|
Log-Analyse und Auswertung: Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
20.03.2014, 23:04 | #1 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Hallo zusammen! Erstmal danke für eure Arbeit! Heute bekam ich eine e-mail von Zalando mit einem .rtf file in welchem mein Rücksendeschein sei. Hab ich nicht angefordert, aber da ich mir erst gerade was gekauft habe und das mein erstes Mal war dachte ich mir nichts Böses. Habs geöffnet. Dann stand ich solle das Bild doppelklicken. Gemacht, funktioniert nicht. Ah das Dokument hat einen Schreibschutz, habs entsperrt und doppelgeklickt, dann kam eine Meldung im Stil von: wollen sie diesen Inhalt wirklich öffnen? Während ich ja klicke triffts mich wie ein Blitz: Wie blöd bin ich eigentlich?!? Logisch ist das ein Virus oder Trojaner. Ich schliesse sofort Word. Gehe ins Internet und prompt lese ich eine Meldung über genau diese verseuchte Zalando Mail(W32/Trojan.TOPZ-6677, hab nichts konkretes via google gefunden). Ich schliesse meinen Browser und sehe ein Fenster dahinter: Do you really wan't to trust this certificate... (VeriSign Class 3 Public Primary Certification Authority G5) ich klicke nein. PC Neustart, die Meldung taucht wieder auf. Nun finde ich heraus welche Datei diese Meldung verursacht, sie heisst 47BKPRZz.exe (gibts nichts dazu auf google). Ich verneine die Meldung erneut und suche die Datei. Ich finde die Executable und dumpfiles von Windows (von den Uhrzeiten an welchen ich die Meldung verneint habe) (Datei konnte offensichtli nicht vollständig augeführt werden). Ich lösche alles unwiderruflich. Nach einem Neustart kommt die Meldung nicht mehr. Danach gehe ich in den Certificate Manager und schiebe das Certificate zu untrusted. Zwei Trojaner Suchprogramme (TrojanHunter und TrojanReover) finden nichts. Per SystemExplorer und einem Netzwerkmonitoringtool (TcpView) schaue ich nach ob sich was verdächtiges tut. Nichts. Auch während dem Betrieb fällt mir nichts auf. GMER kann ich nicht ausführen: C:\windows\system32\config\system: The process cannot access the file because it is being used by another process. Eigentlich sollte ich den PC neu aufsetzen, ich habe jedoch gerade viel zu tun an der Uni und brauche dafür einige Programme welche aufwändig zu installieren sind. Denkt ihr durch verneinen der Zertifikatsinstallation und das Löschen der Dateien bin ich nochmals davongekommen? Was wäre das Schlimmste, das mir passieren kann, solange ich kein eBanking betreibe? Danke für die Auskunft! logfiles: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:38 on 20/03/2014 (Luca) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Luca (administrator) on LUSOYO on 20-03-2014 22:40:24 Running from C:\Users\Lu\Desktop Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\windows\system32\wwahost.exe (Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation) C:\windows\system32\backgroundTaskHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation) HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1661856 2014-03-20] (Simply Super Software) HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe Startup: C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKCU - DefaultScope {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20] FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14] FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14] FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20] FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20] FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08] CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08] CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08] CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08] CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08] CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08] CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08] ==================== Services (Whitelisted) ================= S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation) S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation) S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation) S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-12] () R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo) S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X] S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X] S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation) S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH) S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.) R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-20 22:38 - 2014-03-20 22:40 - 00021924 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000470 _____ () C:\Users\Lu\Desktop\defogger_disable.log 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 17:54 - 2014-03-20 22:40 - 00000000 ____D () C:\FRST 2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software 2014-03-20 17:07 - 2014-03-20 17:28 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:07 - 2014-03-20 17:07 - 00001108 _____ () C:\Users\Lu\Desktop\TrojanHunter.lnk 2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter 2014-03-20 17:06 - 2014-03-20 17:12 - 00000000 ____D () C:\ProgramData\SystemExplorer 2014-03-20 17:06 - 2014-03-20 17:06 - 00001109 _____ () C:\Users\Public\Desktop\System Explorer.lnk 2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-20 17:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-20 17:01 - 2014-03-20 16:53 - 00291606 _____ () C:\Users\Lu\Desktop\TcpView-3.05.zip 2014-03-20 16:38 - 2014-03-20 16:41 - 00064473 _____ () C:\Users\Lu\Desktop\Console1.msc 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-18 22:05 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe 2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp 2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys 2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl 2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll 2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll 2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll 2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe 2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe 2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll 2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll 2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml 2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe 2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll 2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys 2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys 2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys 2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 12:58 - 2014-03-09 13:09 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-03-09 00:53 - 2014-03-09 00:53 - 00001132 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 16:08 - 2014-03-09 00:44 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll 2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll 2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll 2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll 2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll 2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll 2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll 2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll 2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys 2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe 2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll 2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll 2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs 2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-02-20 14:10 - 2014-02-21 20:06 - 00000000 ____D () C:\Program Files\Oracle 2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys 2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys 2014-02-18 08:19 - 2014-03-12 17:59 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt ==================== One Month Modified Files and Folders ======= 2014-03-20 22:40 - 2014-03-20 22:38 - 00021924 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-20 22:40 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000470 _____ () C:\Users\Lu\Desktop\defogger_disable.log 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu 2014-03-20 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2014-03-20 21:24 - 2013-10-22 03:13 - 01733564 _____ () C:\windows\WindowsUpdate.log 2014-03-20 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:28 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-20 17:14 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-20 17:13 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive 2014-03-20 17:12 - 2014-03-20 17:06 - 00000000 ____D () C:\ProgramData\SystemExplorer 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software 2014-03-20 17:08 - 2013-11-24 19:09 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:07 - 2014-03-20 17:07 - 00001108 _____ () C:\Users\Lu\Desktop\TrojanHunter.lnk 2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter 2014-03-20 17:06 - 2014-03-20 17:06 - 00001109 _____ () C:\Users\Public\Desktop\System Explorer.lnk 2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer 2014-03-20 17:04 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat 2014-03-20 17:04 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat 2014-03-20 17:04 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-20 16:53 - 2014-03-20 17:01 - 00291606 _____ () C:\Users\Lu\Desktop\TcpView-3.05.zip 2014-03-20 16:41 - 2014-03-20 16:38 - 00064473 _____ () C:\Users\Lu\Desktop\Console1.msc 2014-03-20 16:39 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job 2014-03-20 16:39 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl 2014-03-20 16:38 - 2013-10-22 03:03 - 00050008 _____ () C:\windows\setupact.log 2014-03-20 16:38 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-20 16:26 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps 2014-03-20 16:15 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI 2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-20 10:59 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey 2014-03-18 22:05 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT 2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-18 13:53 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-17 20:16 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db 2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB 2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET 2014-03-16 19:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc 2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt 2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml 2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-03-12 17:48 - 2013-08-28 09:34 - 00008990 _____ () C:\windows\PFRO.log 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 17:48 - 2013-08-22 15:44 - 00733664 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 20:37 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities 2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo 2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log 2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log 2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics 2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump 2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 13:09 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi 2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games 2014-03-09 00:53 - 2014-03-09 00:53 - 00001132 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk 2014-03-09 00:45 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games 2014-03-09 00:44 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp 2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp 2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData 2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo 2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo 2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk 2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-02-21 20:06 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle 2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs Some content of TEMP: ==================== C:\Users\Lu\AppData\Local\Temp\20131125042911989jniverify.dll C:\Users\Lu\AppData\Local\Temp\BackupSetup.exe C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\Checkupdate.exe C:\Users\Lu\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-2.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Lu\AppData\Local\Temp\gcapi_dll.dll C:\Users\Lu\AppData\Local\Temp\gtapi_signed.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\jansi-64-1.8.dll C:\Users\Lu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Lu\AppData\Local\Temp\npp.6.5.2.Installer.exe C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll C:\Users\Lu\AppData\Local\Temp\SRLDetectionLibrary8191520591370748298.dll C:\Users\Lu\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Lu\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Lu\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-15 13:24 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Luca at 2014-03-20 22:40:53 Running from C:\Users\Lu\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30596 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) BatteryMon V2.1 (HKLM-x32\...