-09 06:36 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-09 06:36 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-09 06:36 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-09 06:36 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 06:36 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 06:36 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 06:36 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 06:36 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 06:36 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 06:36 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-03 10:50 - 2014-04-25 06:11 - 02061312 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-04-03 10:35 - 2014-04-03 10:35 - 00000000 ____D () C:\Users\Anna\AppData\Local\{17A68000-8FE9-499C-A67D-7371B3881C94}
2014-04-02 11:37 - 2014-04-03 10:09 - 00000655 _____ () C:\BurnHelp.txt
2014-03-31 02:52 - 2014-03-06 03:04 - 00000000 ____D () C:\AdwCleaner
2014-03-31 02:33 - 2014-03-31 02:33 - 00003222 _____ () C:\Windows\System32\Tasks\{42ABA7E4-96EF-46F3-B170-F0513985B220}
2014-03-31 02:26 - 2014-03-31 02:26 - 00003118 _____ () C:\Windows\System32\Tasks\{D35A5BE4-6B85-4241-AFD3-A70AD99CBF2F}
2014-03-30 10:48 - 2014-04-27 13:02 - 00000000 ____D () C:\FRST
2014-03-30 10:31 - 2014-03-28 07:13 - 00054908 _____ () C:\Users\Anna\Downloads\The.Vampire.Diaries.S05E17.HDTV.x264-LOL.de.TV4User.srt
2014-03-30 10:29 - 2014-03-30 10:29 - 00022788 _____ () C:\Users\Anna\Downloads\The.Vampire.Diaries.S05E17.HDTV.x264-LOL.de.TV4User.rar
2014-03-30 10:25 - 2014-03-30 10:25 - 77410720 _____ (Landesfinanzdirektion Thüringen) C:\Users\Anna\Downloads\ElsterFormular-15.2.20140326p.exe
2014-03-30 08:56 - 2014-03-30 11:18 - 00000000 ____D () C:\Program Files\Recuva
2014-03-30 08:56 - 2014-03-30 08:56 - 00001660 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-30 03:41 - 2014-03-30 03:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\{BC74ABE7-D530-4549-AF4E-4F0EDA4E8A21}
2014-03-30 03:39 - 2014-03-30 03:39 - 00000000 ____D () C:\Program Files (x86)\Convar

