Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Peals F!plock Allowed in System Center Endpoint Protection


  • This topic is locked This topic is locked
18 replies to this topic

#1 shep86

shep86

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 28 October 2015 - 02:41 AM

Hello guys,

I have this problem attached in the image .

 

I cannot remove it from there . I click the button remove all , and nothing happens ,also I cannot check the box in front of the trojan.

 

I can say that my system is clean , I scanned with a lot of programs and nothign was found .

List of programs : MBAM , Eset antivirus, Spybot, Spyhunter, Sophos , Emergency Kit, Rkill ,adwcleaner. 

 

My OS is Windows 8.1 x64 .

 

Could you please help me please ?

Attached Files

  • Attached File  scep.bmp   2.31MB   10 downloads

Edited by shep86, 28 October 2015 - 02:43 AM.


BC AdBot (Login to Remove)

 


#2 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 29 October 2015 - 12:27 PM

Hi again ,

 

No one has any hints for this ?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 01 November 2015 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#4 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 November 2015 - 09:42 AM

Hello and sorry for the delay,

RogueKiller log :

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Daniel.Bornaz [Administrator]
Started from : C:\Users\daniel.bornaz\Downloads\RogueKiller.exe
Mode : Scan -- Date : 11/03/2015 16:38:07
 
¤¤¤ Processes : 3 ¤¤¤
[Proc.Injected] svchost.exe(6000) -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe(6000) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Injected] dllhost.exe(10876) -- C:\Windows\SysWOW64\dllhost.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path|VT.Trojan:Win32/Kovter] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run | 128264aa-7206-8e47-95ad-8a369e5ce36b : C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [-] -> Found
[Suspicious.Path|VT.Trojan:Win32/Kovter] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run | 128264aa-7206-8e47-95ad-8a369e5ce36b : C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [-] -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FD9EDD1-E426-4D03-B514-5B56079AAC27} | DhcpNameServer : 10.6.34.3 10.6.34.20 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{651AEE71-DCEB-4018-ABD9-A3B7B1270662} | DhcpNameServer : 10.6.34.3 10.6.34.20 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4FD9EDD1-E426-4D03-B514-5B56079AAC27} | DhcpNameServer : 10.6.34.3 10.6.34.20 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{651AEE71-DCEB-4018-ABD9-A3B7B1270662} | DhcpNameServer : 10.6.34.3 10.6.34.20 ([][])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 100 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2304000 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2566144 | Size: 102398 MB
4 - Basic data partition | Offset (sectors): 212277248 | Size: 140540 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] c6adff1a19b16377efce159abeed6440
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 237 | Size: 483 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
--------------------------------
Far bar logs :
1.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Daniel.Bornaz (administrator) on DANIELB-MBL (03-11-2015 16:40:02)
Running from C:\Users\daniel.bornaz\Downloads
Loaded Profiles: Daniel.Bornaz (Available Profiles: user & admintni & costin.duchin & Daniel.Bornaz & admin.dan)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(© 2015 Microsoft Corporation) C:\Users\daniel.bornaz\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Flux Software LLC) C:\Users\daniel.bornaz\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
() C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [381784 2013-11-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24112296 2015-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [BingSvc] => C:\Users\daniel.bornaz\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [f.lux] => C:\Users\daniel.bornaz\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [128264aa-7206-8e47-95ad-8a369e5ce36b] => C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [345088 2014-03-18] (iQuode Studio)
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\MountPoints2: {c5bdeba2-68c6-11e5-8292-b86b233de87d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\MountPoints2: {c5bdebf4-68c6-11e5-8292-b86b233de87d} - "E:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2013-07-17] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2015-07-01]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\daniel.bornaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{4FD9EDD1-E426-4D03-B514-5B56079AAC27}: [DhcpNameServer] 10.6.34.3 10.6.34.20
Tcpip\..\Interfaces\{651AEE71-DCEB-4018-ABD9-A3B7B1270662}: [DhcpNameServer] 10.6.34.3 10.6.34.20
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> DefaultScope {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL = 
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL = 
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-02] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-02] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-05-19] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: TOSHIBA Fingerprint Utility Web Site Passwords - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2015-07-01] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Google Slides) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Google Drive) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Google Slides) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Google Slides) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-28]
CHR Extension: (Google Slides) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2015-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2013-08-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1840208 2012-11-21] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-10-25] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [784288 2013-10-15] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1871784 2015-08-22] (Maxthon)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [323304 2014-03-04] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [402000 2012-11-21] (Microsoft Corporation)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-12-24] (Toshiba Europe GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [33280 2013-08-27] (Validity Sensors, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-10-07] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [94392 2013-07-17] (O2Micro)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [168656 2014-03-21] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-10-15] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S0 MpBoot; C:\Windows\System32\DRIVERS\MpBoot.sys [43680 2015-03-04] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609056 2013-12-05] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\system32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-03] ()