\BatteryMon_is1) (Version: - PassMark Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo) Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation) Free Audio Converter version 5.0.35.304 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.) Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games) Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{1bcf77e1-2519-41dc-a594-9936f5f42203}) (Version: 4.2.0.8 - Intel Corporation) Intel Extreme Tuning Utility (x32 Version: 4.2.0.8 - Intel Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel) Intel(R) Experience Center Driver (Version: 1.7.0.179 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025F0}) (Version: 7.0.250 - Oracle) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025F0}) (Version: 7.0.250 - Oracle) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) KMSpico v9.0.5.20131112 (HKLM\...\KMSpico_is1) (Version: 9.0.5.20131112 - ) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.) MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.0.1528 - Native Instruments) Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments) Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments) Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments) Native Instruments Rig Kontrol 3 Driver (Version: 3.1.0.761 - Native Instruments) Hidden Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden NoteBook FanControl (HKLM-x32\...\{fcb7175f-8410-4e57-9c9a-5413b0c03f24}) (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) NoteBook FanControl (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Picture2avi uninstaller (HKLM\...\Picture2avi_is1) (Version: 4.1.0.0 - picture2avi.com) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World) SequoiaView (HKLM-x32\...\SequoiaView) (Version: - ) SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) Siemens NX 8.5 (HKLM\...\{2AA26D1D-F4D8-428C-8B5B-B6B81A74383B}) (Version: 8.5.0.23 - Siemens) Siemens NX 8.5 Documentation (HKLM\...\{C0CBC5EC-0866-4ACB-ACE1-40998F962902}) (Version: 8.5.0.23 - Siemens) Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - ) SpeedCrunch 0.10 (HKLM-x32\...\SpeedCrunch_is1) (Version: - SpeedCrunch) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated) System Explorer 4.7.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team) Trojan Remover 6.9.1.2929 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software) TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security) Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{47F15B72-AB15-4B81-BDB8-28B204596EB7}) (Version: - Microsoft) Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft) Update for Microsoft en-us Dictionary (Version: 16.1.669.1 - Microsoft Corporation) Hidden Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{79469196-F138-4CF0-8681-F1889D53B56B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{526C9E5A-A734-4DC0-B829-ED1CDE793C6B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{30C13416-B124-46AB-9E44-96CEFFA893F9}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{1A789784-5825-4B26-BB57-71FF7D3484CB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B5E3E636-7913-4775-BC9B-E4B56F4ED73B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{869B93B9-E75A-44DE-8AC5-A030A7A21FDD}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3A48DE63-607B-4FEA-A862-B52669C4433C}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34F51E79-0110-4B49-A245-81319F58453E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{05D8C7F6-9A93-4925-B2B3-7D6507AD2FC9}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CA014CB4-B26F-4D27-BF26-C994CC3428E5}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6FF949A3-1C3F-41C2-9464-933E885ECB53}) (Version: - Microsoft) Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E9172003-60C1-447B-9569-7AA9FADE26B0}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft) Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft) Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F16E7B82-23FE-4054-AB73-EAE53965251C}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1C361003-0D02-4AB5-B176-941D3CEDDE47} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation) Task: {1F4F2D7F-2FD9-48DA-99D0-6CB06B719F2E} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-12] () Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E345624-C424-4115-BF23-3F748AC745E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4B213728-4AE5-43AD-92C8-D93D3879A0C3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {726E1E84-D18A-4D53-B52E-7165FF6B2F29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {790C2560-F635-4985-AD3C-164D53BE48AC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8AD7E20F-6C17-4116-B903-A6BAA0B15795} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {99DB6F40-DDB9-498B-B9A3-D553CD4DF34B} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] () Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C23A0049-5CDE-4620-8F2B-8004CC115566} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {ECC6BF40-C63A-4256-A710-120B39D5E46E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {F27A6431-76D3-4B7E-BC3B-28A0CDFD9EAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-02 01:31 - 2013-08-02 01:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-02 01:31 - 2013-08-02 01:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-02 01:31 - 2013-08-02 01:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2013-11-06 03:29 - 2013-11-06 03:29 - 00263168 _____ () C:\Program Files\NoteBook FanControl\OpenHardwareMonitorLib.dll 2013-10-22 03:27 - 2013-10-22 03:27 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll 2014-02-27 19:10 - 2014-02-27 19:10 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-03-02 19:43 - 2014-03-02 19:43 - 00027136 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook.BackgroundTasks.winmd 2014-02-12 18:11 - 2014-02-12 18:11 - 01782272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\8848363a64856b740e9ebd321b6a98ca\Windows.ApplicationModel.ni.dll 2014-03-02 19:43 - 2014-03-02 19:43 - 00121344 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Win8-Base.DLL 2014-03-02 19:43 - 2014-03-02 19:43 - 00094208 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Base.DLL 2014-03-02 19:43 - 2014-03-02 19:43 - 01707008 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Services.DLL 2014-03-02 19:43 - 2014-03-02 19:43 - 00254976 