==================== One Month Modified Files and Folders =======

2014-04-27 13:02 - 2014-03-30 10:48 - 00000000 ____D () C:\FRST
2014-04-27 02:59 - 2012-07-06 08:44 - 01403363 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 02:56 - 2012-10-19 10:03 - 00000387 _____ () C:\Users\Anna\AppData\Roaming\sp_data.sys
2014-04-27 02:56 - 2012-05-04 03:05 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 02:55 - 2014-04-26 14:15 - 00000224 _____ () C:\Windows\setupact.log
2014-04-27 02:55 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 02:27 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 02:27 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 02:25 - 2012-10-19 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 02:25 - 2012-05-04 03:05 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-26 14:45 - 2012-11-05 13:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\vlc
2014-04-26 14:45 - 2012-11-01 02:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\UseNeXT
2014-04-26 14:32 - 2012-11-01 02:01 - 00000000 ____D () C:\Users\Anna\Documents\UseNeXT
2014-04-26 14:15 - 2014-04-26 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-26 04:48 - 2009-07-28 22:03 - 00000000 ____D () C:\Windows\Panther
2014-04-26 03:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-04-26 03:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-04-26 03:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\he-IL
2014-04-26 03:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\ar-SA
2014-04-26 03:08 - 2014-04-26 02:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-26 03:07 - 2014-04-26 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 03:07 - 2014-04-26 02:29 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-04-26 02:29 - 2014-04-26 02:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1009.exe
2014-04-26 02:22 - 2009-07-13 21:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-26 02:21 - 2014-04-26 02:21 - 00003288 ____N () C:\bootsqm.dat
2014-04-25 06:16 - 2014-04-25 06:14 - 00039068 _____ () C:\Users\Anna\Desktop\Addition.txt
2014-04-25 06:16 - 2014-04-25 06:11 - 00058549 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-04-25 06:16 - 2014-04-25 06:09 - 00000000 ____D () C:\Users\Anna\Desktop\es
2014-04-25 06:11 - 2014-04-25 06:11 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion
2014-04-25 06:11 - 2014-04-03 10:50 - 02061312 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-04-25 06:09 - 2014-04-13 05:02 - 00000000 ____D () C:\Users\Anna\Desktop\muuu
2014-04-25 02:54 - 2014-04-25 02:54 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2014-04-24 09:21 - 2014-04-24 09:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieUserList
2014-04-24 09:21 - 2014-04-24 09:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieSiteList
2014-04-24 08:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-24 03:41 - 2014-04-24 03:41 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 03:41 - 2014-04-24 03:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-24 03:41 - 2014-04-24 03:41 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-24 03:41 - 2014-04-24 03:41 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-24 03:41 - 2014-04-24 03:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-24 03:41 - 2014-04-24 03:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2014-04-24 03:41 - 2014-04-24 03:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2014-04-24 03:41 - 2014-04-24 03:41 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-24 03:41 - 2014-04-24 03:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2014-04-24 03:41 - 2014-04-24 03:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-24 03:41 - 2014-04-24 03:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-24 03:41 - 2014-04-24 03:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-24 03:41 - 2014-04-24 03:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 _____ () C:\Windows\SysWOW64\shoE8D0.tmp
2014-04-23 09:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 09:14 - 2011-02-18 20:18 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-04-23 09:14 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\winrm
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\WCN
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\slmgr
2014-04-23 09:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\System32\Printing_Admin_Scripts
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-04-23 09:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\oobe
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\migwiz