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-03 16:40 - 2015-11-03 16:40 - 00023396 _____ C:\Users\daniel.bornaz\Downloads\FRST.txt
2015-11-03 16:39 - 2015-11-03 16:40 - 00000000 ____D C:\FRST
2015-11-03 16:39 - 2015-11-03 16:39 - 02198016 _____ (Farbar) C:\Users\daniel.bornaz\Downloads\FRST64.exe
2015-11-03 16:30 - 2015-11-03 16:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-03 16:30 - 2015-11-03 16:30 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-03 16:29 - 2015-11-03 16:30 - 18969672 _____ C:\Users\daniel.bornaz\Downloads\RogueKiller.exe
2015-11-03 14:57 - 2015-11-03 14:57 - 00119217 _____ C:\Users\daniel.bornaz\Downloads\[SceneFZ.net]Gotham.S02E07.720p.HDTV.X264-DIMENSION.torrent
2015-11-03 14:56 - 2015-11-03 14:56 - 00155524 _____ C:\Users\daniel.bornaz\Downloads\[SceneFZ.net]Fargo.S02E04.720p.HDTV.x264-KILLERS.torrent
2015-11-03 14:56 - 2015-11-03 14:56 - 00149305 _____ C:\Users\daniel.bornaz\Downloads\[SceneFZ.net]Supergirl.S01E02.720p.HDTV.X264-DIMENSION.torrent
2015-11-03 13:47 - 2015-11-03 14:26 - 00001078 _____ C:\Windows\system32dbgraw.bmp
2015-11-03 12:24 - 2015-11-03 12:24 - 00000000 ____D C:\ProgramData\Samsung
2015-11-03 12:22 - 2015-11-03 12:54 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\Samsung
2015-11-03 12:22 - 2015-11-03 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-03 12:22 - 2015-11-03 12:54 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-03 12:22 - 2015-11-03 12:22 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-03 12:22 - 2015-11-03 12:22 - 00000000 ____D C:\Users\daniel.bornaz\Documents\SelfMV
2015-11-03 12:22 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-11-03 12:13 - 2015-11-03 12:55 - 00000000 ____D C:\Users\daniel.bornaz\Downloads\once.upon.a.time.the.bear.and.the.bow.(2015).eng.1cd.(6364784)
2015-11-02 14:58 - 2015-11-02 14:58 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-11-02 14:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-11-02 14:58 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-11-02 08:17 - 2015-11-02 08:17 - 01585864 _____ C:\Windows\Minidump\110215-4703-01.dmp
2015-10-30 08:55 - 2015-11-03 12:24 - 00000000 ____D C:\Users\daniel.bornaz\AppData\LocalLow\uTorrent
2015-10-29 08:52 - 2015-10-29 08:52 - 01652304 _____ C:\Windows\Minidump\102915-4281-01.dmp
2015-10-28 11:27 - 2015-10-28 11:37 - 00002236 ____H C:\Users\daniel.bornaz\Documents\Default.rdp
2015-10-28 10:08 - 2015-10-28 10:08 - 00426072 _____ C:\Windows\Minidump\102815-3906-01.dmp
2015-10-28 09:43 - 2015-10-28 09:43 - 02419254 _____ C:\Users\daniel.bornaz\Desktop\scep.bmp
2015-10-28 09:30 - 2015-10-28 09:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-28 09:26 - 2015-10-28 09:27 - 00002906 _____ C:\Users\daniel.bornaz\Desktop\Rkill.txt
2015-10-28 08:09 - 2015-10-28 08:09 - 01538360 _____ C:\Windows\Minidump\102815-4843-01.dmp
2015-10-27 16:48 - 2015-10-27 16:48 - 00000158 _____ C:\Users\daniel.bornaz\Desktop\idei cadou craciun.txt
2015-10-22 11:04 - 2015-10-22 14:39 - 00008244 _____ C:\Users\daniel.bornaz\Desktop\Book1.xlsx
2015-10-21 07:42 - 2015-09-29 14:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-21 07:42 - 2015-09-29 14:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-21 07:42 - 2015-09-29 14:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-21 07:42 - 2015-09-29 14:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-21 07:42 - 2015-09-29 14:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-21 07:42 - 2015-09-24 19:51 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-10-21 07:42 - 2015-09-24 19:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-10-21 07:42 - 2015-09-24 19:30 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-10-21 07:42 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-21 07:42 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-21 07:42 - 2015-09-10 20:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-21 07:42 - 2015-09-10 19:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-21 07:42 - 2015-09-10 19:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-21 07:42 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-21 07:42 - 2015-09-10 19:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-21 07:42 - 2015-09-10 19:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-21 07:42 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-21 07:42 - 2015-09-10 19:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-21 07:42 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-21 07:42 - 2015-09-10 18:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-21 07:42 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-21 07:42 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-21 07:42 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-21 07:42 - 2015-09-10 18:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-21 07:42 - 2015-09-10 18:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-21 07:42 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-21 07:42 - 2015-09-10 18:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-21 07:42 - 2015-09-10 18:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-21 07:42 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-21 07:42 - 2015-09-10 18:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-21 07:42 - 2015-09-10 18:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-21 07:42 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-21 07:42 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-21 07:42 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-21 07:42 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-21 07:42 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-21 07:42 - 2015-09-10 18:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-21 07:42 - 2015-09-10 18:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-21 07:42 - 2015-09-10 18:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-21 07:42 - 2015-09-10 17:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-21 07:42 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-21 07:42 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-21 07:42 - 2015-09-10 17:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-21 07:42 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-21 07:42 - 2015-09-10 17:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-21 07:42 - 2015-09-10 17:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-21 07:42 - 2015-09-10 17:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-21 07:42 - 2015-09-10 17:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-21 07:42 - 2015-09-10 17:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-21 07:42 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-21 07:42 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-21 07:42 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-21 07:42 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-15 14:45 - 2015-10-30 09:42 - 00000328 _____ C:\Users\daniel.bornaz\Desktop\pontare proiecte.txt
