Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!


Plagegeister aller Art und deren Bekämpfung: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.05.2014, 18:51   #1
gesmo
 
BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Standard

BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!


Hallo,

ich habe mir offentsichtlich den BKA Torjaner eingefangen. Und zwar einer von der neueren Sorte, bei dem man nicht mehr in den abgesicherten Modus gelangt.
Ich konnte zwar den Autostart bereiningen und auf den Desktop gelangen. Daraufhin wollte ich über den abgesicherten Modus den Trojaner komplett löschen. Da ich aber natürlich nicht wusste, dass man in den nicht gelangt und ich den abgesicherten Modus mittels Häkchen im Task Manager für den nächsten Start starten wollte, hänge ich jetzt in einer Bootschleife. Aus der komme ich natürlich nur wieder raus, wenn ich im Task Manager das Häkchen entferne, wo ich aber auch nicht mehr hinkokmmen, da der Rechner ja immer im abgesicherten Modus startet.

Hoffe Ihr könnt mir helfen!!

Anbei die mittels Farbars erstellte Log.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by SYSTEM on MININT-SE3PHGC on 23-05-2014 19:20:14
Running from I:\
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-31] (Bitdefender)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ACPW07DE] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MagicRotation] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [MagicRotation Auto] => C:\Program Files\MagicRotation Auto\MagicRotation Auto.exe [954880 2012-09-20] (Samsung Electronics, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [RoccatKone+] => C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [557056 2013-09-13] (ROCCAT GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKU\hanla_000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\hanla_000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\hanla_000\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\hanla_000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\hanla_000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\hanla_000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Services (Whitelisted) =================