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\com
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2014-04-23 09:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-23 09:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Setup
2014-04-23 09:10 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-04-23 09:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-16 01:24 - 2014-04-16 01:24 - 00000000 __SHD () C:\found.002
2014-04-14 11:55 - 2012-07-06 08:57 - 00002100 _____ () C:\Windows\System32\AutoRunFilter.ini
2014-04-14 11:55 - 2012-07-06 08:57 - 00001759 _____ () C:\Windows\System32\ServiceFilter.ini
2014-04-14 11:52 - 2014-04-14 11:52 - 00000000 __SHD () C:\found.001
2014-04-14 11:41 - 2012-11-09 08:45 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\SoftGrid Client
2014-04-14 11:30 - 2014-04-14 11:29 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Anna\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe
2014-04-14 11:30 - 2014-04-14 11:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\DVDVideoSoft
2014-04-14 11:18 - 2014-04-14 11:18 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-14 11:18 - 2014-04-14 11:18 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-14 05:09 - 2014-04-14 04:43 - 00002976 _____ () C:\Users\Anna\Desktop\unhide.txt
2014-04-14 04:43 - 2014-03-03 12:55 - 00000000 ____D () C:\Users\Anna\Desktop\Neuer Ordner
2014-04-14 04:42 - 2014-04-14 04:42 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\unhide.exe
2014-04-13 05:06 - 2014-04-13 05:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\{B95F153C-A7D7-4BE0-A08B-0ABBC892D529}
2014-04-13 05:02 - 2013-12-28 07:04 - 00000000 ____D () C:\Users\Anna\Desktop\Musik
2014-04-13 02:55 - 2014-04-13 02:55 - 00409600 _____ (Farbar) C:\Users\Anna\Desktop\FSS.exe
2014-04-11 02:12 - 2014-04-11 02:12 - 00000000 ____D () C:\Users\Anna\AppData\Local\{635CF1DD-FE37-49D4-99A1-B858CBD51089}
2014-04-11 01:15 - 2014-04-11 01:15 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-11 01:14 - 2014-04-11 01:14 - 01376768 _____ () C:\Users\Anna\Desktop\7z920-x64.msi
2014-04-10 13:24 - 2014-04-10 13:24 - 00001417 _____ () C:\Users\Anna\Desktop\ComboFix-quarantined-files.txt
2014-04-10 13:12 - 2014-04-10 13:11 - 01199544 _____ (1&1 Mail & Media GmbH) C:\Users\Anna\Downloads\GMX_IE_Setup.exe
2014-04-10 05:41 - 2014-04-10 05:04 - 00000000 ____D () C:\Qoobox
2014-04-10 05:41 - 2009-07-13 19:20 - 00000000 ___RD () C:\users\Default
2014-04-10 05:40 - 2014-04-10 05:40 - 00019203 _____ () C:\ComboFix.txt
2014-04-10 05:35 - 2014-04-10 05:03 - 00000000 ____D () C:\Windows\erdnt
2014-04-10 05:23 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-06 14:20 - 2012-05-04 03:05 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 14:20 - 2012-05-04 03:05 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 10:35 - 2014-04-03 10:35 - 00000000 ____D () C:\Users\Anna\AppData\Local\{17A68000-8FE9-499C-A67D-7371B3881C94}
2014-04-03 10:09 - 2014-04-02 11:37 - 00000655 _____ () C:\BurnHelp.txt
2014-03-31 02:58 - 2014-03-06 03:03 - 00005296 _____ () C:\Users\Anna\Desktop\AdwCleaner[S0].txt
2014-03-31 02:53 - 2014-03-06 03:14 - 00005369 _____ () C:\Users\Anna\Desktop\AdwCleaner[R0].txt
2014-03-31 02:36 - 2013-03-26 01:55 - 00000000 ____D () C:\Users\Anna\Desktop\sims3
2014-03-31 02:33 - 2014-03-31 02:33 - 00003222 _____ () C:\Windows\System32\Tasks\{42ABA7E4-96EF-46F3-B170-F0513985B220}
2014-03-31 02:30 - 2012-11-01 02:01 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-03-31 02:26 - 2014-03-31 02:26 - 00003118 _____ () C:\Windows\System32\Tasks\{D35A5BE4-6B85-4241-AFD3-A70AD99CBF2F}
2014-03-30 23:35 - 2012-11-26 04:42 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-30 11:18 - 2014-03-30 08:56 - 00000000 ____D () C:\Program Files\Recuva
2014-03-30 10:29 - 2014-03-30 10:29 - 00022788 _____ () C:\Users\Anna\Downloads\The.Vampire.Diaries.S05E17.HDTV.x264-LOL.de.TV4User.rar
2014-03-30 10:25 - 2014-03-30 10:25 - 77410720 _____ (Landesfinanzdirektion Thüringen) C:\Users\Anna\Downloads\ElsterFormular-15.2.20140326p.exe
2014-03-30 08:56 - 2014-03-30 08:56 - 00001660 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-30 03:41 - 2014-03-30 03:41 - 00000000 ____D () C:\Users\Anna\AppData\Local\{BC74ABE7-D530-4549-AF4E-4F0EDA4E8A21}
2014-03-30 03:39 - 2014-03-30 03:39 - 00000000 ____D () C:\Program Files (x86)\Convar
2014-03-30 03:23 - 2014-03-24 06:34 - 00000000 ____D () C:\Users\Anna\Desktop\steuer
2014-03-28 07:13 - 2014-03-30 10:31 - 00054908 _____ () C:\Users\Anna\Downloads\The.Vampire.Diaries.S05E17.HDTV.x264-LOL.de.TV4User.srt