2015-10-15 14:16 - 2015-10-15 14:16 - 00000000 ____D C:\Users\daniel.bornaz\Desktop\DGASPC
2015-10-15 12:22 - 2015-10-15 12:22 - 00047682 _____ C:\Users\daniel.bornaz\Desktop\scan.xml
2015-10-14 07:06 - 2015-10-14 07:06 - 00080384 _____ C:\Users\daniel.bornaz\Desktop\Fwd DGASPC.msg
2015-10-12 08:38 - 2015-10-12 08:38 - 00000506 _____ C:\Users\daniel.bornaz\Desktop\net35_[winaero.com]_128.zip
2015-10-10 09:42 - 2015-10-10 09:42 - 00284984 _____ C:\Windows\Minidump\101015-4140-01.dmp
2015-10-09 09:23 - 2015-10-09 09:23 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Local\CrystalDiskMark5
2015-10-09 09:21 - 2015-10-28 09:42 - 00001867 _____ C:\Users\daniel.bornaz\Desktop\CrystalDiskMark 5.lnk
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark5
2015-10-09 09:21 - 2015-10-09 09:21 - 00000000 ____D C:\Program Files\CrystalDiskMark5
2015-10-08 07:08 - 2015-10-08 07:08 - 01539216 _____ C:\Windows\Minidump\100815-4843-01.dmp
2015-10-05 14:07 - 2015-10-06 08:42 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery
2015-10-05 14:07 - 2015-10-05 14:07 - 00001085 _____ C:\Users\Public\Desktop\iCare data Recovery Software.lnk
2015-10-05 14:07 - 2015-10-05 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCare Data Recovery
2015-10-05 14:05 - 2015-10-05 14:05 - 00000000 ____D C:\Program Files (x86)\EaseUS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-03 16:36 - 2015-07-24 13:30 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\uTorrent
2015-11-03 16:23 - 2015-09-01 11:08 - 00001024 ____H C:\AMTAG.BIN
2015-11-03 16:20 - 2015-09-01 11:08 - 00000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.6
2015-11-03 16:07 - 2015-09-28 10:16 - 00060850 _____ C:\Windows\setupact.log
2015-11-03 16:07 - 2015-07-15 12:28 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Local\CrashDumps
2015-11-03 16:01 - 2015-07-01 17:02 - 01868954 _____ C:\Windows\WindowsUpdate.log
2015-11-03 16:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-03 15:49 - 2015-07-03 13:21 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-03 15:46 - 2015-07-03 09:08 - 00000504 _____ C:\Windows\system32\config\netlogon.ftl
2015-11-03 15:42 - 2015-07-15 11:31 - 00000000 ____D C:\Users\daniel.bornaz\Documents\My Received Files
2015-11-03 14:58 - 2015-07-13 09:10 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\vlc
2015-11-03 14:51 - 2015-07-03 13:18 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{85310153-B9CC-4EBB-AB19-51FB933E31E7}
2015-11-03 12:59 - 2015-07-03 09:22 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3661474181-1218003758-3288892083-20204
2015-11-03 12:54 - 2014-05-13 03:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-03 12:39 - 2015-07-01 17:05 - 00112835 __RSH C:\ProgramData\ntuser.pol
2015-11-03 12:24 - 2015-07-03 13:26 - 00000000 ____D C:\Users\daniel.bornaz\Documents\samsung
2015-11-03 10:30 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-03 08:49 - 2015-07-03 13:21 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-02 15:18 - 2015-07-06 14:06 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\Kodi
2015-11-02 15:06 - 2015-07-06 14:01 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-11-02 12:17 - 2014-05-13 03:24 - 00801572 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 10:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-11-02 08:44 - 2015-07-13 13:08 - 00000000 ____D C:\ProgramData\Oracle
2015-11-02 08:42 - 2015-07-13 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-02 08:41 - 2015-08-31 15:15 - 00000000 ____D C:\Users\daniel.bornaz\.oracle_jre_usage
2015-11-02 08:41 - 2015-07-13 13:09 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-02 08:41 - 2015-07-13 13:08 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-02 08:20 - 2015-08-10 08:52 - 00000577 _____ C:\Windows\SMSCFG.ini
2015-11-02 08:17 - 2015-09-29 07:12 - 671527378 _____ C:\Windows\MEMORY.DMP
2015-11-02 08:17 - 2015-07-06 10:27 - 00000000 ____D C:\Windows\Minidump
2015-11-02 08:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-30 11:26 - 2015-07-03 09:17 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Local\Packages
2015-10-30 08:40 - 2015-08-25 07:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 08:40 - 2015-07-07 07:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-28 13:24 - 2015-07-03 13:00 - 00000000 ____D C:\Users\daniel.bornaz\Fise Personala
2015-10-28 10:49 - 2015-08-03 13:05 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Local\Battle.net
2015-10-28 10:08 - 2015-09-29 07:12 - 00001388 _____ C:\Windows\PFRO.log
2015-10-28 09:43 - 2015-07-03 12:58 - 00002204 _____ C:\Users\daniel.bornaz\Desktop\Fisier Seriale si evidenta Office,Win.Project,Visio.lnk
2015-10-28 09:43 - 2015-07-03 12:58 - 00002080 _____ C:\Users\daniel.bornaz\Desktop\Kit-uri Aferente Noilor Seriale .lnk
2015-10-28 09:43 - 2015-07-03 12:58 - 00001759 _____ C:\Users\daniel.bornaz\Desktop\HD_ONLY.lnk
2015-10-28 09:43 - 2015-07-03 12:57 - 00001728 _____ C:\Users\daniel.bornaz\Desktop\Backup Users.lnk
2015-10-28 09:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-10-28 08:10 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-28 08:09 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-26 10:56 - 2015-07-03 09:17 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Local\Microsoft Help
2015-10-26 08:19 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-26 08:18 - 2015-07-02 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-26 08:17 - 2015-07-02 08:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-26 08:17 - 2013-08-22 15:25 - 00000235 _____ C:\Windows\win.ini
2015-10-16 06:51 - 2015-07-02 11:04 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 06:51 - 2015-07-02 11:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 16:07 - 2015-07-03 09:17 - 00000000 ____D C:\Users\daniel.bornaz
2015-10-08 08:48 - 2015-07-03 09:17 - 00006408 __RSH C:\Users\daniel.bornaz\ntuser.pol
2015-10-08 08:21 - 2015-09-24 16:05 - 00000000 ____D C:\Users\daniel.bornaz\AppData\Roaming\HD Tune Pro
2015-10-05 14:07 - 2015-10-02 11:45 - 00000000 ____D C:\ProgramData\DatacardService
 