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Models.DLL 2014-02-12 18:11 - 2014-02-12 18:11 - 01278464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\29e4b2d8f87a111865c3302f567b4a82\Windows.Storage.ni.dll 2014-02-12 18:11 - 2014-02-12 18:11 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll 2014-02-12 18:11 - 2014-02-12 18:11 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\b4178c95c7aafade0fcdb76b09bd2973\Windows.Security.ni.dll 2014-02-12 18:12 - 2014-02-12 18:12 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\fb496048d93b67e96961f34a0955f3d8\Windows.Graphics.ni.dll 2014-02-12 18:11 - 2014-02-12 18:11 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\5d30480aa910c28c2571439d412f3b53\Windows.Networking.ni.dll 2014-02-12 18:11 - 2014-02-12 18:11 - 00521216 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll 2014-02-12 18:11 - 2014-02-12 18:11 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll 2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-22 03:09 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-03-20 17:07 - 2002-11-10 17:51 - 00152064 _____ () C:\Program Files (x86)\TrojanHunter 5.5\unrar.dll 2014-03-20 17:07 - 2002-08-09 11:18 - 00122368 _____ () C:\Program Files (x86)\TrojanHunter 5.5\UNZDLL.DLL 2014-03-20 17:07 - 2012-10-14 19:10 - 00521728 _____ () C:\Program Files (x86)\TrojanHunter 5.5\RuleFiles\Gen.dll 2014-03-18 22:05 - 2014-03-18 22:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 AlternateDataStreams: C:\Users\Lu\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/20/2014 05:13:45 PM) (Source: Application Hang) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bac Start Time: 01cf4456a89476aa Termination Time: 4294967295 Application Path: C:\windows\system32\backgroundTaskHost.exe Report Id: 9c10112f-b04a-11e3-82cb-08002700a8dd Faulting package full name: 36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6 Faulting package-relative application ID: App Error: (03/20/2014 05:07:39 PM) (Source: Application Hang) (User: ) Description: The program SystemExplorer.exe version 4.7.0.5133 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 140 Start Time: 01cf445662a6695d Termination Time: 4294967295 Application Path: C:\Program Files (x86)\System Explorer\SystemExplorer.exe Report Id: c1c66511-b049-11e3-82cb-08002700a8dd Faulting package full name: Faulting package-relative application ID: Error: (03/20/2014 04:58:45 PM) (Source: Application Hang) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12e0 Start Time: 01cf445490224797 Termination Time: 4294967295 Application Path: C:\windows\system32\backgroundTaskHost.exe Report Id: 83a39b1c-b048-11e3-82cb-08002700a8dd Faulting package full name: 36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6 Faulting package-relative application ID: App Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyConfigTDPDll DllMain: ConnectToDptfFrameworkDriver() failed. Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyConfigTDPDll ConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed. Last error = [0x00000103] Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 1 Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 1 Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyLpmService CreateApplicationList: dptfFrameworkHandle is NULL. Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyLpmService ConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed. Last error = [0x00000103] Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: ) Description: DptfPolicyCriticalService ServiceMain: ServiceStart() failed. System errors: ============= Error: (03/20/2014 04:39:36 PM) (Source: Service Control Manager) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/20/2014 04:38:41 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: %%2 Error: (03/20/2014 04:38:41 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: %%2 Error: (03/20/2014 04:16:38 PM) (Source: Service Control Manager) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/20/2014 04:15:45 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: %%2 Error: (03/20/2014 04:15:44 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: %%2 Error: (03/20/2014 04:11:33 PM) (Source: Service Control Manager) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/20/2014 04:10:39 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: %%2 Error: (03/20/2014 04:10:39 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: %%2 Error: (03/20/2014 04:10:37 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 11:08:26 on 20/03/2014 was unexpected. Microsoft Office Sessions: ========================= Error: (03/20/2014 05:13:45 PM) (Source: Application Hang)(User: ) Description: backgroundTaskHost.exe6.3.9600.16384bac01cf4456a89476aa4294967295C:\windows\system32\backgroundTaskHost.exe9c10112f-b04a-11e3-82cb-08002700a8dd36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6App Error: (03/20/2014 05:07:39 PM) (Source: Application Hang)(User: ) Description: SystemExplorer.exe4.7.0.513314001cf445662a6695d4294967295C:\Program Files (x86)\System Explorer\SystemExplorer.exec1c66511-b049-11e3-82cb-08002700a8dd Error: (03/20/2014 04:58:45 PM) (Source: Application Hang)(User: ) Description: backgroundTaskHost.exe6.3.9600.1638412e001cf4454902247974294967295C:\windows\system32\backgroundTaskHost.exe83a39b1c-b048-11e3-82cb-08002700a8dd36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6App Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyConfigTDPDllDllMain: ConnectToDptfFrameworkDriver() failed. Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyConfigTDPDllConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103] Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.Session ID = 1 Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyLpmServiceHelperCreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 1 Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyLpmServiceCreateApplicationList: dptfFrameworkHandle is NULL. Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103] Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: ) Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 8104.27 MB Available physical RAM: 4022.73 MB Total Pagefile: 9512.27 MB Available Pagefile: 5487.2 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:216.98 GB) (Free:17.08 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
20.03.2014, 23:57 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Zitat:
Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
20.03.2014, 23:59 | #3 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? sorry, wurde entfernt.
__________________ |
21.03.2014, 09:06 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Du hast auch das illegale MS Office deinstalliert? Weitere illegale Software ist nicht mehr drauf? Dann bitte neue FRST Logs machen und posten. Haken setzen bei additions
__________________ Logfiles bitte immer in CODE-Tags posten |
21.03.2014, 09:17 | #5 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? ja, wurde entfernt. ne sonst ist alles legit. ich hab noch sonst das eine oder andere runtergeschmissen, damit die scans ein Bisschen schneller ablaufen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Luca (administrator) on LUSOYO on 21-03-2014 09:15:54 Running from C:\Users\Lu\Desktop Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\windows\ImmersiveControlPanel\SystemSettings.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation) HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1661856 2014-03-20] (Simply Super Software) HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKCU - DefaultScope {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Tcpip\Parameters: [DhcpNameServer] 129.132.98.12 FireFox: ======== FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20] FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14] FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14] FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20] FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20] FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08] CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08] CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08] CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08] CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08] CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08] CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08] ==================== Services (Whitelisted) ================= S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation) S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation) S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation) S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor) S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo) S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X] S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X] S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation) S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH) S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.) S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 09:14 - 2014-03-21 09:16 - 00019649 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 17:54 - 2014-03-21 09:15 - 00000000 ____D () C:\FRST 2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software 2014-03-20 17:07 - 2014-03-20 17:28 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter 2014-03-20 17:06 - 2014-03-20 17:12 - 00000000 ____D () C:\ProgramData\SystemExplorer 2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-20 17:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-18 22:05 - 2014-03-21 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe 2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp 2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys 2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl 2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll 2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll 2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll 2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe 2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe 2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll 2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll 2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml 2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe 2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll 2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys 2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys 2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys 2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 12:58 - 2014-03-09 13:09 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 16:08 - 2014-03-21 07:31 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll 2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll 2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll 2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll 2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll 2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll 2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll 2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll 2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys 2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe 2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll 2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll 2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs 2014-02-20 14:10 - 2014-03-21 07:25 - 00000000 ____D () C:\Program Files\Oracle 2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys 2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys ==================== One Month Modified Files and Folders ======= 2014-03-21 09:16 - 2014-03-21 09:14 - 00019649 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-21 09:15 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST 2014-03-21 09:14 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games 2014-03-21 09:13 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-21 09:13 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-03-21 09:12 - 2013-10-22 03:13 - 02042206 _____ () C:\windows\WindowsUpdate.log 2014-03-21 09:12 - 2013-08-22 20:12 - 00000000 ____D () C:\windows\ShellNew 2014-03-21 09:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2014-03-21 08:11 - 2013-11-24 19:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001 2014-03-21 08:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\tracing 2014-03-21 08:08 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job 2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\ProgramData\Cisco 2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-03-21 07:53 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat 2014-03-21 07:53 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat 2014-03-21 07:53 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-21 07:52 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive 2014-03-21 07:48 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl 2014-03-21 07:48 - 2013-10-22 03:03 - 00050290 _____ () C:\windows\setupact.log 2014-03-21 07:48 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-21 07:47 - 2013-08-28 09:34 - 00009788 _____ () C:\windows\PFRO.log 2014-03-21 07:47 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI 2014-03-21 07:34 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages 2014-03-21 07:34 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2014-03-21 07:33 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps 2014-03-21 07:31 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-03-21 07:30 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities 2014-03-21 07:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-21 07:25 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu 2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:28 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-20 17:14 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-20 17:12 - 2014-03-20 17:06 - 00000000 ____D () C:\ProgramData\SystemExplorer 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter 2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey 2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT 2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-17 20:16 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db 2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB 2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET 2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc 2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt 2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml 2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 17:48 - 2013-08-22 15:44 - 00733664 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo 2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log 2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log 2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics 2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump 2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 13:09 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi 2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games 2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp 2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp 2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData 2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo 2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo 2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk 2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs Some content of TEMP: ==================== C:\Users\Lu\AppData\Local\Temp\20131125042911989jniverify.dll C:\Users\Lu\AppData\Local\Temp\BackupSetup.exe C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\Checkupdate.exe C:\Users\Lu\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-2.exe C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Lu\AppData\Local\Temp\gcapi_dll.dll C:\Users\Lu\AppData\Local\Temp\gtapi_signed.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\jansi-64-1.8.dll C:\Users\Lu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Lu\AppData\Local\Temp\npp.6.5.2.Installer.exe C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\ose00001.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll C:\Users\Lu\AppData\Local\Temp\SRLDetectionLibrary8191520591370748298.dll C:\Users\Lu\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Lu\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Lu\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-15 13:24 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Luca at 2014-03-21 09:16:16 Running from C:\Users\Lu\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - ) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo) Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation) Free Audio Converter version 5.0.35.304 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.) Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games) Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{1bcf77e1-2519-41dc-a594-9936f5f42203}) (Version: 4.2.0.8 - Intel Corporation) Intel Extreme Tuning Utility (x32 Version: 4.2.0.8 - Intel Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel) Intel(R) Experience Center Driver (Version: 1.7.0.179 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025F0}) (Version: 7.0.250 - Oracle) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025F0}) (Version: 7.0.250 - Oracle) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.) MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.0.1528 - Native Instruments) Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments) Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments) Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments) Native Instruments Rig Kontrol 3 Driver (Version: 3.1.0.761 - Native Instruments) Hidden Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden NoteBook FanControl (HKLM-x32\...\{fcb7175f-8410-4e57-9c9a-5413b0c03f24}) (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) NoteBook FanControl (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Picture2avi uninstaller (HKLM\...\Picture2avi_is1) (Version: 4.1.0.0 - picture2avi.com) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World) SequoiaView (HKLM-x32\...\SequoiaView) (Version: - ) SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) Siemens NX 8.5 (HKLM\...\{2AA26D1D-F4D8-428C-8B5B-B6B81A74383B}) (Version: 8.5.0.23 - Siemens) Siemens NX 8.5 Documentation (HKLM\...\{C0CBC5EC-0866-4ACB-ACE1-40998F962902}) (Version: 8.5.0.23 - Siemens) SpeedCrunch 0.10 (HKLM-x32\...\SpeedCrunch_is1) (Version: - SpeedCrunch) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated) System Explorer 4.7.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team) Trojan Remover 6.9.1.2929 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software) TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security) Update for Microsoft en-us Dictionary (Version: 16.1.669.1 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1C361003-0D02-4AB5-B176-941D3CEDDE47} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E345624-C424-4115-BF23-3F748AC745E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4B213728-4AE5-43AD-92C8-D93D3879A0C3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {726E1E84-D18A-4D53-B52E-7165FF6B2F29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {790C2560-F635-4985-AD3C-164D53BE48AC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {99DB6F40-DDB9-498B-B9A3-D553CD4DF34B} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] () Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-02 01:31 - 2013-08-02 01:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-02 01:31 - 2013-08-02 01:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-02 01:31 - 2013-08-02 01:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2013-11-06 03:29 - 2013-11-06 03:29 - 00263168 _____ () C:\Program Files\NoteBook FanControl\OpenHardwareMonitorLib.dll 2013-10-22 03:27 - 2013-10-22 03:27 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll 2014-02-27 19:10 - 2014-02-27 19:10 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-18 22:05 - 2014-03-18 22:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-22 03:09 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 AlternateDataStreams: C:\Users\Lu\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2014 09:12:58 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:47 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:46 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:45 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:44 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:44 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:43 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:42 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:41 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). Error: (03/21/2014 09:12:39 AM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422). System errors: ============= Error: (03/21/2014 07:57:23 AM) (Source: Server) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{12DE8AA9-9218-48C6-91B5-56863A29EA2C} because another computer on the network has the same name. The server could not start. Error: (03/21/2014 07:49:53 AM) (Source: Service Control Manager) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/21/2014 07:48:04 AM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: %%2 Error: (03/21/2014 07:48:03 AM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: %%2 Error: (03/21/2014 07:47:45 AM) (Source: DCOM) (User: LUSOYO) Description: {7160A13D-73DA-4CEA-95B9-37356478588A} Error: (03/20/2014 11:23:33 PM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252. Error: (03/20/2014 11:00:01 PM) (Source: Service Control Manager) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/20/2014 10:59:01 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: %%2 Error: (03/20/2014 10:59:01 PM) (Source: Service Control Manager) (User: ) Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: %%2 Error: (03/20/2014 04:39:36 PM) (Source: Service Control Manager) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (03/21/2014 09:12:58 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:47 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:46 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:45 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:44 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:44 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:43 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:42 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:41 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 Error: (03/21/2014 09:12:39 AM) (Source: System Restore)(User: ) Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422 ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8104.27 MB Available physical RAM: 5404.29 MB Total Pagefile: 9512.27 MB Available Pagefile: 6495.61 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:216.98 GB) (Free:50.24 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
21.03.2014, 09:42 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? |
21.03.2014, 10:08 | #7 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? hat nix gefunden, dementsprechend auch kein clean up. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.03.21.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16521 Luca :: LUSOYO [administrator] 21.3.14 09:47:19 mbar-log-2014-03-21 (09-47-19).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 251918 Time elapsed: 9 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
21.03.2014, 10:55 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
21.03.2014, 11:04 | #9 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? logfiles: Code:
ATTFilter # AdwCleaner v3.022 - Report created 21/03/2014 at 10:57:29 # Updated 13/03/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Luca - LUSOYO # Running from : C:\Users\Lu\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\MyPC Backup File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v28.0 (de) [ File : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\prefs.js ] [ File : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1147 octets] - [21/03/2014 10:56:54] AdwCleaner[S0].txt - [1076 octets] - [21/03/2014 10:57:29] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1136 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 8.1 x64 Ran by Luca on Fri 21.03.14 at 10:59:33.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 21.03.14 at 11:02:54.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Luca (administrator) on LUSOYO on 21-03-2014 11:04:04 Running from C:\Users\Lu\Desktop Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\windows\system32\wbem\WMIADAP.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ismagent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation) HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor) HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.) HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare) HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe Startup: C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms} SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 129.132.98.12 FireFox: ======== FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20] FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14] FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14] FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20] FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20] FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08] CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08] CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08] CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08] CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08] CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08] CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08] ==================== Services (Whitelisted) ================= R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation) S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation) S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation) S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation) S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] () R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation) R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo) S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X] S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X] S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation) S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] () R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] () S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH) S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.) S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X] R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 11:04 - 2014-03-21 11:04 - 00020272 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-21 11:02 - 2014-03-21 11:02 - 00000617 _____ () C:\Users\Lu\Desktop\JRT.txt 2014-03-21 10:59 - 2014-03-21 10:59 - 00000000 ____D () C:\windows\ERUNT 2014-03-21 10:56 - 2014-03-21 10:57 - 00000000 ____D () C:\AdwCleaner 2014-03-21 10:56 - 2014-03-21 10:56 - 01950720 _____ () C:\Users\Lu\Desktop\adwcleaner.exe 2014-03-21 10:56 - 2014-03-21 10:56 - 01037734 _____ (Thisisu) C:\Users\Lu\Desktop\JRT.exe 2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-03-21 09:48 - 2014-03-21 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-03-21 09:47 - 2014-03-21 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-21 09:47 - 2014-03-21 09:47 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-21 09:47 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-21 09:45 - 2014-03-21 10:02 - 00000000 ____D () C:\Users\Lu\Desktop\mbar 2014-03-21 09:45 - 2014-03-21 09:45 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-21 09:44 - 2014-03-21 09:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lu\Desktop\mbar-1.07.0.1009.exe 2014-03-21 09:38 - 2014-03-21 09:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 17:54 - 2014-03-21 11:04 - 00000000 ____D () C:\FRST 2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:07 - 2014-03-21 10:32 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-21 10:32 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-18 22:05 - 2014-03-21 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe 2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe 2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe 2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp 2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys 2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc 2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl 2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources 2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll 2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll 2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll 2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll 2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll 2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll 2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll 2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe 2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll 2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll 2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe 2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll 2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll 2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll 2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll 2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE 2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll 2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll 2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml 2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe 2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll 2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys 2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys 2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll 2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys 2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 12:58 - 2014-03-21 10:33 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 16:08 - 2014-03-21 07:31 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll 2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll 2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll 2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll 2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll 2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll 2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll 2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll 2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll 2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll 2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll 2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll 2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe 2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll 2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll 2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys 2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe 2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll 2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll 2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs 2014-02-20 14:10 - 2014-03-21 07:25 - 00000000 ____D () C:\Program Files\Oracle 2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys 2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys ==================== One Month Modified Files and Folders ======= 2014-03-21 11:04 - 2014-03-21 11:04 - 00020272 _____ () C:\Users\Lu\Desktop\FRST.txt 2014-03-21 11:04 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST 2014-03-21 11:03 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat 2014-03-21 11:03 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat 2014-03-21 11:03 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2014-03-21 11:02 - 2014-03-21 11:02 - 00000617 _____ () C:\Users\Lu\Desktop\JRT.txt 2014-03-21 11:01 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps 2014-03-21 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2014-03-21 10:59 - 2014-03-21 10:59 - 00000000 ____D () C:\windows\ERUNT 2014-03-21 10:58 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job 2014-03-21 10:58 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive 2014-03-21 10:58 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl 2014-03-21 10:58 - 2013-10-22 03:03 - 00050572 _____ () C:\windows\setupact.log 2014-03-21 10:58 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-03-21 10:57 - 2014-03-21 10:56 - 00000000 ____D () C:\AdwCleaner 2014-03-21 10:57 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI 2014-03-21 10:56 - 2014-03-21 10:56 - 01950720 _____ () C:\Users\Lu\Desktop\adwcleaner.exe 2014-03-21 10:56 - 2014-03-21 10:56 - 01037734 _____ (Thisisu) C:\Users\Lu\Desktop\JRT.exe 2014-03-21 10:55 - 2013-10-22 03:13 - 01197435 _____ () C:\windows\WindowsUpdate.log 2014-03-21 10:33 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi 2014-03-21 10:33 - 2013-11-24 19:09 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001 2014-03-21 10:32 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5 2014-03-21 10:32 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover 2014-03-21 10:22 - 2013-08-28 09:34 - 00010152 _____ () C:\windows\PFRO.log 2014-03-21 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2014-03-21 10:22 - 2013-08-22 15:44 - 00730704 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-21 10:15 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db 2014-03-21 10:02 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-21 10:02 - 2014-03-21 09:45 - 00000000 ____D () C:\Users\Lu\Desktop\mbar 2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-03-21 09:55 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 09:48 - 2014-03-21 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-03-21 09:47 - 2014-03-21 09:47 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-21 09:47 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-21 09:45 - 2014-03-21 09:45 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-21 09:45 - 2014-03-21 09:44 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lu\Desktop\mbar-1.07.0.1009.exe 2014-03-21 09:38 - 2014-03-21 09:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-03-21 09:14 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games 2014-03-21 09:13 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-21 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-03-21 09:12 - 2013-08-22 20:12 - 00000000 ____D () C:\windows\ShellNew 2014-03-21 08:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\tracing 2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\ProgramData\Cisco 2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-03-21 07:34 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages 2014-03-21 07:31 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent 2014-03-21 07:30 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities 2014-03-21 07:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-21 07:25 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle 2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe 2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable 2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu 2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe 2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter 2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll 2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software 2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt 2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox 2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey 2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT 2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB 2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET 2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc 2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt 2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml 2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft 2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter 2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe 2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab 2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake 2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake 2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView 2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo 2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log 2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG 2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements 2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics 2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log 2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics 2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump 2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark 2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark 2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com 2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small 2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp 2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam 2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games 2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp 2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports 2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder 2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp 2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF 2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A 2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData 2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo 2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo 2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk 2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs Some content of TEMP: ==================== C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\Quarantine.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-15 13:24 ==================== End Of Log ============================ |
21.03.2014, 11:11 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe C:\ProgramData\47BKPRZz.exe C:\Program Files\KMSpico C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\Quarantine.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
21.03.2014, 12:01 | #11 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? hier: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Luca at 2014-03-21 11:52:41 Run:1 Running from C:\Users\Lu\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe C:\ProgramData\47BKPRZz.exe C:\Program Files\KMSpico C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\Quarantine.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll ***************** HKU\S-1-5-21-3526281771-1473308361-996666171-1001\Software\Microsoft\Windows\CurrentVersion\Run\\47BKPRZz => Value deleted successfully. "C:\ProgramData\47BKPRZz.exe" => File/Directory not found. "C:\Program Files\KMSpico" => File/Directory not found. C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll => Moved successfully. C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll => Moved successfully. C:\Users\Lu\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Lu\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll => Moved successfully. ==== End of Fixlog ==== |
21.03.2014, 12:11 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
21.03.2014, 14:35 | #13 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Malwarebytes hat nichts gefunden. ESET läuft gerade noch. Ich hab noch ein paar Fragen: 1. Haben wir etwas gefunden und entfernt, oder war ich die ganze Zeit nicht infisziert? 2. Kann ich das Zertifikat wieder aktivieren? 3. Besteht eine chance, dass etwas nicht entdeckt wurde? Edit: Die Laptopbatterie neigt sich zu Ende, werde denn scan heute Abend nochmals starten. Melde mich dann nochmals. |
21.03.2014, 14:49 | #14 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Zitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.03.2014, 15:02 | #15 |
| Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Ich nehme an du meinst den Fixlog von Farbar. Die ursprüngliche Schadsoftware wirde dort ja nicht mehr gefunden. Code:
ATTFilter C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll C:\Users\Lu\AppData\Local\Temp\ose00000.exe C:\Users\Lu\AppData\Local\Temp\Quarantine.exe C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll Wenn du Lust und Zeit hast würde es mich sehr interessieren, welche Dateien welchen Schadcode beinhalten. Es ist mir jedoch klar dass das viel Zeit benötigt und du evt. keine Zeit dafür hast. Das Zertifikat ist vertrauenswürdig (Cisco verwendet dasselbe für den VPN Client), es wurde nur "missbraucht" vom Trojaner/Virsu (was war es eigentlich). Das es 100% Sicherheit nicht gibt ist mir klar, gibt es jedoch Erfahrungswerte deinerseits? gruss |
Themen zu Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? |
4d36e972-e325-11ce-bfc1-08002be10318, adobe, bonjour, browser, browser update, defender, device driver, downloader, dvdvideosoft ltd., e-mail, ebanking, excel, firefox, firefox 28.0, google, internet, kmspico, mozilla, object, outlook 2013, realtek, registry, rundll, scan, security, services.exe, software, stick, super, svchost.exe, trojaner, usb, virtualbox, virus, win64, windows, windowsapps |