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-04-14 04:45:28
Restore point made on: 2014-04-14 11:32:23
Restore point made on: 2014-04-15 11:39:46
Restore point made on: 2014-04-15 11:52:47
Restore point made on: 2014-04-16 01:32:58
Restore point made on: 2014-04-16 01:37:03
Restore point made on: 2014-04-17 02:16:24
Restore point made on: 2014-04-18 01:50:31
Restore point made on: 2014-04-18 05:46:31
Restore point made on: 2014-04-20 01:49:19
Restore point made on: 2014-04-21 01:18:11
Restore point made on: 2014-04-22 07:01:31
Restore point made on: 2014-04-23 05:11:33
Restore point made on: 2014-04-24 03:35:02
Restore point made on: 2014-04-26 02:27:13
Restore point made on: 2014-04-26 03:09:37

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3872.06 MB
Available physical RAM: 3269.17 MB
Total Pagefile: 3870.21 MB
Available Pagefile: 3261.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:87.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.36 GB) (Free:207.53 GB) NTFS
Drive e: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (WICHTIG) (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=254 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-04-23 04:50

==================== End Of Log ============================

--- --- ---

Bootsektor · 27.04.2014, 21:44

Hallo Ak07,

sehr gut.

Dann entfernen wir das gleich in der Recovery, starte bitte deinen PC erneut so, wie du es vorhin gemacht hast.

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Anna\...\Run: [Java TM Platform] => C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\New.Girl.S02E01.Penis.Party.GERMAN.DUBBED.WS.BDRip.XviD-TVP.exe [86985376 2014-04-14] ()
C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\
c:\windows\SysWow64\sho*.tmp
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Ak07 · 28.04.2014, 13:16

Hey brauche nochmal eine genauere Anleitung , klappt so irgendwie nicht sorry

...
Also wenn ich die Windows taste + R drücke startet sich der Pc immer neu, da kommt kein Fenster was mach ich falsch?
Und dann hab ich noch ne frage wenn ichs dann geschafft habe wie soll ich den Text aus der Code Box da reinkopieren?,hab ja da überhaupt kein zugriff das ichs Kopieren kann..
LG

Bootsektor · 28.04.2014, 20:36

Also, den Fix musst du natürlich vorher auf den USB-Stick packen

in der Recovery geht das nicht.

Zuerst den Rechner normal starten, den Fix auf den USB-Stick kopieren, dazu klickst du auf Alles auswählen, drückst STRG + C drückst dann Windows + R schreibst notepad in die Ausführenzeile -> Texteditor öffnet sich und dann drückst du STRG +V und der Fix fügt sich dann dort ein.
Dann speicherst du das ganze auf dem USB-Stick mit dem Namen fixlist.txt im gleichen Verzeichnis, in dem du die FRST.exe gespeichert hast und dann startest du in die Reparaturoptionen, so wie du das gemacht hast, als du das Log erstellt hast, gibts da FRST.exe ein und drückst auf Fix.

Ak07 · 29.04.2014, 10:47

Haha achso

...
jetzt hab ich's:-)

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by SYSTEM at 2014-04-29 11:42:49 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Anna\...\Run: [Java TM Platform] => C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\New.Girl.S02E01.Penis.Party.GERMAN.DUBBED.WS.BDRip.XviD-TVP.exe [86985376 2014-04-14] ()
C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\
c:\windows\SysWow64\sho*.tmp
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
*****************

HKU\Anna\Software\Microsoft\Windows\CurrentVersion\Run\\Java TM Platform => Value deleted successfully.
C:\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD - => Moved successfully.
c:\windows\SysWow64\sho*.tmp => Moved successfully.
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} => Moved successfully.

==== End of Fixlog ====

Bootsektor · 29.04.2014, 12:59

Hallo Ak07,

sehr gut.

Dann brauche ich jetzt nochmal ein neues Log von FRST, diesmal allerdings wieder aus dem normalen Modus.

Schritt 1
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Ak07 · 30.04.2014, 21:01