==================== Files in the root of some directories =======
 
2015-07-01 17:01 - 2015-07-01 17:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-30 08:12 - 2015-09-30 08:12 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-30 08:12 - 2015-09-30 08:12 - 0004963 _____ () C:\ProgramData\wmzddnmb.cix
 
Files to move or delete:
====================
C:\Users\daniel.bornaz\reset reg permision.cmd
 
 
Some files in TEMP:
====================
C:\Users\daniel.bornaz\AppData\Local\Temp\AA_v3.exe
C:\Users\daniel.bornaz\AppData\Local\Temp\dllnt_dump.dll
C:\Users\daniel.bornaz\AppData\Local\Temp\jre-8u65-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-21 10:11
 
==================== End of FRST.txt ============================
 
 
2. 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Daniel.Bornaz (2015-11-03 16:40:23)
Running from C:\Users\daniel.bornaz\Downloads
Windows 8.1 Pro (X64) (2015-07-02 05:51:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admintni (S-1-5-21-1641086272-514051370-2186215830-500 - Administrator - Enabled) => C:\Users\admintni
Guest (S-1-5-21-1641086272-514051370-2186215830-501 - Limited - Disabled)
user (S-1-5-21-1641086272-514051370-2186215830-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: System Center Endpoint Protection (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: System Center Endpoint Protection (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.446 - ALPS ELECTRIC CO., LTD.)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392016500}) (Version: 1.00.0003 - C-Media Electronics, Inc.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6) (Version: 1.6 - GetCS16.ru)
CrystalDiskMark 5.0.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.0.2 - Crystal Dew World)
DTS Studio Sound (HKLM-x32\...\{2C7A5AF4-1793-4B5A-89C0-021FB198EDE8}) (Version: 1.01.3700 - DTS, Inc.)
f.lux (HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCare Data Recovery 5.1 (HKLM-x32\...\iCare Data Recovery_is1) (Version:  - iCare Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1059 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.3.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{37C7DCBF-E2C6-401B-8DA3-2B17C42E5ABF}) (Version: 17.0.1412.03 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6e8d4676-a513-4f5b-9b52-6deb7bdc94f0}) (Version: 16.8.0 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Kodi) (Version:  - XBMC-Foundation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.6.2000 - Maxthon International Limited)
MDOP MBAM (HKLM\...\{1B0FF767-2365-4E2B-91D1-93D442944055}) (Version: 2.5.0244.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{FF9B34D5-DD56-44A9-9EA1-4F143C2865DE}) (Version: 2.1.4.225GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.225GS - O2Micro) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.04.6401 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.1.6404 - Toshiba Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.03.64402 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.04.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.17 - TOSHIBA)
TOSHIBA Password Utility (HKLM\...\{CD4B9E2C-4295-4920-82F2-C87113822E32}) (Version: 3.03.00.03 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.10.1.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.1 - Toshiba Europe GmbH)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Validity WBF DDK 5111 (HKLM\...\{553FA82D-40F9-4FF4-B0F3-70E9DF68EE0D}) (Version: 4.5.232.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wondershare PDF Editor OCR (HKLM-x32\...\{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1) (Version: 3.6.0.9 - Wondershare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.6.5) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.6.5.2 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
12-10-2015 08:55:35 Scheduled Checkpoint
21-10-2015 10:10:31 Scheduled Checkpoint
26-10-2015 08:15:05 Windows Update
02-11-2015 10:23:19 Scheduled Checkpoint
03-11-2015 12:21:58 Installed Samsung Kies3
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2015-09-14 14:49 - 00000893 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C924661-62DA-4EE3-B415-23E3CD2BB3FC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0D2363E2-743B-4F7A-BFE6-6517BAFC5041} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {1D2B5780-A588-4B4F-A542-D87B48B16BB2} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {23BE4C5F-D49D-4E52-ABED-8B533929CC0F} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {24A35ADC-6129-43DC-B891-9D5AACA1F409} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {2518DBD9-19B1-48B3-84B4-D9F90208809C} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-07-09] (Maxthon International ltd.)
Task: {28872E5D-222A-4E59-94BB-673BA053A265} - System32\Tasks\TOSHIBA\RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-05-28] (Realtek Semiconductor)
Task: {4FAD4D8C-9E40-4C99-9BBB-9B162541E0B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {601FA7C8-D6BE-44CD-9B32-90549E882918} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {66D19C10-973D-40AC-92BB-F93A75CCE8B6} - System32\Tasks\TOSHIBA\IMSS => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [2013-12-09] (Intel Corporation)
Task: {6E09E164-40CC-4E5C-952C-ED2EF71E62A6} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-12-24] (Toshiba Europe GmbH)
Task: {75B2D266-1C40-4141-9F60-FBD23A615AB0} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23] (TOSHIBA)
Task: {7729014B-F5B0-4036-A4E5-DA4C63CCA8FD} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {7B784650-91E4-425A-85B5-0BCB4EC2FC92} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {89AC9198-86A8-4558-BBA9-B6DBD84B7B94} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-08] (TOSHIBA Corporation)
Task: {934C32EE-C163-4619-A631-ED33CBC1E160} - System32\Tasks\TOSHIBA\HotKeysCmds => C:\Windows\system32\hkcmd.exe
Task: {AF8F6FAC-58A4-4F41-9C7D-B27562C6D53F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {BB600E30-C27B-42FA-B17A-E839DC78716B} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2013-08-13] (TOSHIBA Corporation)
Task: {E17FBC6A-79AA-42D8-AB02-BD4EF10396E1} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {F872A00B-C672-44DE-B7AB-7E11848E3729} - System32\Tasks\TOSHIBA\Persistence => C:\Windows\system32\igfxpers.exe
Task: {FE4AF552-866E-4E07-BFEF-B85EDF20ABE0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {FECF4494-125C-404E-8E08-1AC6806D6910} - System32\Tasks\TOSHIBA\IgfxTray => C:\Windows\system32\igfxtray.exe [2014-12-31] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-25 09:20 - 2013-10-25 09:20 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-12 19:06 - 2013-08-12 19:06 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 19:06 - 2013-08-12 19:06 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 19:06 - 2013-08-12 19:06 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-14 09:31 - 2013-10-14 09:31 - 00331104 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 14:24 - 2013-08-01 14:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2015-08-06 11:36 - 2015-08-06 11:36 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-09-29 11:57 - 2015-09-29 11:57 - 06737984 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
2015-07-01 16:54 - 2013-12-09 15:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-19 16:31 - 2015-05-19 16:31 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 01033792 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-27 08:50 - 2015-10-20 16:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-27 08:50 - 2015-10-20 16:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2014-01-23 06:55 - 2014-01-23 06:55 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2015-10-27 08:50 - 2015-10-20 16:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-13 15:56 - 2015-04-13 15:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00084928 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00034752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00961472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 01303488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00088512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00363456 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2015-04-13 16:00 - 2015-04-13 16:00 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00772544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00702400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00125376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00064448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00030656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2015-04-13 15:58 - 2015-04-13 15:58 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-13 15:59 - 2015-04-13 15:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\platformacloud.ro -> hxxps://leaveapp.platformacloud.ro
IE trusted site: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\software -> hxxp://software
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\Control Panel\Desktop\\Wallpaper -> C:\Users\daniel.bornaz\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 10.6.34.3 - 10.6.34.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99ECA185-9540-47DE-9AF8-33DAFA971B71}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{833F9E38-CD4E-4AD1-8E44-F436D1162484}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{303A6AF2-BB57-42FA-AF84-B1E4D76EC56E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1FDE83F4-AD91-44BC-9224-2C67CEBAB037}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C6C7B0EF-33DC-40B4-9F4E-528A19357354}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7E08F9E7-9883-4BD0-BF9E-8E34D6855C6F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2E2EAF55-ABBB-4525-8C84-F43A16308539}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3FE7AD0B-C75A-4BF6-A7B7-162F140A89E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{407314F5-F87B-49C3-BDDD-8B196AF96018}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [{B0283220-F010-4C6F-BB64-19F848537956}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{C3D8350B-3225-4EFE-98BE-19B55081E638}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{B5D54C4B-C029-4AB4-984E-8735DD1AC7FA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{09B6DB7D-6B15-4217-83D5-7F851898F04E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{208AB3D5-9003-4E0D-8DEB-757E2C2C4876}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{683FD9AC-58A6-4A34-8D9E-938DF0484FEA}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8235B7A1-663D-4A8C-AA25-0874B3F8E7BC}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE0C8C2E-0A9E-4F16-9C55-3EB33B06C818}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4927111-39A2-42B7-8CF8-0EDC1B29C68E}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{342A81C8-5EF0-497C-9647-52AB590EF407}] => (Allow) C:\Users\daniel.bornaz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E84D49B-7BCE-499B-BFFD-DEBB757102D5}] => (Allow) D:\Battlenet\Battle.net\Battle.net.exe
FirewallRules: [{1804B947-F270-405F-AD50-D619D90B0387}] => (Allow) D:\Battlenet\Battle.net\Battle.net.exe
FirewallRules: [{3605EFA6-30B1-4C55-9EBD-5963B476DD93}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{8FAC78D3-5EDF-47E9-A43B-0CEE4E30C4FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B0EAC209-1CCB-4029-8207-51D8D210D096}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{258D3BDA-416E-40EC-8D42-AAC8CD4BEB5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{658050A6-1869-41EB-96D1-9DF5DE2505DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E49BC1F5-0B5A-463B-AB34-664FB82678CE}] => (Allow) D:\Battlenet\Hearthstone\Hearthstone.exe
FirewallRules: [{9FED354B-101B-4420-BCEA-3318D5956C58}] => (Allow) D:\Battlenet\Hearthstone\Hearthstone.exe
FirewallRules: [{5F256249-4D16-4086-B953-6DB659C1F3D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/03/2015 04:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TssSrv.exe, version: 1.0.1.1, time stamp: 0x526514d5
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4bc8e
Exception code: 0xc0000374
Fault offset: 0x000e5904
Faulting process id: 0x2720
Faulting application start time: 0xTssSrv.exe0
Faulting application path: TssSrv.exe1
Faulting module path: TssSrv.exe2
Report Id: TssSrv.exe3
Faulting package full name: TssSrv.exe4
Faulting package-relative application ID: TssSrv.exe5
 
