| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.03.2014, 23:04
| #1 |
 |  Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Hallo zusammen! Erstmal danke für eure Arbeit! Heute bekam ich eine e-mail von Zalando mit einem .rtf file in welchem mein Rücksendeschein sei. Hab ich nicht angefordert, aber da ich mir erst gerade was gekauft habe und das mein erstes Mal war dachte ich mir nichts Böses. Habs geöffnet. Dann stand ich solle das Bild doppelklicken. Gemacht, funktioniert nicht. Ah das Dokument hat einen Schreibschutz, habs entsperrt und doppelgeklickt, dann kam eine Meldung im Stil von: wollen sie diesen Inhalt wirklich öffnen? Während ich ja klicke triffts mich wie ein Blitz: Wie blöd bin ich eigentlich?!? Logisch ist das ein Virus oder Trojaner. Ich schliesse sofort Word. Gehe ins Internet und prompt lese ich eine Meldung über genau diese verseuchte Zalando Mail(W32/Trojan.TOPZ-6677, hab nichts konkretes via google gefunden). Ich schliesse meinen Browser und sehe ein Fenster dahinter: Do you really wan't to trust this certificate... (VeriSign Class 3 Public Primary Certification Authority G5) ich klicke nein. PC Neustart, die Meldung taucht wieder auf. Nun finde ich heraus welche Datei diese Meldung verursacht, sie heisst 47BKPRZz.exe (gibts nichts dazu auf google). Ich verneine die Meldung erneut und suche die Datei. Ich finde die Executable und dumpfiles von Windows (von den Uhrzeiten an welchen ich die Meldung verneint habe) (Datei konnte offensichtli nicht vollständig augeführt werden). Ich lösche alles unwiderruflich. Nach einem Neustart kommt die Meldung nicht mehr. Danach gehe ich in den Certificate Manager und schiebe das Certificate zu untrusted. Zwei Trojaner Suchprogramme (TrojanHunter und TrojanReover) finden nichts. Per SystemExplorer und einem Netzwerkmonitoringtool (TcpView) schaue ich nach ob sich was verdächtiges tut. Nichts. Auch während dem Betrieb fällt mir nichts auf. GMER kann ich nicht ausführen: C:\windows\system32\config\system: The process cannot access the file because it is being used by another process. Eigentlich sollte ich den PC neu aufsetzen, ich habe jedoch gerade viel zu tun an der Uni und brauche dafür einige Programme welche aufwändig zu installieren sind. Denkt ihr durch verneinen der Zertifikatsinstallation und das Löschen der Dateien bin ich nochmals davongekommen? Was wäre das Schlimmste, das mir passieren kann, solange ich kein eBanking betreibe? Danke für die Auskunft! logfiles: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:38 on 20/03/2014 (Luca)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Luca (administrator) on LUSOYO on 20-03-2014 22:40:24
Running from C:\Users\Lu\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\TrojanHunter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\windows\system32\backgroundTaskHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1661856 2014-03-20] (Simply Super Software)
HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe
Startup: C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20]
FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14]
FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14]
FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20]
FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20]
FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08]
CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
==================== Services (Whitelisted) =================
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-12] ()
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo)
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 22:38 - 2014-03-20 22:40 - 00021924 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000470 _____ () C:\Users\Lu\Desktop\defogger_disable.log
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 17:54 - 2014-03-20 22:40 - 00000000 ____D () C:\FRST
2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software
2014-03-20 17:07 - 2014-03-20 17:28 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:07 - 2014-03-20 17:07 - 00001108 _____ () C:\Users\Lu\Desktop\TrojanHunter.lnk
2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-03-20 17:06 - 2014-03-20 17:12 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-20 17:06 - 2014-03-20 17:06 - 00001109 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-20 17:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-20 17:01 - 2014-03-20 16:53 - 00291606 _____ () C:\Users\Lu\Desktop\TcpView-3.05.zip
2014-03-20 16:38 - 2014-03-20 16:41 - 00064473 _____ () C:\Users\Lu\Desktop\Console1.msc
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-18 22:05 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp
2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll
2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll
2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll
2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll
2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys
2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 12:58 - 2014-03-09 13:09 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-03-09 00:53 - 2014-03-09 00:53 - 00001132 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 16:08 - 2014-03-09 00:44 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll
2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll
2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe
2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll
2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll
2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-02-20 14:10 - 2014-02-21 20:06 - 00000000 ____D () C:\Program Files\Oracle
2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2014-02-18 08:19 - 2014-03-12 17:59 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt
==================== One Month Modified Files and Folders =======
2014-03-20 22:40 - 2014-03-20 22:38 - 00021924 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-20 22:40 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000470 _____ () C:\Users\Lu\Desktop\defogger_disable.log
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu
2014-03-20 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2014-03-20 21:24 - 2013-10-22 03:13 - 01733564 _____ () C:\windows\WindowsUpdate.log
2014-03-20 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:28 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-20 17:14 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-20 17:13 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive
2014-03-20 17:12 - 2014-03-20 17:06 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software
2014-03-20 17:08 - 2013-11-24 19:09 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:07 - 2014-03-20 17:07 - 00001108 _____ () C:\Users\Lu\Desktop\TrojanHunter.lnk
2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-03-20 17:06 - 2014-03-20 17:06 - 00001109 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-03-20 17:04 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat
2014-03-20 17:04 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat
2014-03-20 17:04 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-20 16:53 - 2014-03-20 17:01 - 00291606 _____ () C:\Users\Lu\Desktop\TcpView-3.05.zip
2014-03-20 16:41 - 2014-03-20 16:38 - 00064473 _____ () C:\Users\Lu\Desktop\Console1.msc
2014-03-20 16:39 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-03-20 16:39 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl
2014-03-20 16:38 - 2013-10-22 03:03 - 00050008 _____ () C:\windows\setupact.log
2014-03-20 16:38 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-20 16:26 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps
2014-03-20 16:15 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI
2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 10:59 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey
2014-03-18 22:05 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 13:53 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-17 20:16 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db
2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB
2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET
2014-03-16 19:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc
2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt
2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml
2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-12 17:48 - 2013-08-28 09:34 - 00008990 _____ () C:\windows\PFRO.log
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 17:48 - 2013-08-22 15:44 - 00733664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 20:37 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities
2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo
2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log
2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log
2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics
2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump
2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 13:09 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi
2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games
2014-03-09 00:53 - 2014-03-09 00:53 - 00001132 _____ () C:\Users\Public\Desktop\Southpark Stick of Truth.lnk
2014-03-09 00:45 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games
2014-03-09 00:44 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp
2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp
2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk
2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-02-21 20:06 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle
2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
Some content of TEMP:
====================
C:\Users\Lu\AppData\Local\Temp\20131125042911989jniverify.dll
C:\Users\Lu\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\Checkupdate.exe
C:\Users\Lu\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lu\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Lu\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\jansi-64-1.8.dll
C:\Users\Lu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Lu\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
C:\Users\Lu\AppData\Local\Temp\SRLDetectionLibrary8191520591370748298.dll
C:\Users\Lu\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Lu\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lu\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 13:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Luca at 2014-03-20 22:40:53
Running from C:\Users\Lu\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30596 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BatteryMon V2.1 (HKLM-x32\...\BatteryMon_is1) (Version: - PassMark Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Free Audio Converter version 5.0.35.304 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{1bcf77e1-2519-41dc-a594-9936f5f42203}) (Version: 4.2.0.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 4.2.0.8 - Intel Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Experience Center Driver (Version: 1.7.0.179 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025F0}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025F0}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
KMSpico v9.0.5.20131112 (HKLM\...\KMSpico_is1) (Version: 9.0.5.20131112 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.0.1528 - Native Instruments)
Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
NoteBook FanControl (HKLM-x32\...\{fcb7175f-8410-4e57-9c9a-5413b0c03f24}) (Version: 1.0.0.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Picture2avi uninstaller (HKLM\...\Picture2avi_is1) (Version: 4.1.0.0 - picture2avi.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
SequoiaView (HKLM-x32\...\SequoiaView) (Version: - )
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Siemens NX 8.5 (HKLM\...\{2AA26D1D-F4D8-428C-8B5B-B6B81A74383B}) (Version: 8.5.0.23 - Siemens)
Siemens NX 8.5 Documentation (HKLM\...\{C0CBC5EC-0866-4ACB-ACE1-40998F962902}) (Version: 8.5.0.23 - Siemens)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
SpeedCrunch 0.10 (HKLM-x32\...\SpeedCrunch_is1) (Version: - SpeedCrunch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
System Explorer 4.7.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trojan Remover 6.9.1.2929 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{47F15B72-AB15-4B81-BDB8-28B204596EB7}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
Update for Microsoft en-us Dictionary (Version: 16.1.669.1 - Microsoft Corporation) Hidden
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{79469196-F138-4CF0-8681-F1889D53B56B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{526C9E5A-A734-4DC0-B829-ED1CDE793C6B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{30C13416-B124-46AB-9E44-96CEFFA893F9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{1A789784-5825-4B26-BB57-71FF7D3484CB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{B5E3E636-7913-4775-BC9B-E4B56F4ED73B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{869B93B9-E75A-44DE-8AC5-A030A7A21FDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3A48DE63-607B-4FEA-A862-B52669C4433C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34F51E79-0110-4B49-A245-81319F58453E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{05D8C7F6-9A93-4925-B2B3-7D6507AD2FC9}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CA014CB4-B26F-4D27-BF26-C994CC3428E5}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6FF949A3-1C3F-41C2-9464-933E885ECB53}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E9172003-60C1-447B-9569-7AA9FADE26B0}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F16E7B82-23FE-4054-AB73-EAE53965251C}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1C361003-0D02-4AB5-B176-941D3CEDDE47} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {1F4F2D7F-2FD9-48DA-99D0-6CB06B719F2E} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-12] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E345624-C424-4115-BF23-3F748AC745E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B213728-4AE5-43AD-92C8-D93D3879A0C3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {726E1E84-D18A-4D53-B52E-7165FF6B2F29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790C2560-F635-4985-AD3C-164D53BE48AC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AD7E20F-6C17-4116-B903-A6BAA0B15795} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99DB6F40-DDB9-498B-B9A3-D553CD4DF34B} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C23A0049-5CDE-4620-8F2B-8004CC115566} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECC6BF40-C63A-4256-A710-120B39D5E46E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F27A6431-76D3-4B7E-BC3B-28A0CDFD9EAC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2013-08-02 01:31 - 2013-08-02 01:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 01:31 - 2013-08-02 01:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 01:31 - 2013-08-02 01:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-11-06 03:29 - 2013-11-06 03:29 - 00263168 _____ () C:\Program Files\NoteBook FanControl\OpenHardwareMonitorLib.dll
2013-10-22 03:27 - 2013-10-22 03:27 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-02-27 19:10 - 2014-02-27 19:10 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-03-02 19:43 - 2014-03-02 19:43 - 00027136 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook.BackgroundTasks.winmd
2014-02-12 18:11 - 2014-02-12 18:11 - 01782272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\8848363a64856b740e9ebd321b6a98ca\Windows.ApplicationModel.ni.dll
2014-03-02 19:43 - 2014-03-02 19:43 - 00121344 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Win8-Base.DLL
2014-03-02 19:43 - 2014-03-02 19:43 - 00094208 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Base.DLL
2014-03-02 19:43 - 2014-03-02 19:43 - 01707008 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Services.DLL
2014-03-02 19:43 - 2014-03-02 19:43 - 00254976 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt\Facebook-Models.DLL
2014-02-12 18:11 - 2014-02-12 18:11 - 01278464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\29e4b2d8f87a111865c3302f567b4a82\Windows.Storage.ni.dll
2014-02-12 18:11 - 2014-02-12 18:11 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
2014-02-12 18:11 - 2014-02-12 18:11 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\b4178c95c7aafade0fcdb76b09bd2973\Windows.Security.ni.dll
2014-02-12 18:12 - 2014-02-12 18:12 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\fb496048d93b67e96961f34a0955f3d8\Windows.Graphics.ni.dll
2014-02-12 18:11 - 2014-02-12 18:11 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\5d30480aa910c28c2571439d412f3b53\Windows.Networking.ni.dll
2014-02-12 18:11 - 2014-02-12 18:11 - 00521216 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll
2014-02-12 18:11 - 2014-02-12 18:11 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-22 03:09 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-20 17:07 - 2002-11-10 17:51 - 00152064 _____ () C:\Program Files (x86)\TrojanHunter 5.5\unrar.dll
2014-03-20 17:07 - 2002-08-09 11:18 - 00122368 _____ () C:\Program Files (x86)\TrojanHunter 5.5\UNZDLL.DLL
2014-03-20 17:07 - 2012-10-14 19:10 - 00521728 _____ () C:\Program Files (x86)\TrojanHunter 5.5\RuleFiles\Gen.dll
2014-03-18 22:05 - 2014-03-18 22:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Lu\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/20/2014 05:13:45 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: bac
Start Time: 01cf4456a89476aa
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 9c10112f-b04a-11e3-82cb-08002700a8dd
Faulting package full name: 36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6
Faulting package-relative application ID: App
Error: (03/20/2014 05:07:39 PM) (Source: Application Hang) (User: )
Description: The program SystemExplorer.exe version 4.7.0.5133 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 140
Start Time: 01cf445662a6695d
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\System Explorer\SystemExplorer.exe
Report Id: c1c66511-b049-11e3-82cb-08002700a8dd
Faulting package full name:
Faulting package-relative application ID:
Error: (03/20/2014 04:58:45 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 12e0
Start Time: 01cf445490224797
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 83a39b1c-b048-11e3-82cb-08002700a8dd
Faulting package full name: 36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6
Faulting package-relative application ID: App
Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyConfigTDPDll
DllMain: ConnectToDptfFrameworkDriver() failed.
Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyConfigTDPDll
ConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]
Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 1
Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyLpmService
CreateApplicationList: dptfFrameworkHandle is NULL.
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyLpmService
ConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent) (User: )
Description: DptfPolicyCriticalService
ServiceMain: ServiceStart() failed.
System errors:
=============
Error: (03/20/2014 04:39:36 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (03/20/2014 04:38:41 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
%%2
Error: (03/20/2014 04:38:41 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
%%2
Error: (03/20/2014 04:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (03/20/2014 04:15:45 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
%%2
Error: (03/20/2014 04:15:44 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
%%2
Error: (03/20/2014 04:11:33 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (03/20/2014 04:10:39 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
%%2
Error: (03/20/2014 04:10:39 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
%%2
Error: (03/20/2014 04:10:37 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:08:26 on 20/03/2014 was unexpected.
Microsoft Office Sessions:
=========================
Error: (03/20/2014 05:13:45 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.16384bac01cf4456a89476aa4294967295C:\windows\system32\backgroundTaskHost.exe9c10112f-b04a-11e3-82cb-08002700a8dd36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6App
Error: (03/20/2014 05:07:39 PM) (Source: Application Hang)(User: )
Description: SystemExplorer.exe4.7.0.513314001cf445662a6695d4294967295C:\Program Files (x86)\System Explorer\SystemExplorer.exec1c66511-b049-11e3-82cb-08002700a8dd
Error: (03/20/2014 04:58:45 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1638412e001cf4454902247974294967295C:\windows\system32\backgroundTaskHost.exe83a39b1c-b048-11e3-82cb-08002700a8dd36114Feras.ReddHub_5.12.1.1_neutral__f4gsjrqj9hqv6App
Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyConfigTDPDllDllMain: ConnectToDptfFrameworkDriver() failed.
Error: (03/20/2014 04:48:46 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyConfigTDPDllConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]
Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.Session ID = 1
Error: (03/20/2014 04:44:48 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 1
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyLpmServiceCreateApplicationList: dptfFrameworkHandle is NULL.
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]
Error: (03/20/2014 04:38:41 PM) (Source: DptfEvent)(User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 8104.27 MB
Available physical RAM: 4022.73 MB
Total Pagefile: 9512.27 MB
Available Pagefile: 5487.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:216.98 GB) (Free:17.08 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
20.03.2014, 23:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Zitat:
Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
20.03.2014, 23:59
| #3 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? sorry, wurde entfernt.
__________________ |
|
21.03.2014, 09:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Du hast auch das illegale MS Office deinstalliert? Weitere illegale Software ist nicht mehr drauf? Dann bitte neue FRST Logs machen und posten. Haken setzen bei additions
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2014, 09:17
| #5 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? ja, wurde entfernt. ne sonst ist alles legit. ich hab noch sonst das eine oder andere runtergeschmissen, damit die scans ein Bisschen schneller ablaufen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Luca (administrator) on LUSOYO on 21-03-2014 09:15:54
Running from C:\Users\Lu\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1661856 2014-03-20] (Simply Super Software)
HKLM-x32\...\Run: [THGuard] - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 129.132.98.12
FireFox:
========
FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20]
FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14]
FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14]
FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20]
FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20]
FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08]
CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
==================== Services (Whitelisted) =================
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo)
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-21 09:14 - 2014-03-21 09:16 - 00019649 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 17:54 - 2014-03-21 09:15 - 00000000 ____D () C:\FRST
2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software
2014-03-20 17:07 - 2014-03-20 17:28 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-03-20 17:06 - 2014-03-20 17:12 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-20 17:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-18 22:05 - 2014-03-21 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp
2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll
2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll
2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll
2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll
2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys
2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 12:58 - 2014-03-09 13:09 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 16:08 - 2014-03-21 07:31 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll
2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll
2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe
2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll
2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll
2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
2014-02-20 14:10 - 2014-03-21 07:25 - 00000000 ____D () C:\Program Files\Oracle
2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
==================== One Month Modified Files and Folders =======
2014-03-21 09:16 - 2014-03-21 09:14 - 00019649 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-21 09:15 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST
2014-03-21 09:14 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games
2014-03-21 09:13 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-21 09:13 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-21 09:12 - 2013-10-22 03:13 - 02042206 _____ () C:\windows\WindowsUpdate.log
2014-03-21 09:12 - 2013-08-22 20:12 - 00000000 ____D () C:\windows\ShellNew
2014-03-21 09:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2014-03-21 08:11 - 2013-11-24 19:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001
2014-03-21 08:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\tracing
2014-03-21 08:08 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-21 07:53 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat
2014-03-21 07:53 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat
2014-03-21 07:53 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-21 07:52 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive
2014-03-21 07:48 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl
2014-03-21 07:48 - 2013-10-22 03:03 - 00050290 _____ () C:\windows\setupact.log
2014-03-21 07:48 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-21 07:47 - 2013-08-28 09:34 - 00009788 _____ () C:\windows\PFRO.log
2014-03-21 07:47 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI
2014-03-21 07:34 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages
2014-03-21 07:34 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2014-03-21 07:33 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps
2014-03-21 07:31 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-03-21 07:30 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities
2014-03-21 07:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-21 07:25 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu
2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:28 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-20 17:14 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-20 17:12 - 2014-03-20 17:06 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:09 - 2014-03-20 17:09 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Simply Super Software
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:07 - 2014-03-20 17:07 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-03-20 17:06 - 2014-03-20 17:06 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\Users\Lu\Documents\Simply Super Software
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey
2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 20:16 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db
2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB
2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET
2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc
2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt
2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml
2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 17:48 - 2013-08-22 15:44 - 00733664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo
2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log
2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log
2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics
2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump
2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 13:09 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ___HD () C:\Users\Lu\AppData\Local\Screenshots
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Program Files\Picture2avi
2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games
2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp
2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp
2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk
2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
Some content of TEMP:
====================
C:\Users\Lu\AppData\Local\Temp\20131125042911989jniverify.dll
C:\Users\Lu\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\Checkupdate.exe
C:\Users\Lu\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Lu\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lu\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Lu\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\jansi-64-1.8.dll
C:\Users\Lu\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Lu\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\ose00001.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
C:\Users\Lu\AppData\Local\Temp\SRLDetectionLibrary8191520591370748298.dll
C:\Users\Lu\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Lu\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Lu\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 13:24
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Luca at 2014-03-21 09:16:16
Running from C:\Users\Lu\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Free Audio Converter version 5.0.35.304 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{1bcf77e1-2519-41dc-a594-9936f5f42203}) (Version: 4.2.0.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 4.2.0.8 - Intel Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Experience Center Driver (Version: 1.7.0.179 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025F0}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025F0}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.0.1528 - Native Instruments)
Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
NoteBook FanControl (HKLM-x32\...\{fcb7175f-8410-4e57-9c9a-5413b0c03f24}) (Version: 1.0.0.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (Version: 1.0.0.0 - Stefan Hirschmann - StagWare) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Picture2avi uninstaller (HKLM\...\Picture2avi_is1) (Version: 4.1.0.0 - picture2avi.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
SequoiaView (HKLM-x32\...\SequoiaView) (Version: - )
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Siemens NX 8.5 (HKLM\...\{2AA26D1D-F4D8-428C-8B5B-B6B81A74383B}) (Version: 8.5.0.23 - Siemens)
Siemens NX 8.5 Documentation (HKLM\...\{C0CBC5EC-0866-4ACB-ACE1-40998F962902}) (Version: 8.5.0.23 - Siemens)
SpeedCrunch 0.10 (HKLM-x32\...\SpeedCrunch_is1) (Version: - SpeedCrunch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
System Explorer 4.7.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trojan Remover 6.9.1.2929 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security)
Update for Microsoft en-us Dictionary (Version: 16.1.669.1 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1C361003-0D02-4AB5-B176-941D3CEDDE47} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E345624-C424-4115-BF23-3F748AC745E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B213728-4AE5-43AD-92C8-D93D3879A0C3} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {726E1E84-D18A-4D53-B52E-7165FF6B2F29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790C2560-F635-4985-AD3C-164D53BE48AC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99DB6F40-DDB9-498B-B9A3-D553CD4DF34B} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2013-08-02 01:31 - 2013-08-02 01:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 01:31 - 2013-08-02 01:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 01:31 - 2013-08-02 01:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-11-06 03:29 - 2013-11-06 03:29 - 00263168 _____ () C:\Program Files\NoteBook FanControl\OpenHardwareMonitorLib.dll
2013-10-22 03:27 - 2013-10-22 03:27 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-02-27 19:10 - 2014-02-27 19:10 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 22:05 - 2014-03-18 22:05 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-22 03:09 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Lu\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/21/2014 09:12:58 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:47 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:46 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:45 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:44 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:44 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:43 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:42 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:41 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
Error: (03/21/2014 09:12:39 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Installed PROPLUSR; Error = 0x80070422).
System errors:
=============
Error: (03/21/2014 07:57:23 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{12DE8AA9-9218-48C6-91B5-56863A29EA2C} because another computer on the network has the same name. The server could not start.
Error: (03/21/2014 07:49:53 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/21/2014 07:48:04 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
%%2
Error: (03/21/2014 07:48:03 AM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
%%2
Error: (03/21/2014 07:47:45 AM) (Source: DCOM) (User: LUSOYO)
Description: {7160A13D-73DA-4CEA-95B9-37356478588A}
Error: (03/20/2014 11:23:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
Error: (03/20/2014 11:00:01 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (03/20/2014 10:59:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
%%2
Error: (03/20/2014 10:59:01 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
%%2
Error: (03/20/2014 04:39:36 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (03/21/2014 09:12:58 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:47 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:46 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:45 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:44 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:44 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:43 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:42 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:41 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
Error: (03/21/2014 09:12:39 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VInstalled PROPLUSR0x80070422
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8104.27 MB
Available physical RAM: 5404.29 MB
Total Pagefile: 9512.27 MB
Available Pagefile: 6495.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:216.98 GB) (Free:50.24 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
21.03.2014, 09:42
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? |
|
21.03.2014, 10:08
| #7 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? hat nix gefunden, dementsprechend auch kein clean up. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.21.04
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Luca :: LUSOYO [administrator]
21.3.14 09:47:19
mbar-log-2014-03-21 (09-47-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 251918
Time elapsed: 9 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
21.03.2014, 10:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2014, 11:04
| #9 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? logfiles: Code:
ATTFilter # AdwCleaner v3.022 - Report created 21/03/2014 at 10:57:29
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Luca - LUSOYO
# Running from : C:\Users\Lu\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\MyPC Backup
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v28.0 (de)
[ File : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\prefs.js ]
[ File : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1147 octets] - [21/03/2014 10:56:54]
AdwCleaner[S0].txt - [1076 octets] - [21/03/2014 10:57:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1136 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Luca on Fri 21.03.14 at 10:59:33.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 21.03.14 at 11:02:54.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Luca (administrator) on LUSOYO on 21-03-2014 11:04:04
Running from C:\Users\Lu\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Stefan Hirschmann - StagWare) C:\Program Files\NoteBook FanControl\NbfcService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\windows\system32\wbem\WMIADAP.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ismagent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2013-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [NBFC-ClientApplication] - C:\Program Files\NoteBook FanControl\NoteBook FanControl.exe [418816 2013-11-06] (Stefan Hirschmann - StagWare)
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [Epic Privacy Browser Update] - "C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe
Startup: C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {5E397180-325D-44CD-97C4-63D2C9842271} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {23CDFC3C-B4D3-49CC-8466-DB51407892BB} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKCU - {5E397180-325D-44CD-97C4-63D2C9842271} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 129.132.98.12
FireFox:
========
FF ProfilePath: C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Lu\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Textarea Cache - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} [2014-03-20]
FF Extension: Ghostery - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\firefox@ghostery.com.xpi [2014-01-14]
FF Extension: YouTube Center - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-14]
FF Extension: ScrapBook - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-03-20]
FF Extension: NoScript - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-14]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-03-20]
FF Extension: Adblock Plus - C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\9aa4q0ok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Adblock Plus) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-08]
CHR Extension: (Google-Suche) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Google Mail) - C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
==================== Services (Whitelisted) =================
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
R2 NbfcService; C:\Program Files\NoteBook FanControl\NbfcService.exe [9728 2013-11-06] (Stefan Hirschmann - StagWare)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2013-09-04] (Intel(R) Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-10-22] (Lenovo)
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [26328 2013-07-23] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rig3avs; C:\Windows\System32\Drivers\rig3avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 rig3usb_svc; C:\Windows\System32\Drivers\rig3usb.sys [100200 2012-12-18] (Native Instruments GmbH)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 USB_Ethernet_Adaptor; C:\Windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-17] (Razer (Asia-Pacific) Pte Ltd)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files\NoteBook FanControl\NbfcService.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-21 11:04 - 2014-03-21 11:04 - 00020272 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-21 11:02 - 2014-03-21 11:02 - 00000617 _____ () C:\Users\Lu\Desktop\JRT.txt
2014-03-21 10:59 - 2014-03-21 10:59 - 00000000 ____D () C:\windows\ERUNT
2014-03-21 10:56 - 2014-03-21 10:57 - 00000000 ____D () C:\AdwCleaner
2014-03-21 10:56 - 2014-03-21 10:56 - 01950720 _____ () C:\Users\Lu\Desktop\adwcleaner.exe
2014-03-21 10:56 - 2014-03-21 10:56 - 01037734 _____ (Thisisu) C:\Users\Lu\Desktop\JRT.exe
2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-21 09:48 - 2014-03-21 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-21 09:47 - 2014-03-21 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 09:47 - 2014-03-21 09:47 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-21 09:47 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 09:45 - 2014-03-21 10:02 - 00000000 ____D () C:\Users\Lu\Desktop\mbar
2014-03-21 09:45 - 2014-03-21 09:45 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-21 09:44 - 2014-03-21 09:45 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lu\Desktop\mbar-1.07.0.1009.exe
2014-03-21 09:38 - 2014-03-21 09:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 17:54 - 2014-03-21 11:04 - 00000000 ____D () C:\FRST
2014-03-20 17:32 - 2014-03-20 17:33 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:07 - 2014-03-21 10:32 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-21 10:32 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-18 22:05 - 2014-03-21 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-12 18:13 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-03-12 18:13 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 02474736 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2014-03-12 17:50 - 2013-09-12 13:39 - 00279024 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 07586288 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00844784 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00771056 _____ (Intel Corporation) C:\windows\system32\hkcmd.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00769520 _____ (Intel Corporation) C:\windows\system32\igfxpers.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00754672 _____ (Intel Corporation) C:\windows\system32\GfxUIHotKeyMenu.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00530416 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00396272 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00393712 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00391152 _____ (Intel Corporation) C:\windows\system32\igfxtray.exe
2014-03-12 17:50 - 2013-09-12 13:38 - 00153072 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2014-03-12 17:50 - 2013-09-10 01:37 - 00002948 _____ () C:\windows\system32\iglhxs64.vp
2014-03-12 17:50 - 2013-09-10 01:35 - 13139968 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 11373056 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 07908352 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 06296576 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 04170752 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2014-03-12 17:50 - 2013-09-10 01:35 - 04067328 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 02384896 _____ () C:\windows\system32\GfxRes.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00548864 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00527360 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526848 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00526336 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525824 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00525312 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrsve.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524800 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00524288 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00523776 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00522240 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00521728 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00517120 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00516096 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513536 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00513024 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00492032 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00371200 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2014-03-12 17:50 - 2013-09-10 01:35 - 00365568 _____ () C:\windows\system32\igdmd64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00345600 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00303104 _____ () C:\windows\SysWOW64\igdmd32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00279040 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2014-03-12 17:50 - 2013-09-10 01:35 - 00265385 _____ () C:\windows\system32\Gfxres.th-TH.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00251862 _____ () C:\windows\system32\Gfxres.el-GR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00243712 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00233588 _____ () C:\windows\system32\Gfxres.ru-RU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00220672 _____ () C:\windows\system32\igdde64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00199481 _____ () C:\windows\system32\Gfxres.ar-SA.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00197044 _____ () C:\windows\system32\Gfxres.ja-JP.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00194048 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00191088 _____ () C:\windows\system32\Gfxres.he-IL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00180736 _____ () C:\windows\SysWOW64\igdde32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00179353 _____ () C:\windows\system32\Gfxres.ko-KR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00179230 _____ () C:\windows\system32\Gfxres.it-IT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176940 _____ () C:\windows\system32\Gfxres.es-ES.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176666 _____ () C:\windows\system32\Gfxres.fr-FR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00176638 _____ () C:\windows\system32\Gfxres.de-DE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00175259 _____ () C:\windows\system32\Gfxres.ro-RO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00174244 _____ () C:\windows\system32\Gfxres.hu-HU.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173953 _____ () C:\windows\system32\Gfxres.tr-TR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173813 _____ () C:\windows\system32\Gfxres.pl-PL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00173495 _____ () C:\windows\system32\Gfxres.nl-NL.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172750 _____ () C:\windows\system32\Gfxres.pt-BR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00172041 _____ () C:\windows\system32\Gfxres.fi-FI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171709 _____ () C:\windows\system32\Gfxres.sk-SK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171547 _____ () C:\windows\system32\Gfxres.sv-SE.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00171310 _____ () C:\windows\system32\Gfxres.pt-PT.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170996 _____ () C:\windows\system32\Gfxres.cs-CZ.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00170175 _____ () C:\windows\system32\Gfxres.hr-HR.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00166672 _____ () C:\windows\system32\Gfxres.sl-SI.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00165374 _____ () C:\windows\system32\Gfxres.nb-NO.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00164698 _____ () C:\windows\system32\Gfxres.da-DK.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00160256 _____ () C:\windows\system32\igdail64.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00159947 _____ () C:\windows\system32\Gfxres.en-US.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00153249 _____ () C:\windows\system32\Gfxres.zh-TW.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00151473 _____ () C:\windows\system32\Gfxres.zh-CN.resources
2014-03-12 17:50 - 2013-09-10 01:35 - 00142848 _____ () C:\windows\SysWOW64\igdail32.dll
2014-03-12 17:50 - 2013-09-10 01:35 - 00012288 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2014-03-12 17:50 - 2013-09-10 01:34 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 25982976 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 03279872 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00329216 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2014-03-12 17:50 - 2013-09-10 01:29 - 00304640 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 20943872 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 02962432 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2014-03-12 17:50 - 2013-09-10 01:27 - 00253440 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-03-12 17:50 - 2013-09-10 01:20 - 03509760 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 04009632 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 02064896 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01814016 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 01423008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00650400 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00631456 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00598688 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00344224 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00207008 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00176288 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00151552 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00143360 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00129024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00122880 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00121504 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2014-03-12 17:50 - 2013-09-04 03:45 - 00093344 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 09:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 09:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 09:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 09:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 09:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 09:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 09:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 09:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 09:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 09:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 09:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 09:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 09:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-03-12 09:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-03-12 09:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-03-12 09:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-03-12 09:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-03-12 09:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-03-12 09:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll
2014-03-12 09:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-03-12 09:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-03-12 09:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2014-03-12 09:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-03-12 09:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2014-03-12 09:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-03-12 09:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2014-03-12 09:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll
2014-03-12 09:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll
2014-03-12 09:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-03-12 09:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2014-03-12 09:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-03-12 09:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE
2014-03-12 09:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-03-12 09:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2014-03-12 09:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-03-12 09:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-03-12 09:09 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2014-03-12 09:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 09:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-03-12 09:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll
2014-03-12 09:08 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 09:08 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 09:08 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 09:08 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-03-12 09:08 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2014-03-12 09:08 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-12 00:53 - 2014-03-12 00:56 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:24 - 2014-03-11 20:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:23 - 2014-03-11 20:24 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:55 - 2013-08-29 11:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-03-10 18:55 - 2013-08-29 11:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-03-10 18:55 - 2013-08-29 11:42 - 00034544 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys
2014-03-10 18:55 - 2013-04-16 18:33 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 12:58 - 2014-03-21 10:33 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 16:08 - 2014-03-21 07:31 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-02-22 23:26 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-02-22 23:26 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-02-22 23:26 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-02-22 23:26 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-02-22 23:26 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-02-22 23:26 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-02-22 23:26 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-02-22 23:26 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-02-22 23:26 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-02-22 23:26 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2014-02-22 23:26 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-02-22 23:26 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-02-22 23:26 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-02-22 23:26 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll
2014-02-22 23:26 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-02-22 23:26 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-02-22 23:26 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2014-02-22 23:26 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll
2014-02-22 23:26 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2014-02-22 23:26 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2014-02-22 23:26 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll
2014-02-22 23:26 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-02-22 23:26 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-02-22 23:26 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe
2014-02-22 23:26 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll
2014-02-22 23:26 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll
2014-02-22 23:26 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-02-22 23:26 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-02-20 18:25 - 2014-02-21 19:57 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
2014-02-20 14:10 - 2014-03-21 07:25 - 00000000 ____D () C:\Program Files\Oracle
2014-02-20 14:10 - 2014-03-19 16:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-02-20 14:10 - 2013-12-18 17:19 - 00252688 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2014-02-20 14:10 - 2013-12-18 17:16 - 00126736 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
==================== One Month Modified Files and Folders =======
2014-03-21 11:04 - 2014-03-21 11:04 - 00020272 _____ () C:\Users\Lu\Desktop\FRST.txt
2014-03-21 11:04 - 2014-03-20 17:54 - 00000000 ____D () C:\FRST
2014-03-21 11:03 - 2013-10-22 03:55 - 00768742 _____ () C:\windows\system32\perfh007.dat
2014-03-21 11:03 - 2013-10-22 03:55 - 00163660 _____ () C:\windows\system32\perfc007.dat
2014-03-21 11:03 - 2013-08-28 09:36 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-21 11:02 - 2014-03-21 11:02 - 00000617 _____ () C:\Users\Lu\Desktop\JRT.txt
2014-03-21 11:01 - 2013-11-24 21:11 - 00000000 ____D () C:\Users\Lu\AppData\Local\CrashDumps
2014-03-21 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2014-03-21 10:59 - 2014-03-21 10:59 - 00000000 ____D () C:\windows\ERUNT
2014-03-21 10:58 - 2013-11-25 20:03 - 00000554 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-03-21 10:58 - 2013-11-24 20:38 - 00000000 ___RD () C:\Users\Lu\SkyDrive
2014-03-21 10:58 - 2013-11-24 20:01 - 00000000 ____D () C:\Program Files\NoteBook FanControl
2014-03-21 10:58 - 2013-10-22 03:03 - 00050572 _____ () C:\windows\setupact.log
2014-03-21 10:58 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-21 10:57 - 2014-03-21 10:56 - 00000000 ____D () C:\AdwCleaner
2014-03-21 10:57 - 2013-08-22 14:25 - 00786432 ___SH () C:\windows\system32\config\BBI
2014-03-21 10:56 - 2014-03-21 10:56 - 01950720 _____ () C:\Users\Lu\Desktop\adwcleaner.exe
2014-03-21 10:56 - 2014-03-21 10:56 - 01037734 _____ (Thisisu) C:\Users\Lu\Desktop\JRT.exe
2014-03-21 10:55 - 2013-10-22 03:13 - 01197435 _____ () C:\windows\WindowsUpdate.log
2014-03-21 10:33 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Picture2avi
2014-03-21 10:33 - 2013-11-24 19:09 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526281771-1473308361-996666171-1001
2014-03-21 10:32 - 2014-03-20 17:07 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-03-21 10:32 - 2014-03-20 17:02 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-03-21 10:22 - 2013-08-28 09:34 - 00010152 _____ () C:\windows\PFRO.log
2014-03-21 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2014-03-21 10:22 - 2013-08-22 15:44 - 00730704 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-21 10:15 - 2013-11-29 10:44 - 01992704 ___SH () C:\Users\Lu\Desktop\Thumbs.db
2014-03-21 10:02 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 10:02 - 2014-03-21 09:45 - 00000000 ____D () C:\Users\Lu\Desktop\mbar
2014-03-21 09:55 - 2014-03-21 09:55 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-21 09:55 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 09:48 - 2014-03-21 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-21 09:47 - 2014-03-21 09:47 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-21 09:47 - 2014-03-21 09:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 09:45 - 2014-03-21 09:45 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-21 09:45 - 2014-03-21 09:44 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lu\Desktop\mbar-1.07.0.1009.exe
2014-03-21 09:38 - 2014-03-21 09:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-21 09:14 - 2013-11-30 17:24 - 00000000 ____D () C:\Program Files (x86)\Games
2014-03-21 09:13 - 2014-03-18 22:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-21 09:13 - 2013-11-30 23:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-21 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-21 09:12 - 2013-08-22 20:12 - 00000000 ____D () C:\windows\ShellNew
2014-03-21 08:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\tracing
2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-21 07:57 - 2013-11-25 16:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-21 07:34 - 2013-11-24 19:01 - 00000000 ____D () C:\Users\Lu\AppData\Local\Packages
2014-03-21 07:31 - 2014-02-25 16:08 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\uTorrent
2014-03-21 07:30 - 2013-11-24 20:00 - 00000000 ____D () C:\Program Files (x86)\Utilities
2014-03-21 07:26 - 2013-11-24 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-21 07:25 - 2014-02-20 14:10 - 00000000 ____D () C:\Program Files\Oracle
2014-03-20 22:38 - 2014-03-20 22:38 - 00380416 _____ () C:\Users\Lu\Desktop\Gmer-19357.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00050477 _____ () C:\Users\Lu\Desktop\Defogger.exe
2014-03-20 22:38 - 2014-03-20 22:38 - 00000000 _____ () C:\Users\Lu\defogger_reenable
2014-03-20 22:38 - 2013-11-24 19:00 - 00000000 ____D () C:\Users\Lu
2014-03-20 17:33 - 2014-03-20 17:32 - 02157056 _____ (Farbar) C:\Users\Lu\Desktop\FRST64.exe
2014-03-20 17:10 - 2014-03-20 17:10 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\TrojanHunter
2014-03-20 17:07 - 2014-03-20 17:07 - 00059392 ____R () C:\windows\SysWOW64\streamhlp.dll
2014-03-20 17:03 - 2014-03-20 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-20 17:02 - 2014-03-20 17:02 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-03-20 16:10 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 18:23 - 2014-03-19 18:23 - 00000269 _____ () C:\Users\Lu\Desktop\new 2.txt
2014-03-19 16:10 - 2014-02-20 14:10 - 00000000 ____D () C:\Users\Lu\.VirtualBox
2014-03-18 22:56 - 2013-11-24 19:26 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\MediaMonkey
2014-03-18 17:39 - 2013-11-24 20:47 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 17:38 - 2013-11-24 20:47 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2014-03-17 01:47 - 2013-11-26 20:36 - 00000000 ____D () C:\Users\Lu\Documents\MATLAB
2014-03-16 19:26 - 2013-11-24 19:29 - 00000000 ____D () C:\Users\Lu\AppData\Local\Paint.NET
2014-03-12 19:01 - 2013-11-24 22:55 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\vlc
2014-03-12 17:59 - 2014-02-18 08:19 - 00000009 _____ () C:\Users\Lu\Desktop\music.txt
2014-03-12 17:53 - 2013-10-22 03:17 - 00016136 _____ () C:\windows\system32\results.xml
2014-03-12 17:51 - 2013-10-22 03:09 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 09:28 - 2014-03-12 09:28 - 00000009 _____ () C:\playlist.m3u
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\DVDVideoSoft
2014-03-12 09:12 - 2014-03-12 09:12 - 00000000 ____D () C:\Program Files (x86)\Audio Converter
2014-03-12 00:56 - 2014-03-12 00:53 - 150756160 _____ (Intel Corporation) C:\Users\Lu\Downloads\intel gpu.exe
2014-03-12 00:51 - 2013-12-20 18:42 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-03-12 00:50 - 2014-03-12 00:50 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\SystemRequirementsLab
2014-03-11 20:26 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\HandBrake
2014-03-11 20:24 - 2014-03-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Handbrake
2014-03-11 20:23 - 2014-03-11 20:23 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-03-11 19:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-03-10 20:37 - 2014-03-10 20:37 - 00000000 ____D () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
2014-03-10 19:45 - 2014-02-17 16:29 - 00005106 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LUSOYO-Luca lusoyo
2014-03-10 19:23 - 2013-10-22 03:16 - 00001348 _____ () C:\windows\Synaptics.log
2014-03-10 19:23 - 2013-10-22 03:04 - 00093112 _____ () C:\windows\DPINST.LOG
2014-03-10 18:59 - 2014-03-10 18:59 - 00002990 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 18:59 - 2014-03-10 18:59 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-10 18:52 - 2014-02-03 01:02 - 00001034 _____ () C:\windows\SynInst.log
2014-03-10 18:52 - 2014-02-03 01:02 - 00000000 ____D () C:\ProgramData\Synaptics
2014-03-10 07:04 - 2013-11-25 22:47 - 00000000 ____D () C:\windows\Minidump
2014-03-10 07:04 - 2013-11-25 02:53 - 00152128 ____N () C:\windows\Minidump\031014-5078-01.dmp
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\Users\Lu\Documents\PassMark
2014-03-09 16:29 - 2014-03-09 16:29 - 00000000 ____D () C:\ProgramData\PassMark
2014-03-09 12:58 - 2014-03-09 12:58 - 00000057 _____ () C:\windows\Picture2avi.ini
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\easytornado.com
2014-03-09 12:58 - 2014-03-09 12:58 - 00000000 ____D () C:\Users\Lu\AppData\Local\Anton_Small
2014-03-09 12:19 - 2013-11-25 02:53 - 00159182 ____N () C:\windows\Minidump\030914-5203-01.dmp
2014-03-09 00:54 - 2014-03-09 00:54 - 00000000 ____D () C:\ProgramData\Steam
2014-03-09 00:54 - 2013-11-30 18:21 - 00000000 ____D () C:\Users\Lu\Documents\My Games
2014-03-06 21:25 - 2013-11-25 02:53 - 00154360 ____N () C:\windows\Minidump\030614-4875-01.dmp
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 21:00 - 2013-11-25 02:53 - 00157534 ____N () C:\windows\Minidump\030414-5750-01.dmp
2014-03-01 07:05 - 2014-03-12 09:10 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 09:10 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 09:10 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 09:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 09:10 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 09:10 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 09:10 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 09:10 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 09:10 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 09:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 09:10 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 09:10 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 09:10 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 09:10 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 09:10 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 09:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports
2014-02-26 17:24 - 2014-02-26 17:24 - 00000000 ____D () C:\Users\Lu\New folder
2014-02-26 08:00 - 2013-11-25 02:53 - 00160004 ____N () C:\windows\Minidump\022614-7312-01.dmp
2014-02-25 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2014-02-25 16:20 - 2014-02-25 16:20 - 00000000 ____D () C:\Users\Lu\Downloads\TouchPad_Synaptics_v17.0.6.13_W81x64_A
2014-02-25 15:22 - 2013-11-24 19:01 - 00000000 ___RD () C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-25 15:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
2014-02-23 18:04 - 2013-10-22 03:28 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-02-23 18:04 - 2013-10-22 03:27 - 00000000 ____D () C:\Program Files\Lenovo
2014-02-22 13:46 - 2013-11-24 20:29 - 00001787 _____ () C:\Users\Lu\Desktop\timetable.lnk
2014-02-22 13:16 - 2014-03-12 18:13 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-02-22 12:24 - 2014-03-12 18:13 - 00124416 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-02-21 19:57 - 2014-02-20 18:25 - 00000000 ____D () C:\Users\Lu\VirtualBox VMs
Some content of TEMP:
====================
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\Quarantine.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 09:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 13:24
==================== End Of Log ============================
|
|
21.03.2014, 11:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe
C:\ProgramData\47BKPRZz.exe
C:\Program Files\KMSpico
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\Quarantine.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2014, 12:01
| #11 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? hier: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Luca at 2014-03-21 11:52:41 Run:1
Running from C:\Users\Lu\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\...\Run: [47BKPRZz] - C:\ProgramData\47BKPRZz.exe
C:\ProgramData\47BKPRZz.exe
C:\Program Files\KMSpico
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\Quarantine.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
*****************
HKU\S-1-5-21-3526281771-1473308361-996666171-1001\Software\Microsoft\Windows\CurrentVersion\Run\\47BKPRZz => Value deleted successfully.
"C:\ProgramData\47BKPRZz.exe" => File/Directory not found.
"C:\Program Files\KMSpico" => File/Directory not found.
C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll => Moved successfully.
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll => Moved successfully.
C:\Users\Lu\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Lu\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll => Moved successfully.
==== End of Fixlog ====
|
|
21.03.2014, 12:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2014, 14:35
| #13 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Malwarebytes hat nichts gefunden. ESET läuft gerade noch. Ich hab noch ein paar Fragen: 1. Haben wir etwas gefunden und entfernt, oder war ich die ganze Zeit nicht infisziert? 2. Kann ich das Zertifikat wieder aktivieren? 3. Besteht eine chance, dass etwas nicht entdeckt wurde? Edit: Die Laptopbatterie neigt sich zu Ende, werde denn scan heute Abend nochmals starten. Melde mich dann nochmals. |
|
21.03.2014, 14:49
| #14 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht?Zitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2014, 15:02
| #15 |
| | Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? Ich nehme an du meinst den Fixlog von Farbar. Die ursprüngliche Schadsoftware wirde dort ja nicht mehr gefunden. Code:
ATTFilter C:\Users\Lu\AppData\Local\Temp\bluecove_ce.dll
C:\Users\Lu\AppData\Local\Temp\intelbth_ce.dll
C:\Users\Lu\AppData\Local\Temp\ose00000.exe
C:\Users\Lu\AppData\Local\Temp\Quarantine.exe
C:\Users\Lu\AppData\Local\Temp\sK1x.jnidispatch.dll
Wenn du Lust und Zeit hast würde es mich sehr interessieren, welche Dateien welchen Schadcode beinhalten. Es ist mir jedoch klar dass das viel Zeit benötigt und du evt. keine Zeit dafür hast. Das Zertifikat ist vertrauenswürdig (Cisco verwendet dasselbe für den VPN Client), es wurde nur "missbraucht" vom Trojaner/Virsu (was war es eigentlich). Das es 100% Sicherheit nicht gibt ist mir klar, gibt es jedoch Erfahrungswerte deinerseits? gruss |
|
| Themen zu Windows 8.1: Hat sich der Trojaner komplett installiert oder nicht? |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, bonjour, browser, browser update, defender, device driver, downloader, dvdvideosoft ltd., e-mail, ebanking, excel, firefox, firefox 28.0, google, internet, kmspico, mozilla, object, outlook 2013, realtek, registry, rundll, scan, security, services.exe, software, stick, super, svchost.exe, trojaner, usb, virtualbox, virus, win64, windows, windowsapps |
Linear-Darstellung