Hey:-)
da ist es:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Anna (administrator) on ANNA-PC on 30-04-2014 21:59:01
Running from C:\Users\Anna\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-07-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-05-04] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1204929044-2430859108-2896840969-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
SearchScopes: HKCU - {E87CFFEE-016A-4936-A048-3D17069F5BF2} URL = https://www.google.com/search?q={searchTerms}
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=1efb08fe-35bf-f534-2b00-21f74f589a53&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}"
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-04] (ASUS)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-01] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-01] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 21:59 - 2014-04-30 21:59 - 00014079 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-04-28 18:02 - 2014-04-30 20:51 - 00001315 _____ () C:\windows\setupact.log
2014-04-28 18:02 - 2014-04-28 18:02 - 00000000 _____ () C:\windows\setuperr.log
2014-04-26 13:09 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-26 12:34 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 12:29 - 2014-04-26 13:08 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-26 12:29 - 2014-04-26 13:07 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-04-26 12:27 - 2014-04-26 12:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1009.exe
2014-04-25 16:11 - 2014-04-30 21:58 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion
2014-04-25 16:09 - 2014-04-25 16:16 - 00000000 ____D () C:\Users\Anna\Desktop\es
2014-04-25 12:54 - 2014-04-25 12:54 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2014-04-24 19:21 - 2014-04-24 19:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieUserList
2014-04-24 19:21 - 2014-04-24 19:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieSiteList
2014-04-24 14:12 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-04-24 13:41 - 2014-04-24 13:41 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-24 13:41 - 2014-04-24 13:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-24 13:41 - 2014-04-24 13:41 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-24 13:41 - 2014-04-24 13:41 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-24 13:41 - 2014-04-24 13:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-04-24 13:41 - 2014-04-24 13:41 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-04-24 13:41 - 2014-04-24 13:41 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-04-24 13:41 - 2014-04-24 13:41 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-04-24 13:41 - 2014-04-24 13:41 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-04-24 13:41 - 2014-04-24 13:41 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-04-24 13:41 - 2014-04-24 13:41 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-16 11:24 - 2014-04-16 11:24 - 00000000 __SHD () C:\found.002
2014-04-14 21:52 - 2014-04-14 21:52 - 00000000 __SHD () C:\found.001
2014-04-14 21:33 - 2014-04-14 21:33 - 00002503 _____ () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-14 21:29 - 2014-04-14 21:30 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Anna\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe
2014-04-14 21:18 - 2014-04-14 21:18 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-14 21:17 - 2014-04-14 21:30 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\DVDVideoSoft
2014-04-14 14:42 - 2014-04-14 14:42 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\unhide.exe
2014-04-13 15:06 - 2014-04-13 15:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\{B95F153C-A7D7-4BE0-A08B-0ABBC892D529}
2014-04-13 15:02 - 2014-04-25 16:09 - 00000000 ____D () C:\Users\Anna\Desktop\muuu
2014-04-13 12:55 - 2014-04-13 12:55 - 00409600 _____ (Farbar) C:\Users\Anna\Desktop\FSS.exe
2014-04-11 12:12 - 2014-04-11 12:12 - 00000000 ____D () C:\Users\Anna\AppData\Local\{635CF1DD-FE37-49D4-99A1-B858CBD51089}
2014-04-11 11:15 - 2014-04-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-11 11:15 - 2014-04-11 11:15 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-10 23:11 - 2014-04-10 23:12 - 01199544 _____ (1&1 Mail & Media GmbH) C:\Users\Anna\Downloads\GMX_IE_Setup.exe
2014-04-10 15:40 - 2014-04-10 15:40 - 00019203 _____ () C:\ComboFix.txt
2014-04-10 15:05 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-04-10 15:05 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-04-10 15:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-04-10 15:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-04-10 15:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-04-10 15:05 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-04-10 15:05 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-04-10 15:05 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-04-10 15:04 - 2014-04-10 15:41 - 00000000 ____D () C:\Qoobox
2014-04-10 15:03 - 2014-04-10 15:35 - 00000000 ____D () C:\windows\erdnt
2014-04-09 16:37 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 16:37 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 16:37 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 16:37 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 16:37 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 16:36 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 16:36 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 16:36 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 16:36 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 16:36 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 16:36 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 16:36 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 16:36 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 16:36 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 16:36 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 16:36 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 16:36 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-03 20:50 - 2014-04-30 21:58 - 02061824 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\Users\Anna\AppData\Local\{17A68000-8FE9-499C-A67D-7371B3881C94}
2014-04-02 21:37 - 2014-04-03 20:09 - 00000655 _____ () C:\BurnHelp.txt
2014-03-31 12:52 - 2014-03-06 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-31 12:33 - 2014-03-31 12:33 - 00003222 _____ () C:\windows\System32\Tasks\{42ABA7E4-96EF-46F3-B170-F0513985B220}
2014-03-31 12:26 - 2014-03-31 12:26 - 00003118 _____ () C:\windows\System32\Tasks\{D35A5BE4-6B85-4241-AFD3-A70AD99CBF2F}