Error: (11/02/2015 10:19:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TssSrv.exe, version: 1.0.1.1, time stamp: 0x526514d5
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4bc8e
Exception code: 0xc0000374
Fault offset: 0x000e5904
Faulting process id: 0x1158
Faulting application start time: 0xTssSrv.exe0
Faulting application path: TssSrv.exe1
Faulting module path: TssSrv.exe2
Report Id: TssSrv.exe3
Faulting package full name: TssSrv.exe4
Faulting package-relative application ID: TssSrv.exe5
 
Error: (11/02/2015 10:03:54 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy65\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:52 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy64\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:51 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy63\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:43 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy62\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:12 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy61\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:12 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy60\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:11 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy59\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (11/02/2015 10:03:11 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy58\,0x80000000,0x00000003,...).  hr = 0x80070571, The disk structure is corrupted and unreadable.
.
 
 
Operation:
   Processing PreFinalCommitSnapshots
 
Context:
   Execution Context: System Provider
 
 
System errors:
=============
Error: (11/03/2015 04:30:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (11/03/2015 04:20:01 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: F:\Device\HarddiskVolume713
 
Error: (11/03/2015 04:07:29 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Failed to open device \\?\SCSI#Disk&Ven_JMicron&Prod_Generic#000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}. Error code: 37@020D0002
 
Error: (11/03/2015 04:06:07 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014
 
Error: (11/03/2015 04:06:00 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014
 
Error: (11/03/2015 04:02:27 PM) (Source: Virtual Disk Service) (EventID: 9) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014
 
Error: (11/03/2015 02:28:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.
 
Error: (11/03/2015 12:08:30 PM) (Source: DCOM) (EventID: 10010) (User: INTRANET)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (11/03/2015 08:14:15 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain INTRANET due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/02/2015 10:24:20 AM) (Source: DCOM) (EventID: 10010) (User: INTRANET)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
CodeIntegrity:
===================================
  Date: 2015-11-02 08:18:01.392
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-29 08:52:22.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-28 10:08:34.981
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-28 08:10:34.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-28 08:09:15.449
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-15 15:14:46.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-10 10:42:36.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-10 00:28:01.780
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-08 09:47:44.851
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-08 08:08:22.905
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4600U CPU @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8101.31 MB
Available physical RAM: 3386.33 MB
Total Virtual: 16293.31 MB
Available Virtual: 12590.24 MB
 
==================== Drives ================================
 
Drive c: (TI31329100A) (Fixed) (Total:100 GB) (Free:36.42 GB) NTFS
Drive d: () (Fixed) (Total:137.25 GB) (Free:28.79 GB) NTFS
Drive e: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 483.9 MB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 04 November 2015 - 10:25 AM

Please run the RogueKiller tool and delete/fix these items.

[Suspicious.Path|VT.Trojan:Win32/Kovter] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run | 128264aa-7206-8e47-95ad-8a369e5ce36b : C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [-] -> Found
[Suspicious.Path|VT.Trojan:Win32/Kovter] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run | 128264aa-7206-8e47-95ad-8a369e5ce36b : C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [-] -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TEJB -> Found



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [128264aa-7206-8e47-95ad-8a369e5ce36b] => C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [345088 2014-03-18] (iQuode Studio)
CHR HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> DefaultScope {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL =
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL =
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\daniel.bornaz\AppData\Local\Temp\AA_v3.exe
C:\Users\daniel.bornaz\AppData\Local\Temp\dllnt_dump.dll
C:\Users\daniel.bornaz\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\ProgramData\DP45977C.lfl
C:\ProgramData\mntemp
C:\ProgramData\wmzddnmb.cix

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 05 November 2015 - 02:14 AM

Hello, 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Daniel.Bornaz (2015-11-05 09:03:36) Run:1
Running from C:\Users\daniel.bornaz\Downloads
Loaded Profiles: Daniel.Bornaz (Available Profiles: user & admintni & costin.duchin & Daniel.Bornaz & admin.dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\...\Run: [128264aa-7206-8e47-95ad-8a369e5ce36b] => C:\Users\daniel.bornaz\AppData\Local\Microsoft\4dd08929-3da3-8ff6-9ae0-ca8405b2ce61\d1fcbcbf-f445-4db4-b4cd-86e711446571.exe [345088 2014-03-18] (iQuode Studio)
CHR HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> DefaultScope {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL =
SearchScopes: HKU\S-1-5-21-3661474181-1218003758-3288892083-20204 -> {84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} URL =
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\daniel.bornaz\AppData\Local\Temp\AA_v3.exe
C:\Users\daniel.bornaz\AppData\Local\Temp\dllnt_dump.dll
C:\Users\daniel.bornaz\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\ProgramData\DP45977C.lfl
C:\ProgramData\mntemp
C:\ProgramData\wmzddnmb.cix
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run\\128264aa-7206-8e47-95ad-8a369e5ce36b => value not found.
"HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3661474181-1218003758-3288892083-20204\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84CC680F-7C7F-4CF3-8CAA-D6906E657BDF}" => key removed successfully
HKCR\CLSID\{84CC680F-7C7F-4CF3-8CAA-D6906E657BDF} => key not found. 
ew_usbenumfilter => service removed successfully
huawei_cdcacm => service removed successfully
huawei_enumerator => service removed successfully
huawei_ext_ctrl => service removed successfully
huawei_wwanecm => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\daniel.bornaz\AppData\Local\Temp\AA_v3.exe => moved successfully
C:\Users\daniel.bornaz\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\daniel.bornaz\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\mntemp => moved successfully
C:\ProgramData\wmzddnmb.cix => moved successfully
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:03:53 ====
 
 
He is running well as before this :) ,the problem is with SCEP and that allowed trojan in there.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 05 November 2015 - 10:53 AM


Clean the quarantine folder.

https://support.symantec.com/en_US/article.TECH106046.html

How is it now?

#8 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 06 November 2015 - 01:46 AM

My Antivirus is not from Symantec it is from Microsoft : https://technet.microsoft.com/en-us/library/hh546785.aspx I have SCEP 2012 aka System Center Endpoint Protection 2012

Thank you



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 06 November 2015 - 10:54 AM

My mistake.

Clean this quarantine folder.
https://technet.microsoft.com/en-us/library/ff823832.aspx

#10 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 07 November 2015 - 09:46 AM

I already did that please check my first post.

 

"I cannot remove it from there . I click the button remove all , and nothing happens ,also I cannot check the box in front of the trojan"



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 07 November 2015 - 03:40 PM

What is reported by the Security tool is the name of the malware.
It does not show any file that we can remove, or the Registry item concerned.

Let see if we can find the culprit

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
process;
installer-list;
installedprogs;
startupall;
firefoxlook; 
chromelook;
srinfo;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

#12 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 09 November 2015 - 01:18 AM

Hi,

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Daniel.Bornaz on Mon 11/09/2015 at  8:15:59.58.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\daniel.bornaz\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/9/2015 8:16:28 AM Zoek.exe System Restore Point Created Successfully.
 
==== Windows Installer Info ======================
 
7-Zip 9.20 (x64 edition) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\96F071321C0420729002000010000000]C:\Windows\Installer\eb0bf.msi
Adobe Acrobat Reader DC [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744CAF070E41400]C:\Windows\Installer\3f59991.msi
Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142613101]C:\Windows\Installer\51b78ce.msi
Configuration Manager Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3B4086DCEFB4BA4FB5ADFB9CE8C6003]C:\Windows\Installer\e781ca8.msi
DTS Studio Sound [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4FA5A7C23971A5B4980C20F11B89DE8E]C:\Windows\Installer\14aa8.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\27c2e8be.msi
Intel® PRO/Wireless Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CAC67F45CE0E2A244B82D8ADF7B5F5BA]C:\Windows\Installer\2821a.msi
Intel® Rapid Storage Technology [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7864E26A15192614EA5D201226CCCABA]C:\Windows\Installer\167c0.msi
Intel® Smart Connect Technology [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\367DF5B94705C4748B894265E746058C]C:\Windows\Installer\136ec.msi
Intel® Wireless Bluetooth® 4.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FBCD7C736C2EB104D83AB2714CE2A5FB]C:\Windows\Installer\12bb0.msi
Intelr PROSet/Wireless WiFi Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CBC1864403F1FE4BB9E5BFCACCD3DAD]C:\Windows\Installer\2821e.msi
Intelr Trusted Connect Service Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71460E5BCA4A52243BE6E7439C61617E]C:\Windows\Installer\11059.msi
Java 8 Update 65 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208560F]C:\Windows\Installer\15c7f1.msi
Macrium Reflect Free Edition [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\783BAD09E6675184E981250086C1DD22]C:\Windows\Installer\4f63077.msi
MDOP MBAM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\767FF0B15632B2E4191D394D24490455]C:\Windows\Installer\e781d15.msi
Microsoft Access MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109510090400000000000F01FEC]C:\Windows\Installer\eb0b5.msi
Microsoft Access Setup Metadata MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109711090400000000000F01FEC]C:\Windows\Installer\eb056.msi
Microsoft DCF MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109090090400000000000F01FEC]C:\Windows\Installer\eb074.msi
Microsoft Endpoint Protection Management Components [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0643A95D4985BDC48894CEC569592D27]c:\Windows\Installer\149f9b2.msi
Microsoft Excel MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109610090400000000000F01FEC]C:\Windows\Installer\eb065.msi
Microsoft Forefront Endpoint Protection 2010 Server Management [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\725C073AA4FE27141B6F13C021B1BA20]c:\Windows\Installer\149f9b8.msi
Microsoft Groove MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109AB0090400000000000F01FEC]C:\Windows\Installer\eb07e.msi
Microsoft InfoPath MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109440090400000000000F01FEC]C:\Windows\Installer\eb05b.msi
Microsoft Lync MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B21090400000000000F01FEC]C:\Windows\Installer\eb060.msi
Microsoft Office 64-bit Components 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20000000100000000F01FEC]C:\Windows\Installer\eb050.msi
Microsoft Office OSM MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091E0090400000000000F01FEC]C:\Windows\Installer\eb0a1.msi
Microsoft Office OSM UX MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051092E0090400000000000F01FEC]C:\Windows\Installer\eb0a6.msi
Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109110000000000000000F01FEC]C:\Windows\Installer\eb0bb.msi
Microsoft Office Proofing (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C20090400000000000F01FEC]C:\Windows\Installer\eb09c.msi
Microsoft Office Proofing Tools 2013 - English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F10090400000000000F01FEC]C:\Windows\Installer\eb097.msi
Microsoft Office Proofing Tools 2013 - Espa¤ol [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100A0C00000000000F01FEC]C:\Windows\Installer\eb08d.msi
Microsoft Office Shared 64-bit MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20090400100000000F01FEC]C:\Windows\Installer\eb045.msi
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109611090400100000000F01FEC]C:\Windows\Installer\eb04a.msi
Microsoft Office Shared MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E60090400000000000F01FEC]C:\Windows\Installer\eb083.msi
Microsoft Office Shared Setup Metadata MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109511090400000000000F01FEC]C:\Windows\Installer\eb088.msi
Microsoft OneNote MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000051091A0090400000000000F01FEC]C:\Windows\Installer\eb079.msi
Microsoft Outlook MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A10090400000000000F01FEC]C:\Windows\Installer\eb0ab.msi
Microsoft Policy Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B592D0980ABE7849B40E02624904A01]C:\Windows\Installer\e781ca3.msi
Microsoft PowerPoint MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109810090400000000000F01FEC]C:\Windows\Installer\eb06a.msi
Microsoft Publisher MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109910090400000000000F01FEC]C:\Windows\Installer\eb06f.msi
Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B5D8EAFB819FF6847BE40967D21FC1C5]c:\Windows\Installer\149f9a6.msi
Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]C:\Windows\Installer\7b8932.msi
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182]C:\Windows\Installer\e781c9e.msi
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E]c:\Windows\Installer\e781c99.msi
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\eb7a6e2.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]C:\Windows\Installer\121ff8.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\e781c94.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]C:\Windows\Installer\8e56d61.msi
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\10704.msi
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\f689.msi
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C9F8B73BF303523781852719CD9C700]C:\Windows\Installer\12f57.msi
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3AEB2FCAE628F23AAB933F1E743AB79]C:\Windows\Installer\12f53.msi
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C025571B2A687A53689168CD7369889B]C:\Windows\Installer\12f5f.msi
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC8A59DBF9D1DA5389A1E3975220E6BB]C:\Windows\Installer\12f5b.msi
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58]C:\Windows\Installer\122002.msi
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21EE4A31AE32173319EEFE3BD6FDFFE3]C:\Windows\Installer\121ffd.msi
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BEA594979BAED93C82408E6FE57CE7A]C:\Windows\Installer\6b0026.msi
Microsoft Word MUI (English) 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109B10090400000000000F01FEC]C:\Windows\Installer\eb0b0.msi
O2Micro OZ776 SCR Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D43B9FF65DD9A44E91AF441C38256ED]C:\Windows\Installer\136f0.msi
Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F100C0400000000000F01FEC]C:\Windows\Installer\eb092.msi
TOSHIBA Desktop Assist [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0FECDC4CA7A0524488C7333E59337D85]C:\Windows\Installer\16177.msi
TOSHIBA Display Utility [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E70CA6F5FE05E2245BE656125E3B1593]C:\Windows\Installer\12f63.msi
TOSHIBA eco Utility [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\998A2D4943C0024488E0EA33E736A50B]C:\Windows\Installer\12bc0.msi
TOSHIBA Fingerprint Utility [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\183FBB26802D0FE45B20C66B5E9B1A16]C:\Windows\Installer\62cab.msi
TOSHIBA Function Key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2EFC44813ABEA094A8E5B9CF463624DF]C:\Windows\Installer\12bb4.msi
TOSHIBA Password Utility [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C2E9B4DC59240294282F8C173128E223]C:\Windows\Installer\12bbc.msi
TOSHIBA PC Health Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F0DCED98E3D0B843A09C10FF9453E4A]C:\Windows\Installer\62ca3.msi
TOSHIBA Service Station [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\318C4EFB4DD4C1B4794F674A9550C5D8]C:\Windows\Installer\12f4b.msi
TOSHIBA Start Screen Option [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\53017B60F91F67F48957FFCC4DCFF338]C:\Windows\Installer\14aa3.msi
TOSHIBA System Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A69A6E1BAB2FE340878033457396CC6]C:\Windows\Installer\136f6.msi
TOSHIBA System Settings [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27DE75D410B6DB04C99A10B2F80CC9BE]C:\Windows\Installer\12bb8.msi
Toshiba TEMPRO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4125F67F8A380304089CE15F37197DA2]C:\Windows\Installer\14d86.msi
Validity WBF DDK 5111 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D28AF3559F044FF40B3F079EFD86EED0]C:\Windows\Installer\62ca7.msi
Windows Firewall Configuration Provider [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61A5A901E90E28B47A481D87F011096D]C:\Windows\Installer\e781d0d.msi
 
==== Installed Programs ======================
 
æTorrent  
7-Zip 9.20 (x64 edition)  
Adobe Acrobat Reader DC  
Adobe Refresh Manager  
ALPS Touch Pad Driver  
AOMEI Partition Assistant Standard Edition 5.6  
Battle.net  
CMEDIA USB2.0 Audio Device  
Configuration Manager Client  
Counter-Strike 1.6  
CrystalDiskMark 5.0.2  
Definition Update for Microsoft Office 2013 (KB3054786) 32-Bit Edition  
DTS Studio Sound  
f.lux  
Google Chrome  
Google Update Helper  
HD Tune Pro 5.60  
Hearthstone  
iCare Data Recovery 5.1  
Intel® Control Center  
Intel® Management Engine Components  
Intel® Network Connections Drivers  
Intel® PRO/Wireless Driver  
Intel® Processor Graphics  
Intel® Rapid Start Technology  
Intel® Rapid Storage Technology  
Intel® Smart Connect Technology  
Intel® Wireless Bluetooth® 4.0  
Intelr PROSet/Wireless Software  
Intelr PROSet/Wireless WiFi Software  
Intelr Trusted Connect Service Client  
Java 8 Update 65  
Java Auto Updater  
Kodi  
Macrium Reflect Free Edition  
Maxthon Cloud Browser  
MDOP MBAM  
Microsoft Access MUI (English) 2013  
Microsoft Access Setup Metadata MUI (English) 2013  
Microsoft DCF MUI (English) 2013  
Microsoft Endpoint Protection Management Components  
Microsoft Excel MUI (English) 2013  
Microsoft Forefront Endpoint Protection 2010 Server Management  
Microsoft Groove MUI (English) 2013  
Microsoft InfoPath MUI (English) 2013  
Microsoft Lync MUI (English) 2013  
Microsoft Office 64-bit Components 2013  
Microsoft Office OSM MUI (English) 2013  
Microsoft Office OSM UX MUI (English) 2013  
Microsoft Office Professional Plus 2013  
Microsoft Office Proofing (English) 2013  
Microsoft Office Proofing Tools 2013 - English  
Microsoft Office Proofing Tools 2013 - Espa¤ol  
Microsoft Office Shared 64-bit MUI (English) 2013  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013  
Microsoft Office Shared MUI (English) 2013  
Microsoft Office Shared Setup Metadata MUI (English) 2013  
Microsoft OneNote MUI (English) 2013  
Microsoft Outlook MUI (English) 2013  
Microsoft Policy Platform  
Microsoft PowerPoint MUI (English) 2013  
Microsoft Publisher MUI (English) 2013  
Microsoft Security Client  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)  
Microsoft Word MUI (English) 2013  
MiniTool Partition Wizard Home Edition 8.1.1  
O2Micro OZ776 SCR Driver  
Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais  
Realtek Card Reader  
Realtek High Definition Audio Driver  
Security Update for Microsoft Excel 2013 (KB3085583) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB3039734) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB3054932) 32-Bit Edition  
System Center Endpoint Protection  
TOSHIBA Desktop Assist  
TOSHIBA Display Utility  
TOSHIBA eco Utility  
TOSHIBA Fingerprint Utility  
TOSHIBA Function Key  
TOSHIBA Manuals  
TOSHIBA Password Utility  
TOSHIBA PC Health Monitor  
TOSHIBA Recovery Media Creator  
TOSHIBA Service Station  
TOSHIBA Start Screen Option  
TOSHIBA System Driver  
TOSHIBA System Settings  
Toshiba TEMPRO  
Update for Microsoft Access 2013 (KB3085503) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039701) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039718) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039739) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039762) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039778) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039787) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3039800) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054785) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054805) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054935) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3054941) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085493) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085506) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085563) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085566) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085576) 32-Bit Edition  
Update for Microsoft Office 2013 (KB3085585) 32-Bit Edition  
Update for Microsoft OneDrive for Business (KB3085509) 32-Bit Edition  
Update for Microsoft OneNote 2013 (KB3085574) 32-Bit Edition  
Update for Microsoft Outlook 2013 (KB3085579) 32-Bit Edition  
Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition  
Update for Microsoft PowerPoint 2013 (KB3085564) 32-Bit Edition  
Update for Microsoft Project 2013 (KB3085590) 32-Bit Edition  
Update for Microsoft Publisher 2013 (KB3023050) 32-Bit Edition  
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition  
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition  
Update for Microsoft Word 2013 (KB3085573) 32-Bit Edition  
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition  
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition  
Validity WBF DDK 5111  
VLC media player  
Windows Firewall Configuration Provider  
WinRAR 5.21 (64-bit)  
Wondershare PDF Editor OCR  
Wondershare PDF Editor(Build 3.6.5)  
World of Warcraft  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Windows\CCM\SCNotification.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Users\daniel.bornaz\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\daniel.bornaz\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Users\daniel.bornaz\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-3661474181-1218003758-3288892083-20204\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"="C:\Program Files (x86)\Microsoft Office\Office15\lync.exe /fromrunkey"
"BingSvc"="C:\Users\daniel.bornaz\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"f.lux"="C:\Users\daniel.bornaz\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"="C:\Program Files (x86)\Microsoft Office\Office15\lync.exe /fromrunkey"
"BingSvc"="C:\Users\daniel.bornaz\AppData\Local\Microsoft\BingSvc\BingSvc.exe"
"f.lux"="C:\Users\daniel.bornaz\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"
"TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe"
"TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MouseDriver"="TiltWheelMouse.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe"
"TFPUService"="C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe /start"
 
==== Startup Folders ======================
 
2015-07-07 10:43:58 1205 ----a-w- C:\Users\daniel.bornaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
2015-07-07 10:43:58 1205 ----a-w- C:\Users\DANIEL~1.BOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
2015-07-01 15:04:51 2081 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/03/2015 01:21 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/03/2015 01:21 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Maxthon Update" ["C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe"]
"C:\Windows\SysNative\tasks\Resolution+ Setting Task" [C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0032E366-F0A5-4507-82B5-33BDE57AD843}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{85310153-B9CC-4EBB-AB19-51FB933E31E7}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DF1EA26B-797A-4C0C-8130-A549FB54951C}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\HotKeysCmds" [C:\Windows\system32\hkcmd.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\IgfxTray" [C:\Windows\system32\igfxtray.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\IMSS" [C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\Persistence" [C:\Windows\system32\igfxpers.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\RTHDVCPL" [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"]
"C:\Windows\SysNative\tasks\TOSHIBA\TosWaitSrv" [C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe]
"C:\Windows\SysNative\tasks\TOSHIBA\TSVU" [c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}"=hex(2):43,00,3a,00,5c,00,50,00,72,00,\ []
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iniieblifogecdlkejbmonblijmdaiog - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx[08/26/2013 01:16 PM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bmkckgpgekmanipelfidlhmkfcjicion - No path found[]
 
Google Slides - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
TOSHIBA Fingerprint Utility Web Site Passwords - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog
Chrome Web Store Payments - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - admintni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Unlimited Free VPN - Hola - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
TOSHIBA Fingerprint Utility Web Site Passwords - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog
Chrome Web Store Payments - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - daniel.bornaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Unlimited Free VPN - Hola - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
TOSHIBA Fingerprint Utility Web Site Passwords - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog
Chrome Web Store Payments - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - DANIEL~1.BOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
======== System Restore Points ========
 
RP25: 10/26/2015 8:15:05 AM - Windows Update
RP26: 11/2/2015 10:23:19 AM - Scheduled Checkpoint
RP27: 11/3/2015 12:21:58 PM - Installed Samsung Kies3
RP28: 11/5/2015 9:03:36 AM - Restore Point Created by FRST
RP29: 11/9/2015 8:16:21 AM - zoek.exe restore point
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Mon 11/09/2015 at  8:17:08.39 ======================


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 09 November 2015 - 09:40 AM

Nothing suspicious was found on your last log.

Looking over your logs. Did you run the reset.reg file and is it still required?

C:\Users\daniel.bornaz\reset reg permision.cmd

Delete it if not needed.

#14 shep86

shep86
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 November 2015 - 02:09 AM

Ok, thank you, the trojan is still there.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 PM

Posted 10 November 2015 - 10:16 AM

Download and run the Microsoft Malicious Software Removal Tool
https://www.microsoft.com/en-ca/download/malicious-software-removal-tool-details.aspx

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users