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-04-04] (Stardock Software, Inc)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-22] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-31] (Bitdefender)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A\org13h.dot [333556 2014-05-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
S3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)
S1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-10-02] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-10-02] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-10-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-27] (BitDefender SRL)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-23] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-02] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MagicianSataModeReader; C:\Program Files (x86)\Samsung SSD Magician\magdrvamd64.sys [13216 2013-11-28] ()
S1 MagicRotation; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-02] (Microsoft Corporation)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-02] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ____D () C:\FRST
2014-05-23 16:40 - 2014-05-23 16:40 - 00012288 _____ () C:\Windows\System32\umstartup.etl
2014-05-23 13:54 - 2014-05-23 14:00 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 13:49 - 2014-05-23 13:51 - 11732396 _____ () C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
2014-05-23 13:47 - 2014-05-23 13:54 - 00000000 ____D () C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
2014-05-23 13:37 - 2014-05-23 13:51 - 43111793 _____ () C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
2014-05-18 13:18 - 2014-05-18 13:38 - 60228493 _____ () C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
2014-05-18 12:34 - 2014-05-18 14:37 - 567457912 _____ () C:\Users\hanla_000\Desktop\3057174.flv
2014-05-18 11:46 - 2014-05-19 17:04 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 11:13 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\System32\ploptin.dll
2014-05-18 11:13 - 2014-04-18 15:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\System32\propsys.dll
2014-05-18 11:13 - 2014-04-18 14:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-05-18 11:13 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\energyprov.dll
2014-05-18 11:13 - 2014-04-18 10:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-05-18 11:13 - 2014-04-18 09:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-18 11:13 - 2014-04-18 09:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2014-05-18 11:13 - 2014-04-18 09:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2014-05-18 11:13 - 2014-04-18 09:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll
2014-05-18 11:13 - 2014-04-18 08:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-05-18 11:13 - 2014-04-18 08:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-05-18 11:13 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
2014-05-18 11:13 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-05-18 11:13 - 2014-04-11 07:13 - 01200128 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2014-05-18 11:13 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2014-05-18 11:13 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-05-18 11:13 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\System32\defragsvc.dll
2014-05-18 11:13 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2014-05-18 11:13 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2014-05-18 11:13 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-05-18 11:13 - 2014-04-09 05:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-18 11:13 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2014-05-18 11:13 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-05-18 11:13 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-05-18 11:13 - 2014-04-06 17:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-05-18 11:13 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\System32\dwmapi.dll
2014-05-18 11:13 - 2014-04-06 17:31 - 21268952 ____N (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-18 11:13 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\System32\MSVideoDSP.dll
2014-05-18 11:13 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2014-05-18 11:13 - 2014-04-06 17:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01401224 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2014-05-18 11:13 - 2014-04-06 17:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-05-18 11:13 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-05-18 11:13 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-05-18 11:13 - 2014-04-06 16:22 - 18755672 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-18 11:13 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-05-18 11:13 - 2014-04-06 16:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-05-18 11:13 - 2014-04-06 15:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-05-18 11:13 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2014-05-18 11:13 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2014-05-18 11:13 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\System32\MDEServer.exe
2014-05-18 11:13 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2014-05-18 11:13 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-05-18 11:13 - 2014-04-06 12:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-05-18 11:13 - 2014-04-06 12:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-05-18 11:13 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\BootMenuUX.dll
2014-05-18 11:13 - 2014-04-06 12:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2014-05-18 11:13 - 2014-04-06 12:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-05-18 11:13 - 2014-04-06 11:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2014-05-18 11:13 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2014-05-18 11:13 - 2014-04-06 11:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-05-18 11:13 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-05-18 11:13 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2014-05-18 11:13 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2014-05-18 11:13 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2014-05-18 11:13 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-05-18 11:13 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-05-18 11:13 - 2014-04-03 04:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-05-18 11:13 - 2014-04-03 03:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-05-18 11:13 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2014-05-18 11:13 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\System32\workfolderssvc.dll
2014-05-18 11:13 - 2014-04-03 03:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-05-18 11:13 - 2014-04-03 03:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-05-18 11:13 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-05-18 11:13 - 2014-04-03 03:22 - 03359744 ____N (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-05-18 11:13 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\tlscsp.dll
2014-05-18 11:13 - 2014-04-01 07:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2014-05-18 11:13 - 2014-03-31 06:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-18 11:13 - 2014-03-31 06:35 - 02518360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-05-18 11:13 - 2014-03-31 06:35 - 00428888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-05-18 11:13 - 2014-03-31 01:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-05-18 11:13 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\WorkFoldersShell.dll
2014-05-18 11:13 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\System32\WorkfoldersControl.dll
2014-05-18 11:13 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2014-05-18 11:13 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll
2014-05-18 11:13 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-05-18 11:13 - 2014-03-30 23:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-05-18 11:13 - 2014-03-30 22:47 - 00872448 ____N (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-05-18 11:13 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2014-05-18 11:13 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2014-05-18 11:13 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\resutils.dll
2014-05-18 11:13 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2014-05-18 11:13 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-05-18 11:13 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-05-18 11:13 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2014-05-18 11:13 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\swprv.dll
2014-05-18 11:13 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2014-05-18 11:13 - 2014-03-24 23:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2014-05-18 11:13 - 2014-03-21 05:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\System32\tscfgwmi.dll
2014-05-18 11:13 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
2014-05-18 11:13 - 2014-03-20 01:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2014-05-18 11:13 - 2014-03-20 01:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-05-18 11:13 - 2014-03-20 00:38 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-05-18 11:13 - 2014-03-20 00:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-18 11:13 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2014-05-18 11:13 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2014-05-18 11:13 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-05-18 11:13 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-05-18 11:13 - 2014-03-19 07:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-05-18 11:13 - 2014-03-19 06:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-18 11:13 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2014-05-18 11:13 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2014-05-18 11:13 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2014-05-18 11:13 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2014-05-18 11:13 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-05-18 11:13 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-05-18 11:13 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlowUI.dll
2014-05-18 11:13 - 2014-03-19 05:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2014-05-18 11:13 - 2014-03-18 09:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2014-05-18 11:13 - 2014-03-18 09:18 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xusb22.sys
2014-05-18 11:13 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2014-05-18 11:13 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-05-18 11:13 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2014-05-18 11:13 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-05-18 11:13 - 2014-03-17 04:01 - 00486912 ____N (Microsoft Corporation) C:\Windows\System32\winspool.drv
2014-05-18 11:13 - 2014-03-17 03:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-05-18 11:13 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-05-18 11:13 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\System32\GeofenceMonitorService.dll
2014-05-18 11:13 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-05-18 11:13 - 2014-03-06 13:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-05-18 11:12 - 2014-05-18 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-17 17:31 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-17 17:31 - 2008-10-20 08:34 - 00521552 ____N (ComponentOne LLC) C:\Windows\SysWOW64\VSRpt8.ocx
2014-05-17 17:31 - 2008-10-20 08:34 - 00451880 ____N (ComponentOne) C:\Windows\SysWOW64\VSPrint8.ocx
2014-05-17 17:31 - 2008-10-20 08:34 - 00222504 ____N (ComponentOne) C:\Windows\SysWOW64\VSVPort8.ocx
2014-05-17 17:31 - 2008-10-20 08:07 - 00623920 ____N (ComponentOne) C:\Windows\SysWOW64\VSFlex8.ocx
2014-05-17 17:31 - 2008-01-16 12:55 - 00349504 _____ (ComponentOne LLC) C:\Windows\SysWOW64\titime8.ocx
2014-05-17 17:31 - 2006-10-20 12:35 - 00064512 _____ () C:\Windows\SysWOW64\shdocvw.oca
2014-05-17 17:31 - 2004-07-27 15:22 - 00856064 _____ (AppForge, Inc.) C:\Windows\SysWOW64\afCore.dll
2014-05-17 17:31 - 2004-07-27 15:20 - 00081920 _____ (AppForge, Inc.) C:\Windows\SysWOW64\pCOM.dll
2014-05-17 17:31 - 2003-09-12 19:19 - 00548864 _____ (ComponentOne LLC) C:\Windows\SysWOW64\tibase8.dll
2014-05-17 17:31 - 2003-09-12 18:00 - 00131072 ____N (ComponentOne LLC) C:\Windows\SysWOW64\tishare8.dll
2014-05-17 17:31 - 2002-07-31 16:36 - 00094208 ____N (ST-software) C:\Windows\SysWOW64\STrainbowbar.ocx
2014-05-17 17:31 - 2001-04-07 15:24 - 00044544 ____N () C:\Windows\SysWOW64\Gif89.dll
2014-05-17 17:31 - 2000-12-06 05:00 - 00262328 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSDATGRD.OCX
2014-05-17 17:31 - 2000-12-06 05:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2014-05-17 17:31 - 2000-10-02 05:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-05-17 17:31 - 2000-05-22 05:00 - 00647872 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00232640 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSDATLST.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00140488 ____N (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00118976 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSADODC.OCX
2014-05-17 17:31 - 2000-05-22 05:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.ocx
2014-05-17 17:31 - 2000-05-11 05:00 - 00397312 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSRDO20.DLL
2014-05-17 17:31 - 2000-05-11 05:00 - 00077824 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSBIND.DLL
2014-05-17 17:31 - 2000-03-14 05:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RDOCURS.DLL
2014-05-17 17:31 - 2000-03-14 05:00 - 00118784 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-05-17 17:31 - 1998-11-25 21:25 - 00018944 _____ ( ) C:\Windows\SysWOW64\implode.dll
2014-05-17 17:31 - 1998-10-30 05:02 - 00901120 _____ (Three |D| Graphics, Inc.) C:\Windows\SysWOW64\sscsdk32.dll
2014-05-17 17:31 - 1998-07-06 05:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RDO20DE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DATLSDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DATGDDE.DLL
2014-05-17 17:31 - 1998-07-06 05:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ADODCDE.DLL
2014-05-17 17:31 - 1998-06-18 05:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-05-17 17:31 - 1998-05-29 01:49 - 00026624 ____N (Seagate Software, Inc.) C:\Windows\SysWOW64\CDO32.dll
2014-05-17 17:29 - 2014-05-22 14:11 - 00006544 _____ () C:\Windows\AutoKMS.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000346 _____ () C:\Windows\PFRO.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setupact.log
2014-05-17 12:56 - 2014-05-23 13:49 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-17 12:46 - 2014-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-17 12:46 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 12:46 - 2012-08-21 12:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2014-05-16 17:00 - 2014-05-16 17:42 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 19:04 - 2014-05-15 19:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-14 15:44 - 2014-03-24 03:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2014-05-14 15:44 - 2014-03-24 03:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2014-05-14 15:44 - 2014-03-24 03:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2014-05-14 15:44 - 2014-03-13 08:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\wusa.exe
2014-05-14 15:44 - 2014-03-13 07:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-14 15:43 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-14 15:43 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 15:43 - 2014-05-06 04:00 - 00084992 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-14 15:43 - 2014-05-06 03:10 - 00069632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 15:43 - 2014-04-11 11:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2014-05-14 15:43 - 2014-04-11 11:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-05-14 15:43 - 2014-04-11 09:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-14 15:43 - 2014-04-11 07:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-05-14 15:43 - 2014-04-11 06:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-05-14 15:43 - 2014-04-11 06:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-14 15:43 - 2014-04-11 04:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2014-05-14 15:43 - 2014-04-11 04:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-14 15:43 - 2014-04-11 04:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 15:43 - 2014-04-11 04:05 - 00123904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-14 15:43 - 2014-04-11 04:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 15:43 - 2014-04-11 04:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-05-14 15:43 - 2014-04-11 04:01 - 00137728 ____N (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-05-14 15:43 - 2014-04-11 04:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-14 15:43 - 2014-04-11 03:59 - 00666624 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-14 15:43 - 2014-04-11 03:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2014-05-14 15:43 - 2014-04-11 03:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-05-14 15:43 - 2014-04-11 03:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-05-14 15:43 - 2014-04-11 03:53 - 00827392 ____N (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-05-14 15:43 - 2014-04-11 03:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-05-14 15:43 - 2014-04-11 03:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-05-14 15:43 - 2014-04-11 03:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-14 15:43 - 2014-04-11 03:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-14 15:43 - 2014-04-11 03:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\System32\twinui.appcore.dll
2014-05-14 15:43 - 2014-04-11 03:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-05-14 15:43 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\System32\mrt_map.dll
2014-05-14 15:43 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\System32\mrt100.dll
2014-05-14 15:43 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-14 15:43 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-09 17:00 - 2014-05-18 11:21 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-07 15:47 - 2014-05-07 15:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 15:39 - 2014-05-07 15:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-26 21:31 - 2014-04-26 21:32 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 16:40 - 2014-04-25 16:40 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 16:13 - 2014-04-25 16:13 - 00003826 ____N () C:\Windows\System32\Tasks\Security Center Update - 4185919329
2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 14:36 - 2014-03-26 22:40 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-25 14:34 - 2014-03-27 13:45 - 31270856 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 25257416 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 23785416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 17467048 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 15964736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 13158232 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-04-25 14:34 - 2014-03-27 13:45 - 11644392 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 11598560 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 09697128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 03139928 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02949976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02785056 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 02413344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 01890080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433750.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 01539416 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433750.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00894752 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00891168 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00864600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00859592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00836544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00166568 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-04-25 14:34 - 2014-03-27 13:45 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-25 14:34 - 2014-03-21 20:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2014-04-25 14:34 - 2014-03-21 20:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-25 14:29 - 2014-04-25 14:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 13:49 - 2014-04-25 13:49 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-04-25 13:45 - 2014-04-25 13:45 - 00000000 ____D () C:\Users\hanla_000\Intel

==================== One Month Modified Files and Folders =======

2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ____D () C:\FRST
2014-05-23 16:40 - 2014-05-23 16:40 - 00012288 _____ () C:\Windows\System32\umstartup.etl
2014-05-23 15:12 - 2013-12-02 19:01 - 01980780 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 15:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 15:12 - 2013-04-27 10:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 15:06 - 2013-11-24 19:13 - 00000000 ____D () C:\Windows\pss
2014-05-23 15:06 - 2012-12-28 20:08 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-05-23 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2014-05-23 14:53 - 2013-08-14 11:21 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-05-23 14:53 - 2012-12-28 21:21 - 00000000 _____ () C:\Windows\Path.idx
2014-05-23 14:48 - 2013-07-31 17:45 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-23 14:48 - 2012-12-28 21:16 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-05-23 14:47 - 2013-09-30 05:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-23 14:47 - 2012-12-28 20:38 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\vlc
2014-05-23 14:47 - 2012-12-28 20:24 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Winamp
2014-05-23 14:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2014-05-23 14:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-05-23 14:00 - 2014-05-23 13:54 - 00003337 _____ () C:\ProgramData\RUNDLL32.EXE-5756-F.txt
2014-05-23 13:54 - 2014-05-23 13:47 - 00000000 ____D () C:\ProgramData\D6B6D2D9664FEEAB7F4B86CD50B7940A
2014-05-23 13:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-05-23 13:51 - 2014-05-23 13:49 - 11732396 _____ () C:\Users\hanla_000\Desktop\daniela-1321-SD.mp4.rdzvcph.partial
2014-05-23 13:51 - 2014-05-23 13:37 - 43111793 _____ () C:\Users\hanla_000\Desktop\0028AS.rar.73w7sjn.partial
2014-05-23 13:49 - 2014-05-17 12:56 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\77B7FFD3-307F-4D31-B5D7-373B34EAF54F.aplzod
2014-05-23 13:18 - 2012-12-28 17:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-719912548-1546492267-3311168217-1001
2014-05-23 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-22 14:18 - 2013-09-30 05:14 - 01780340 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-22 14:18 - 2013-09-30 04:58 - 00765378 _____ () C:\Windows\System32\perfh007.dat
2014-05-22 14:18 - 2013-09-30 04:58 - 00159696 _____ () C:\Windows\System32\perfc007.dat
2014-05-22 14:11 - 2014-05-17 17:29 - 00006544 _____ () C:\Windows\AutoKMS.log
2014-05-22 14:11 - 2013-01-01 23:03 - 00003494 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-21 22:11 - 2014-01-09 22:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-05-21 18:26 - 2012-12-28 21:21 - 00003039 _____ () C:\Windows\MB.idx
2014-05-21 15:28 - 2012-12-30 14:13 - 00000000 ____D () C:\ProgramData\Origin
2014-05-21 15:27 - 2013-09-26 17:19 - 00000000 ____D () C:\Users\hanla_000\Desktop\ebay
2014-05-19 17:04 - 2014-05-18 11:46 - 00119296 ___SH () C:\Users\hanla_000\Desktop\Thumbs.db
2014-05-18 19:37 - 2013-12-02 19:23 - 00000000 ____D () C:\users\hanla_000
2014-05-18 19:35 - 2012-12-30 01:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Apple Computer
2014-05-18 15:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-05-18 14:37 - 2014-05-18 12:34 - 567457912 _____ () C:\Users\hanla_000\Desktop\3057174.flv
2014-05-18 13:38 - 2014-05-18 13:18 - 60228493 _____ () C:\Users\hanla_000\Desktop\1138224_Sexy_blond_whore_sucks_cock.flv
2014-05-18 11:21 - 2014-05-09 17:00 - 00000000 ____D () C:\Program Files (x86)\MKVToolNix
2014-05-18 11:21 - 2014-03-01 11:33 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-18 11:21 - 2013-12-23 18:05 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-18 11:21 - 2013-08-21 19:23 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-05-18 11:21 - 2013-05-24 11:57 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-05-18 11:21 - 2013-04-05 16:30 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-05-18 11:21 - 2012-12-30 00:41 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-05-18 11:21 - 2012-12-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Movies2iPhone
2014-05-18 11:21 - 2012-12-29 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-18 11:20 - 2014-05-17 17:31 - 00000000 ____D () C:\Program Files (x86)\Crewlog
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-18 11:20 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-18 11:20 - 2013-12-02 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-18 11:20 - 2013-09-30 05:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\setup
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\Com
2014-05-18 11:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\Sysprep
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\oobe
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2014-05-18 11:20 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing
2014-05-18 11:20 - 2013-04-20 21:23 - 00000000 ____D () C:\Program Files\Recuva
2014-05-18 11:20 - 2013-01-01 23:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-05-18 11:20 - 2012-12-30 19:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-18 11:20 - 2012-12-30 01:15 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-05-18 11:20 - 2012-12-29 19:31 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Wise Registry Cleaner
2014-05-18 11:20 - 2012-12-29 19:17 - 00000000 ____D () C:\ProgramData\pdf995
2014-05-18 11:20 - 2012-12-29 18:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 11:20 - 2012-12-28 21:13 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-05-18 11:20 - 2012-12-28 20:04 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-18 11:20 - 2012-12-28 17:24 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-18 11:14 - 2013-08-22 15:44 - 00496880 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-18 11:12 - 2014-05-18 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-17 17:28 - 2014-05-17 17:28 - 00000346 _____ () C:\Windows\PFRO.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 17:28 - 2014-05-17 17:28 - 00000000 _____ () C:\Windows\setupact.log
2014-05-17 12:56 - 2012-12-30 01:27 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Apple Computer
2014-05-17 12:46 - 2014-05-17 12:46 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 12:46 - 2012-12-30 01:27 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 17:42 - 2014-05-16 17:00 - 126399323 _____ () C:\Users\hanla_000\Desktop\Squirting_Over_The_Bedsheets.avi
2014-05-15 19:04 - 2014-05-15 19:04 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 19:04 - 2014-01-09 18:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 19:04 - 2014-01-09 18:45 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 19:04 - 2013-07-31 17:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 19:04 - 2013-07-31 17:43 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\SecureBootUpdates
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 18:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 16:03 - 2013-01-01 18:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 16:02 - 2013-07-19 13:52 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-14 16:01 - 2012-12-28 17:13 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-13 19:13 - 2013-04-27 10:02 - 00003772 ____N () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 17:01 - 2014-03-03 20:46 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\mkvtoolnix
2014-05-07 16:12 - 2012-12-28 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-07 15:47 - 2014-05-07 15:47 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Microsoft Game Studios
2014-05-07 15:39 - 2014-05-07 15:39 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-06 05:40 - 2014-05-14 15:43 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-06 04:25 - 2014-05-14 15:43 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 04:00 - 2014-05-14 15:43 - 00084992 ____N (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-06 03:10 - 2014-05-14 15:43 - 00069632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 10:23 - 2014-05-02 10:23 - 02724864 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-01 21:30 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 21:30 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 15:26 - 2012-12-28 18:26 - 00000145 _____ () C:\Users\hanla_000\Desktop\Passes.txt
2014-04-26 21:32 - 2014-04-26 21:31 - 00000000 ____D () C:\Users\hanla_000\Desktop\bun
2014-04-25 16:40 - 2014-04-25 16:40 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_P8Z77-V.alu
2014-04-25 16:13 - 2014-04-25 16:13 - 00003826 ____N () C:\Windows\System32\Tasks\Security Center Update - 4185919329
2014-04-25 16:13 - 2014-04-25 16:13 - 00000000 ____D () C:\Users\hanla_000\AppData\Roaming\Kuqybobi
2014-04-25 14:36 - 2013-12-02 19:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-25 14:36 - 2013-12-02 19:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-25 14:29 - 2014-04-25 14:29 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-04-25 14:09 - 2013-01-16 11:45 - 04700560 _____ () C:\Windows\PE_File.dll
2014-04-25 13:50 - 2012-12-28 20:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-25 13:49 - 2014-04-25 13:49 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-04-25 13:46 - 2012-12-28 20:46 - 00000000 ____D () C:\ProgramData\Intel
2014-04-25 13:46 - 2012-12-28 20:46 - 00000000 ____D () C:\Program Files\Intel
2014-04-25 13:45 - 2014-04-25 13:45 - 00000000 ____D () C:\Users\hanla_000\Intel
2014-04-24 13:47 - 2014-02-26 16:48 - 00000000 ____D () C:\Users\hanla_000\AppData\Local\Ajdvworks

Files to move or delete:
====================
C:\Users\hanla_000\6097397.dll


Some content of TEMP:
====================
C:\Users\hanla_000\AppData\Local\Temp\mdi064.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi164.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi264.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi364.dll
C:\Users\hanla_000\AppData\Local\Temp\mdi464.dll
C:\Users\hanla_000\AppData\Local\Temp\~+JF1360084289308265088.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-18 11:13] - [2014-03-28 16:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-18 11:13] - [2014-03-06 13:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663


==================== Restore Points  =========================

Restore point made on: 2014-05-21 16:25:00
Restore point made on: 2014-05-21 17:06:47
Restore point made on: 2014-05-22 17:09:50
Restore point made on: 2014-05-23 14:39:43

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16329.46 MB
Available physical RAM: 15079.93 MB
Total Pagefile: 16329.46 MB
Available Pagefile: 15094.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:237.91 GB) (Free:38.43 GB) NTFS
Drive d: (Dateien (1,81TB)) (Fixed) (Total:1863.01 GB) (Free:22.13 GB) NTFS
Drive f: (Dateien) (Fixed) (Total:1024 GB) (Free:106.7 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:400 GB) (Free:58.02 GB) NTFS
Drive h: (Dateien (1,33TB)) (Fixed) (Total:1370.39 GB) (Free:85.7 GB) NTFS
Drive i: (8GB STICK) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
Drive j: (My Book 4TB) (Fixed) (Total:3725.99 GB) (Free:1100.2 GB) NTFS
Drive o: (ESD-ISO) (CDROM) (Total:2.69 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Dateien (2,72TB)) (Fixed) (Total:2794.39 GB) (Free:105.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 0B36A66C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BD1BFA18)
Partition 2: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 4820A7E8)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 2795 GB) (Disk ID: B08D6C99)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 7 GB) (Disk ID: 67ADC4EE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.


LastRegBack: 2014-05-22 14:49

==================== End Of Log ============================

 

Themen zu BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!
adobe flash player, flash player, java/exploit.agent.nlz, java/exploit.agent.olg, java/exploit.agent.olr, java/exploit.agent.oze, java/exploit.agent.paf, java/exploit.agent.rcm, java/exploit.agent.rel, monitor.exe, nvbackend, registry, riskware.bitcoinminer, security, starmoney, stick, system, temp, win32/coinminer.qz, win32/downware.l, win32/packed.vmprotect.aaa, win32/packed.vmprotect.aah, win32/reveton.aj, win64/reveton.a, windows, winlogon.exe


« Sounds im Hintergrund in unregelmäßigen Abständen | Windows7 : E-Mail-Account wegen Phishingverdacht gesperrt »


Ähnliche Themen: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!


  1. GUV-Trojaner; Start in abgesichertem Modus nicht möglich; Start von FRST nicht möglich
    Log-Analyse und Auswertung - 20.12.2013 (1)
  2. GVU-Virus und der abgesicherte Modus oder Rescue-Disk funktionieren nicht
    Log-Analyse und Auswertung - 21.08.2013 (17)
  3. Auch hier: GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (12)
  4. GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (12)
  5. Interpolvirus auf Windows 7. Abgesicherte Modus fährt immer sofort herunter.
    Log-Analyse und Auswertung - 14.07.2013 (3)
  6. HILFE habe mir den Bundestrojaner eingefangen. Kann mich nicht mehr anmelden. Abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (21)
  7. GVU Trojaner - Start im Abgesicherten Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (18)
  8. GVU-Trojaner , Win7 , abgesicherte Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (8)
  9. GVU-Trojaner (Start des abgesicherten Modus nicht möglich)
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (15)
  10. 2x | SOS gvu trojaner hat zugeschlagen, abgesicherte modus geht auch nicht. Wie werde ich den virus los?
    Mülltonne - 02.02.2013 (14)
  11. GVU Trojaner eingefangen, WinXP, abgesicherter Modus geht nicht, Kaspersky Rescue auch nicht
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (28)
  12. GVU Trojaner eingefangen (Abgesicherter Modus nicht Möglich)
    Log-Analyse und Auswertung - 17.01.2013 (5)
  13. Win 7 Antivirus 2012 geht nichtmal im abgesicherte Modus
    Log-Analyse und Auswertung - 24.01.2012 (39)
  14. Gema virus! Abgesicherte modus und OTL geht nicht
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  15. Bundespolizei Trojaner - auch im abgesicherten Modus nicht mehr Start möglich
    Log-Analyse und Auswertung - 05.12.2011 (8)
  16. BKA Trojaner/Virus eingefangen, kann außer abgesichertem Modus nix mehr machen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (15)
  17. XP bootet nur im abgesicherte modus
    Alles rund um Windows - 02.07.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! - Hallo, ich habe mir offentsichtlich den BKA Torjaner eingefangen. Und zwar einer von der neueren Sorte, bei dem man nicht mehr in den abgesicherten Modus gelangt. Ich konnte zwar den - BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!...
Archiv
Du betrachtest: BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131