==================== One Month Modified Files and Folders =======

2014-04-30 21:59 - 2014-04-30 21:59 - 00014079 _____ () C:\Users\Anna\Desktop\FRST.txt
2014-04-30 21:59 - 2014-03-30 20:48 - 00000000 ____D () C:\FRST
2014-04-30 21:58 - 2014-04-25 16:11 - 00000000 ____D () C:\Users\Anna\Desktop\FRST-OlderVersion
2014-04-30 21:58 - 2014-04-03 20:50 - 02061824 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2014-04-30 21:25 - 2012-10-19 22:03 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 21:25 - 2012-10-19 22:03 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 21:25 - 2012-10-19 22:03 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 21:25 - 2012-10-19 22:03 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 21:25 - 2012-05-04 13:05 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 20:58 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 20:58 - 2009-07-14 06:45 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 20:55 - 2012-07-06 18:44 - 01560930 _____ () C:\windows\WindowsUpdate.log
2014-04-30 20:51 - 2014-04-28 18:02 - 00001315 _____ () C:\windows\setupact.log
2014-04-30 20:51 - 2012-10-19 20:03 - 00000387 _____ () C:\Users\Anna\AppData\Roaming\sp_data.sys
2014-04-30 20:51 - 2012-05-04 13:05 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 20:51 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-29 12:19 - 2012-11-01 12:01 - 00000000 ____D () C:\Users\Anna\Documents\UseNeXT
2014-04-29 12:19 - 2012-11-01 12:00 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\UseNeXT
2014-04-28 18:02 - 2014-04-28 18:02 - 00000000 _____ () C:\windows\setuperr.log
2014-04-27 22:32 - 2012-11-05 23:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\vlc
2014-04-26 14:48 - 2009-07-29 08:03 - 00000000 ____D () C:\windows\Panther
2014-04-26 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\he-IL
2014-04-26 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\ar-SA
2014-04-26 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\he-IL
2014-04-26 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\ar-SA
2014-04-26 13:08 - 2014-04-26 12:29 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-26 13:07 - 2014-04-26 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 13:07 - 2014-04-26 12:29 - 00000000 ____D () C:\Users\Anna\Desktop\mbar
2014-04-26 12:29 - 2014-04-26 12:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Anna\Desktop\mbar-1.07.0.1009.exe
2014-04-26 12:22 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-25 16:16 - 2014-04-25 16:09 - 00000000 ____D () C:\Users\Anna\Desktop\es
2014-04-25 16:09 - 2014-04-13 15:02 - 00000000 ____D () C:\Users\Anna\Desktop\muuu
2014-04-25 12:54 - 2014-04-25 12:54 - 02347384 _____ (ESET) C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
2014-04-24 19:21 - 2014-04-24 19:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieUserList
2014-04-24 19:21 - 2014-04-24 19:21 - 00000000 __SHD () C:\Users\Anna\AppData\Local\EmieSiteList
2014-04-24 19:20 - 2013-06-22 16:23 - 00001427 _____ () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-24 13:41 - 2014-04-24 13:41 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-24 13:41 - 2014-04-24 13:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-24 13:41 - 2014-04-24 13:41 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-24 13:41 - 2014-04-24 13:41 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-24 13:41 - 2014-04-24 13:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-04-24 13:41 - 2014-04-24 13:41 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-04-24 13:41 - 2014-04-24 13:41 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-04-24 13:41 - 2014-04-24 13:41 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-04-24 13:41 - 2014-04-24 13:41 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-04-24 13:41 - 2014-04-24 13:41 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-04-24 13:41 - 2014-04-24 13:41 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-04-24 13:41 - 2014-04-24 13:41 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-04-24 13:41 - 2014-04-24 13:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-23 19:16 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-23 19:14 - 2011-02-19 06:18 - 00000000 ____D () C:\windows\SysWOW64\XPSViewer
2014-04-23 19:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\system32\winrm
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\system32\WCN
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\system32\slmgr
2014-04-23 19:14 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-04-23 19:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Setup
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\sysprep
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\oobe
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\MUI
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\com
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\servicing
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-04-23 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-23 19:13 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Setup
2014-04-23 19:10 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-04-23 19:08 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Globalization
2014-04-16 11:24 - 2014-04-16 11:24 - 00000000 __SHD () C:\found.002
2014-04-14 21:55 - 2012-07-06 18:57 - 00002100 _____ () C:\windows\system32\AutoRunFilter.ini
2014-04-14 21:55 - 2012-07-06 18:57 - 00001759 _____ () C:\windows\system32\ServiceFilter.ini
2014-04-14 21:52 - 2014-04-14 21:52 - 00000000 __SHD () C:\found.001
2014-04-14 21:41 - 2012-11-09 18:45 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\SoftGrid Client
2014-04-14 21:33 - 2014-04-14 21:33 - 00002503 _____ () C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-14 21:30 - 2014-04-14 21:29 - 34763504 _____ (DVDVideoSoft Ltd. ) C:\Users\Anna\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe
2014-04-14 21:30 - 2014-04-14 21:17 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\DVDVideoSoft
2014-04-14 21:18 - 2014-04-14 21:18 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-14 14:43 - 2014-03-03 22:55 - 00000000 ____D () C:\Users\Anna\Desktop\Neuer Ordner
2014-04-14 14:42 - 2014-04-14 14:42 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Anna\Desktop\unhide.exe
2014-04-13 15:06 - 2014-04-13 15:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\{B95F153C-A7D7-4BE0-A08B-0ABBC892D529}
2014-04-13 15:02 - 2013-12-28 17:04 - 00000000 ____D () C:\Users\Anna\Desktop\Musik
2014-04-13 12:55 - 2014-04-13 12:55 - 00409600 _____ (Farbar) C:\Users\Anna\Desktop\FSS.exe
2014-04-11 12:12 - 2014-04-11 12:12 - 00000000 ____D () C:\Users\Anna\AppData\Local\{635CF1DD-FE37-49D4-99A1-B858CBD51089}
2014-04-11 11:15 - 2014-04-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-11 11:15 - 2014-04-11 11:15 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-10 23:12 - 2014-04-10 23:11 - 01199544 _____ (1&1 Mail & Media GmbH) C:\Users\Anna\Downloads\GMX_IE_Setup.exe
2014-04-10 15:41 - 2014-04-10 15:04 - 00000000 ____D () C:\Qoobox
2014-04-10 15:41 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default
2014-04-10 15:40 - 2014-04-10 15:40 - 00019203 _____ () C:\ComboFix.txt
2014-04-10 15:35 - 2014-04-10 15:03 - 00000000 ____D () C:\windows\erdnt
2014-04-10 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-04-07 00:20 - 2012-05-04 13:05 - 00004120 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-07 00:20 - 2012-05-04 13:05 - 00003868 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\Users\Anna\AppData\Local\{17A68000-8FE9-499C-A67D-7371B3881C94}
2014-04-03 20:09 - 2014-04-02 21:37 - 00000655 _____ () C:\BurnHelp.txt
2014-03-31 12:36 - 2013-03-26 11:55 - 00000000 ____D () C:\Users\Anna\Desktop\sims3
2014-03-31 12:33 - 2014-03-31 12:33 - 00003222 _____ () C:\windows\System32\Tasks\{42ABA7E4-96EF-46F3-B170-F0513985B220}
2014-03-31 12:30 - 2012-11-01 12:01 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-03-31 12:26 - 2014-03-31 12:26 - 00003118 _____ () C:\windows\System32\Tasks\{D35A5BE4-6B85-4241-AFD3-A70AD99CBF2F}
2014-03-31 12:23 - 2014-02-21 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-03-31 09:35 - 2012-11-26 14:42 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 12:05

==================== End Of Log ============================

--- --- ---

Bootsektor · 30.04.2014, 23:45

Hallo Ak07
Läuft nicht mehr

, wir möchten uns diese Datei ansehen. Lade bitte dazu den Quarantäneordner von FRST in unserem Uploadchannel.

Schritt 1
Lade bitte folgendermassen Dateien zur Analyse hoch:

Deaktiviere bitte temporär deinen Virenscanner.
Suche folgenden Ordner auf den USB-Stick, von welchem du den FRST-Fix gestartet hast
\FRST\Quarantine
und packe ihn in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
Gehe nun zum Trojaner-Board Upload-Channel:
1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
3. Gib deinen Benutzernamen ein.
4. Drücke auf den Button Hochladen.
Du kannst jetzt deinen Virenscanner wieder aktivieren.
(bebilderte Anleitung)

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=1efb08fe-35bf-f534-2b00-21f74f589a53&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}"
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Ak07 · 01.05.2014, 15:08

Hey hab diesen Quarantine Ordner nicht auf dem Stick...

Bootsektor · 01.05.2014, 20:53

Hmm. Ok.
Schau doch dann bitte mal, ob du unter C:\FRST\Quarantäne die Datei findest und schau auch nochmal ob sich noch in C:\Qoobox\Quarantine\C\Users\Anna\Documents\UseNeXT\wizard\New Girl S02e01 Penis Party Dubbed WS BDRip XviD -\
die
New.Girl.S02E01.Penis.Party.GERMAN.DUBBED.WS.BDRip.XviD-TVP.exe.vir
befindet und zippe dann diese Ordner.

Die Datei, die du gezippt hast, hattest du gelöscht? Hast du den Papierkorb danach entleert?

Du kannst ruhig Schritt 2 schon machen

Und vielen Dank für deine gute Mitarbeit

Ak07 · 01.05.2014, 22:11

Hey, na ich danke dir das du so viel Geduld mit mir und meinem PC hast

Also die Datei die ich gezippt hatte hab ich gelöscht und den Papierkorb auch geleert.

Unter C:\FRST\Quarantäne habe ich die Datei nicht mehr gefunden, aber in der Qoobox.
Hab das jetzt gezippt und bei Trojaner-Board Upload Channel hochgeladen allerdings hat das nicht so recht funktioniert...

Schritt 2:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2014 03
Ran by Anna at 2014-05-01 23:05:36 Run:3
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1M&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-pgM9ZMj9XP4rDX1MwJSFjA81SbnUfUjkcOjVbvuX1HidpZfwV2wQzzWCPfXs1I&q={searchTerms}
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=1efb08fe-35bf-f534-2b00-21f74f589a53&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}"
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs"
         
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBCH&co=DE&userid=1efb08fe-35bf-f534-2b00-21f74f589a53&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}" ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bo0DcxFlYhhFbDtiX8iT4NpCZzJ4hCqyXBG82g57WNkMJTdThyXnKn2b3hHDh6xlg-aF4XN6QhBS1TlvrZektONT9GdMGFFYB3paAiZyyzaXXfOyxyHxOd_SZI_sePzs" ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====

Bootsektor · 02.05.2014, 21:56

Hallo Ak07,

wie groß ist die Datei jetzt gezippt? Die hatte ja schon als sie lief eine beachtliche Größe. Ich frag mal nach, wieso die Datei nicht empfangen werden konnte. Ich seh dass du sie hochgeladen hast, aber die Datei fehlt leider.

Du hast noch snapdo als Homepage in Google-Chrome
Schritt 1
In deinem Chrome Browser ist snapdo als Startseite eingetragen
Stelle nach dieser Anleitung deine Startseite neu ein.

Mache außerdem noch folgendes

Gehe in deinem Chrome Browser auf Einstellungen (das ist das Symbol rechts neben der Adresszeile im Browser was aus drei horizontalen Linien besteht)
Klicke dort auf Einstellungen
Gehe zu dem Punkt Beim Start
Gehe auf bestimmte Seite oder Seiten öffnen
entferne hier snapdo (falls vorhanden), lösche es und lege eine andere Startseite fest (normal ist hier google.com eingetragen)

Hattest du jetzt eigentlich noch mal direkt in die Ordner geschaut, (also über den Windows Explorer?) ob sich die Dateien dort noch befinden? Die meisten Ordner auf dem Desktop sind ja nur Verknüpfungen zu Ordnern die sich auf der Festplatte befinden.

Malwarebytes benutzt du aber nur als Free Version, also als On-Demand-Scanner? Oder hast du die Kaufversion? Denn sonst ists ja nur ein reiner Scanner, der auf Verlangen arbeitet aber keinerlei Hintergrundwächter hat, der dein System auf Bedrohungen überwacht.

Updates / Programme aktualisieren

Adobe Reader

Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.

FlashPlayer

Dein FlashPlayer für den Firefox ( Adobe Flash Player Plugin) ist nicht mehr aktuell.

deinstalliere die alten Versionen.
öffne mit dem Firefox folgenden Link Adobe - Adobe Flash Player installieren und lade Dir von dort die neueste Version herunter.
Falls sich dort etwas anderes als der FlashPlayer noch zusätzlich mitinstallieren möchte, entferne den Haken dort

Aktualisierung einstellen
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen:
Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen