| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bitdefender deaktiviert sich nach Trojanerfund-MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.03.2013, 11:38
| #16 |
 |  Bitdefender deaktiviert sich nach Trojanerfund-Meldung --------------------------------- Nun auch Scan mit OTL. Logs hierzu: Code:
ATTFilter OTL logfile created on: 07/03/2013 11:28:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000809 | Country: Vereinigtes Königreich | Language: ENG | Date Format: dd/MM/yyyy 3.89 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 42.01% Memory free 7.39 Gb Paging File | 4.66 Gb Available in Paging File | 63.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186.30 Gb Total Space | 122.29 Gb Free Space | 65.64% Space Free | Partition Type: NTFS Drive D: | 258.45 Gb Total Space | 258.30 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Computer Name: ZENBOOK | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/07 10:17:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe PRC - [2013/02/15 02:07:50 | 029,428,904 | ---- | M] (Dropbox, Inc.) -- C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/09/11 09:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe PRC - [2012/08/24 17:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012/08/24 17:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012/08/06 14:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe PRC - [2012/08/06 14:56:12 | 001,126,784 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe PRC - [2012/08/03 16:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012/07/31 17:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/07/30 13:27:58 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012/07/25 09:53:18 | 001,558,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2012/07/24 18:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2012/07/23 18:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2012/07/17 16:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/07/06 11:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012/06/27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012/05/28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2012/04/13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2013/03/06 10:15:38 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll MOD - [2013/03/05 19:46:41 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll MOD - [2013/03/05 19:46:37 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll MOD - [2013/03/05 19:46:35 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll MOD - [2013/03/05 16:56:45 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll MOD - [2013/03/05 16:56:24 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll MOD - [2013/03/05 16:56:19 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll MOD - [2013/03/05 16:56:17 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll MOD - [2013/03/05 16:55:45 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll MOD - [2013/03/05 16:55:24 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll MOD - [2013/03/05 16:54:57 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll MOD - [2013/03/05 16:54:40 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll MOD - [2012/08/24 17:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/03/05 13:55:26 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV:64bit: - [2013/03/05 13:55:11 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/01/10 00:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/12/06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012/12/06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012/11/13 19:49:57 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/11/06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012/09/20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/09/20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012/07/30 12:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV:64bit: - [2012/07/30 12:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV:64bit: - [2012/07/26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/18 12:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012/07/18 12:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012/07/18 12:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012/07/18 12:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012/07/17 00:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2012/06/25 17:45:56 | 000,095,184 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox) SRV:64bit: - [2012/05/02 13:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012/03/30 12:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache) SRV:64bit: - [2010/10/19 18:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/08/16 07:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012/07/31 17:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/07/30 13:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/23 18:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/06/27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012/04/13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/11 20:31:18 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avc3.sys -- (avc3) DRV:64bit: - [2013/01/11 20:31:18 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avckf.sys -- (avckf) DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013/01/10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012/12/18 07:45:12 | 000,359,784 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\a8djavs.sys -- (a8djavs) DRV:64bit: - [2012/12/18 07:45:12 | 000,100,712 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\a8djusb.sys -- (a8djusb_svc) DRV:64bit: - [2012/11/27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/12 17:11:19 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bdsandbox.sys -- (BDSandBox) DRV:64bit: - [2012/11/06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012/11/06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/11/02 13:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avchv.sys -- (avchv) DRV:64bit: - [2012/10/31 12:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\trufos.sys -- (trufos) DRV:64bit: - [2012/10/17 14:13:46 | 000,106,568 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/10/11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012/09/27 16:48:12 | 000,078,752 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2012/09/20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012/09/20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012/09/20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/09/20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012/09/11 09:43:44 | 000,056,704 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP) DRV:64bit: - [2012/09/03 10:46:15 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV:64bit: - [2012/08/29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\gzflt.sys -- (gzflt) DRV:64bit: - [2012/08/19 14:53:16 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012/08/15 18:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/08/09 19:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012/08/09 19:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012/08/09 19:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort) DRV:64bit: - [2012/08/09 19:29:52 | 000,048,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2012/08/02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2012/07/30 13:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012/07/26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012/07/26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/26 03:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials) DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/24 18:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012/07/24 04:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012/07/14 17:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012/07/13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager) DRV:64bit: - [2012/07/13 09:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen) DRV:64bit: - [2012/07/13 09:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram) DRV:64bit: - [2012/07/13 09:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan) DRV:64bit: - [2012/07/13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch) DRV:64bit: - [2012/07/13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc) DRV:64bit: - [2012/07/11 06:48:42 | 000,023,456 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bdelam.sys -- (bdelam) DRV:64bit: - [2012/07/04 12:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/06/19 00:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/06/15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2012/06/02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2012/06/02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress) DRV:64bit: - [2012/06/02 15:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr) DRV:64bit: - [2012/05/31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch) DRV:64bit: - [2012/04/24 11:01:12 | 000,110,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012/03/30 12:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd) DRV:64bit: - [2012/03/30 12:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs) DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2005/08/18 00:00:00 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\*****\AppData\Local\Temp\EverestDriver.sys -- (EverestDriver) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/03/05 13:24:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/03/05 13:24:11 | 000,000,000 | ---D | M] [2013/03/05 18:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Google Docs = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Evernote Web Clipper = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.10_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\dptfpolicylpmservicehelper.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9729B5C7-C38B-430C-89D5-76EF2A2C7C55}: DhcpNameServer = 192.168.2.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/07 10:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/03/06 18:47:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013/03/06 18:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/06 18:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/06 18:44:02 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/06 18:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/06 18:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013/03/06 18:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2013/03/06 17:52:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013/03/06 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013/03/06 17:43:14 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013/03/06 09:59:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013/03/06 08:46:55 | 000,000,000 | ---D | C] -- C:\sources [2013/03/05 22:21:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D2030082-F62A-402A-9456-8009276FD896} [2013/03/05 22:03:45 | 016,384,888 | ---- | C] (Native Instruments ) -- C:\Users\*****\Desktop\Audio 8 DJ Driver Setup PC.exe [2013/03/05 22:03:44 | 023,959,360 | ---- | C] (Native Instruments ) -- C:\Users\*****\Desktop\Controller Editor 1.5.4 Setup PC.exe [2013/03/05 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Native Instruments [2013/03/05 22:00:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{013BB0BF-30DA-4354-AD33-636A6EB72DA6} [2013/03/05 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2013/03/05 21:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2013/03/05 21:58:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BB25779E-744C-48F3-94DE-CD6F60A5AC55} [2013/03/05 21:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2013/03/05 21:58:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14} [2013/03/05 21:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2013/03/05 21:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2013/03/05 18:24:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Mozilla [2013/03/05 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Thunderbird [2013/03/05 18:24:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Thunderbird [2013/03/05 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2013/03/05 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2013/03/05 18:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013/03/05 18:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013/03/05 18:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013/03/05 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ASUS [2013/03/05 14:29:51 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2013/03/05 13:30:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\ASUS [2013/03/05 13:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2013/03/05 13:28:21 | 000,000,000 | R--D | C] -- C:\Users\*****\Dropbox [2013/03/05 13:27:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013/03/05 13:26:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Dropbox [2013/03/05 13:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013/03/05 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013/03/05 13:24:12 | 000,023,456 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\drivers\bdelam.sys [2013/03/05 13:24:11 | 000,078,752 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys [2013/03/05 13:24:10 | 000,097,816 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys [2013/03/05 13:24:10 | 000,082,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys [2013/03/05 13:24:04 | 000,589,000 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2013/03/05 13:24:04 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys [2013/03/05 13:24:03 | 000,707,528 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013/03/05 13:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2 [2013/03/05 13:23:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Bitdefender [2013/03/05 13:23:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013/03/05 13:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013/03/05 13:22:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\QuickScan [2013/03/05 13:20:31 | 000,350,160 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2013/03/05 13:20:31 | 000,145,696 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys [2013/03/05 13:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013/03/05 13:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013/03/05 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/03/05 13:13:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Google [2013/03/05 13:12:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Macromedia [2013/03/05 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ASUS WebStorage [2013/03/05 13:08:30 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/03/05 13:08:30 | 000,000,000 | R--D | C] -- C:\Users\*****\Searches [2013/03/05 13:08:30 | 000,000,000 | R--D | C] -- C:\Users\*****\Contacts [2013/03/05 13:08:30 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/03/05 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Adobe [2013/03/05 13:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\USBChargerPlus [2013/03/05 13:07:38 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS [2013/03/05 13:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2013/03/05 13:06:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VirtualStore [2013/03/05 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Packages [2013/03/05 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ASUS [2013/03/05 13:06:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Intel [2013/03/05 13:06:07 | 000,000,000 | --SD | C] -- C:\Users\*****\AppData\Roaming\Microsoft [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Videos [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Saved Games [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Pictures [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Music [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Links [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Favorites [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Downloads [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Documents [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\Desktop [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/03/05 13:06:07 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Vorlagen [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\AppData\Local\Verlauf [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\AppData\Local\Temporary Internet Files [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Startmenü [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\SendTo [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Recent [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Netzwerkumgebung [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Lokale Einstellungen [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Documents\Eigene Videos [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Documents\Eigene Musik [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Eigene Dateien [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Documents\Eigene Bilder [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Druckumgebung [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Cookies [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\AppData\Local\Anwendungsdaten [2013/03/05 13:06:07 | 000,000,000 | -HSD | C] -- C:\Users\*****\Anwendungsdaten [2013/03/05 13:06:07 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData [2013/03/05 13:06:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Temp [2013/03/05 13:06:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Roaming [2013/03/05 13:06:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft [2013/03/05 13:06:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ========== Files - Modified Within 30 Days ========== [2013/03/07 11:23:52 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013/03/07 11:23:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270351854-578647523-2679939210-1002UA.job [2013/03/07 09:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/07 01:47:16 | 000,000,416 | ---- | M] () -- C:\Users\*****\AppData\Roaming\sp_data.sys [2013/03/07 01:46:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013/03/07 00:12:00 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/07 00:12:00 | 000,760,560 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/07 00:12:00 | 000,717,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/07 00:12:00 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/07 00:12:00 | 000,135,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/07 00:07:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/03/07 00:07:13 | 3339,972,608 | -HS- | M] () -- C:\hiberfil.sys [2013/03/06 18:30:25 | 000,307,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/06 17:52:47 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013/03/06 10:51:56 | 000,000,498 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2013/03/06 09:56:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013/03/05 22:03:45 | 016,384,888 | ---- | M] (Native Instruments ) -- C:\Users\*****\Desktop\Audio 8 DJ Driver Setup PC.exe [2013/03/05 22:03:44 | 023,959,360 | ---- | M] (Native Instruments ) -- C:\Users\*****\Desktop\Controller Editor 1.5.4 Setup PC.exe [2013/03/05 22:00:32 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Traktor.lnk [2013/03/05 21:58:45 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2013/03/05 21:57:59 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk [2013/03/05 18:54:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/05 18:08:37 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013/03/05 17:00:32 | 000,000,021 | ---- | M] () -- C:\Users\*****\AppData\Roaming\my_intel.sys [2013/03/05 14:34:04 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013/03/05 13:28:21 | 000,001,043 | ---- | M] () -- C:\Users\*****\Desktop\Dropbox.lnk [2013/03/05 13:27:36 | 000,001,053 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/03/05 13:25:23 | 002,736,217 | ---- | M] () -- C:\ProgramData\1362486014.bdinstall.bin [2013/03/05 13:25:03 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml [2013/03/05 13:24:37 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013/03/05 13:24:37 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013/03/05 13:24:37 | 000,000,636 | -H-- | M] () -- C:\bdr-cf01 [2013/03/05 13:24:23 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013/03/05 13:24:23 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk [2013/03/05 13:24:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013/03/05 13:23:34 | 000,001,107 | ---- | M] () -- C:\Users\*****\Desktop\KeePass 2.lnk [2013/03/05 13:23:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270351854-578647523-2679939210-1002Core.job [2013/03/05 13:13:42 | 000,002,372 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013/03/07 11:23:52 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013/03/06 17:52:47 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013/03/06 09:56:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013/03/06 08:58:33 | 000,307,904 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/05 22:08:47 | 000,000,498 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml [2013/03/05 22:00:32 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Traktor.lnk [2013/03/05 21:58:45 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2013/03/05 21:57:59 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk [2013/03/05 18:54:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/05 18:08:14 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013/03/05 17:00:32 | 000,000,021 | ---- | C] () -- C:\Users\*****\AppData\Roaming\my_intel.sys [2013/03/05 15:05:22 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013/03/05 15:05:22 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/03/05 13:49:20 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/03/05 13:28:21 | 000,001,043 | ---- | C] () -- C:\Users\*****\Desktop\Dropbox.lnk [2013/03/05 13:27:36 | 000,001,053 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/03/05 13:25:23 | 002,736,217 | ---- | C] () -- C:\ProgramData\1362486014.bdinstall.bin [2013/03/05 13:25:03 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2013/03/05 13:24:37 | 000,000,636 | -H-- | C] () -- C:\bdr-cf01 [2013/03/05 13:24:23 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013/03/05 13:24:23 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk [2013/03/05 13:24:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2013/03/05 13:23:34 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2013/03/05 13:23:34 | 000,001,107 | ---- | C] () -- C:\Users\*****\Desktop\KeePass 2.lnk [2013/03/05 13:23:12 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01 [2013/03/05 13:23:12 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013/03/05 13:23:11 | 037,133,532 | -H-- | C] () -- C:\bdr-im01.gz [2013/03/05 13:23:11 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013/03/05 13:13:42 | 000,002,372 | ---- | C] () -- C:\Users\*****\Desktop\Google Chrome.lnk [2013/03/05 13:13:09 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270351854-578647523-2679939210-1002UA.job [2013/03/05 13:13:08 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270351854-578647523-2679939210-1002Core.job [2013/03/05 13:09:08 | 000,000,416 | ---- | C] () -- C:\Users\*****\AppData\Roaming\sp_data.sys [2013/03/05 13:07:45 | 000,001,440 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/10/07 07:33:12 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.ini [2012/10/07 07:33:11 | 000,185,216 | ---- | C] () -- C:\Windows\SysWow64\dptfinvalidpolicyremover.exe [2012/08/30 08:34:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/08/30 08:33:43 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/08/30 08:33:41 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe [2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/07/25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/07/25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012/10/07 07:43:05 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/03/05 17:00:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASUS [2013/03/05 13:09:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASUS WebStorage [2013/03/05 14:40:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bitdefender [2013/03/07 09:32:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2013/03/05 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan [2013/03/06 09:07:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07/03/2013 11:28:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000809 | Country: Vereinigtes Königreich | Language: ENG | Date Format: dd/MM/yyyy
3.89 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 42.01% Memory free
7.39 Gb Paging File | 4.66 Gb Available in Paging File | 63.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 122.29 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 258.45 Gb Total Space | 258.30 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Computer Name: ZENBOOK | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E458CC-941A-4271-8059-E62EF039C0B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D4407E9-13A9-4D41-8497-95C79B5F2F81}" = lport=445 | protocol=6 | dir=in | app=system |
"{20F391E7-E67A-4B99-B1C2-6C2DA03E3D86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{228A52F8-266A-4AFD-8D97-C786C8FD478C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2BA0C045-D1AF-42D9-AEE2-A8978F9B685D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3590459B-07D2-4853-81F4-73D3DD2010AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{45D7EB9E-8896-4004-811A-EFA3BB13C00A}" = lport=139 | protocol=6 | dir=in | app=system |
"{48843919-DEA8-4C95-9E81-D36A5B71A281}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CF83CD4-A151-47EB-9B57-46612967FD67}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EFF6D27-80E6-4594-B0F2-20E0992D73CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F732A00-F453-4210-A827-EA8CA231D156}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68C15D63-56E8-41E4-9544-8DD19BBB918B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{691D927D-9295-412C-8A9C-0B77F4B1E391}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D5F0731-1C6C-4435-BCDC-7268D0DA2C2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6ED9A2C2-6601-4DB1-9AD3-27AF42861C39}" = lport=137 | protocol=17 | dir=in | app=system |
"{75AF5E4C-F8A7-4A6E-8957-DC1A3807982D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86A9A6B2-A53C-4BDF-A2D2-81B92649AD3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{875CCFBC-933B-402C-BC4A-C3C486AA78B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C13BBEFC-DCEB-46E7-AEAC-D7249EAB361C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9EA44C6-C916-4C60-939A-5DAE5AAEDB0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FBFBAA3D-03AD-41BF-94F8-217079A34F8C}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E62BA0-28A6-4918-980C-8E4B40D677D7}" = dir=out | name=jetpack joyride |
"{0A47B4AF-ED61-49F8-AEB0-912FA2A02BC0}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{0BB5CE49-E88B-45A9-8586-122EBC9DB207}" = dir=out | name=fresh paint |
"{191D97FD-AE5C-40ED-BC8A-CC32659A74F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27B9A30C-3B72-4F42-83E6-29845D94025F}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{2BF9F985-517C-493C-A93B-2042729ABBB2}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{36E74FF6-305D-474C-8A86-7BC3F3F78BB7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A11316A-B3C9-4AA0-A7FA-CAC790585468}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{3C9C6778-9A35-4651-8971-3153CF7BAAAD}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3D648A85-7C9D-4001-A01F-706FF5F15768}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{453E3499-BB51-41E2-BB88-10FAE5408AF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4593534D-32EA-4B87-8E96-0A338E51D603}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{468A0D5F-C8E6-4B57-99D5-B795D3F1CA68}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{4BA798F9-449C-4061-A7E3-F30F9D9AD172}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BADE5D2-28FD-42E0-9E51-299B0171AE28}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{4FC445FA-962D-4203-AD65-A80FFDC2FF1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5086EB0F-DCAC-41EC-8F66-92B17663EA47}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{58F70057-90F5-43F6-8B5E-AFD9D7DAEAE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59910F36-0027-4B84-9E71-5DF3DBA510EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B457FEE-C528-40FC-BDE3-9F73284B1648}" = dir=out | name=adera |
"{5D0610E6-E761-4F0E-8BAC-659CE31BA17B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F443F34-B5AE-4A63-9E9F-AE4CD8B6A193}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{60497D10-D432-4B6E-91DE-DFD3453C8246}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65A05529-635D-4BC7-AD2E-F59AAAAFD686}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6703BBD6-27A5-4488-A70D-9B24351C5BBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6739A725-CF10-4391-9CA2-80303129B1C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FDA670B-0D5D-46B8-965F-A7357B4620C0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7AB6F055-F490-4932-951E-136DA3CE9C98}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E3F9312-9B9D-4CB9-95DC-4D6700C12D14}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{891809C7-3766-4228-B988-9EA439D8F705}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{8D961C9C-B7B6-49BF-8964-0E01EB59A690}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{91AC6806-5DAD-4BC7-830F-95AA1FCC6544}" = dir=out | name=wordament |
"{96FA11AF-304E-46D4-B1B3-9D51C768DA53}" = dir=out | name=taptiles |
"{9D7B137B-DE2C-4102-A409-9FA536E4267B}" = dir=out | name=microsoft solitaire collection |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A2041730-7951-43FD-A520-5CD012C8C497}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A62D736D-9AA9-4919-950C-154AE6CC02DE}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{AB56B7A7-2EDF-47B1-BEF5-048FB1A696AD}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{AFA376D9-1E56-4524-BC63-66BA42761E05}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{B50B4A79-ABF4-4541-8ECA-4F7CE280127C}" = protocol=6 | dir=out | app=system |
"{B5EDD870-EF88-488D-BA40-780F512DE982}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{BBBFE284-B0B1-4F67-80A8-5ECB3DBFBC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD248F26-813E-47D8-8282-7311C6940D94}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFAEE444-CFD8-4155-AD0B-6C69B6087531}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D800AB2D-6137-485C-B1BF-C539CD3A42DC}" = dir=in | name=jetpack joyride |
"{DEA45E88-677B-4782-82A7-EA8C3E3B4481}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E575F74E-DC77-49CB-B8C6-D09BEA0DCF03}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC8EE205-C4B7-4A8A-9E60-2A51757120FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F30963FF-5EAC-47DF-828C-8BD64E2CE489}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{F6436B27-FC33-465A-8C4D-D6D7537FBCF4}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F6E40F9E-ADF2-4280-8482-4B9368C563D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8284331-EF5D-43BF-9E3F-652F27EAF288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{89D2FA50-6002-4AFB-8586-3E38B355E891}" = Intel® PROSet/Wireless WiFi Software
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"2BD897DEE9289F769D9176245811D5330A360B0B" = Windows-Treiberpaket - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)
"Bitdefender" = Bitdefender Total Security 2013
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Diablo III" = Diablo III
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel(R) Dynamic Platform and Thermal Framework
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05/03/2013 09:35:58 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 2.5.0.244,
Zeitstempel: 0x50220e70 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x134c Startzeit der fehlerhaften Anwendung: 0x01ce199bc2ea3783 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 9c28143e-8599-11e2-be79-c485083f6b22
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 05/03/2013 09:37:58 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InsOnSrv.exe, Version: 2.3.1.1, Zeitstempel:
0x4f878af7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x73c Startzeit der fehlerhaften Anwendung: 0x01ce199bb0627510 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e3a19450-8599-11e2-be79-c485083f6b22 Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 05/03/2013 09:40:24 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 05/03/2013 09:40:24 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 05/03/2013 09:43:43 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 05/03/2013 09:43:43 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 05/03/2013 10:06:36 | Computer Name = Zenbook | Source = .NET Runtime | ID = 1026
Description =
Error - 05/03/2013 10:06:38 | Computer Name = Zenbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NoteBookFanControl.exe, Version:
0.14.4.60, Zeitstempel: 0x510cee0c Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d Ausnahmecode: 0xe0434352 Fehleroffset:
0x00000000000189cc ID des fehlerhaften Prozesses: 0x1824 Startzeit der fehlerhaften
Anwendung: 0x01ce19aaa436b4a1 Pfad der fehlerhaften Anwendung: C:\Users\*****\AppData\Local\Temp\Temp1_NoteBookFanControl-0.14.4.60.beta.zip\NoteBookFanControl.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: e535a38b-859d-11e2-be7b-c485083f6b22
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 05/03/2013 10:33:23 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 05/03/2013 10:33:23 | Computer Name = Zenbook | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
< End of report >
|
|
07.03.2013, 11:41
| #17 |
| | Bitdefender deaktiviert sich nach Trojanerfund-Meldung Sorry: Wieder Doppelposting. Gelöscht.
__________________Nun auch noch mit ESET gescannt: Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8aefb16bba4f964b92ad9e71256685d9
# engine=13323
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-07 02:05:30
# local_time=2013-03-07 03:05:30 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 74241 22171241 0 0
# scanned=233729
# found=0
# cleaned=0
# scan_time=3293
|
|
08.03.2013, 11:52
| #18 |
| | Bitdefender deaktiviert sich nach Trojanerfund-Meldung Hi Markus,
__________________wie siehts denn aus? Kannst Du schon ne Beurteilung abgeben? |
|
08.03.2013, 19:23
| #19 |
| /// Malware-holic   | Bitdefender deaktiviert sich nach Trojanerfund-Meldung ich weis nicht, jeder hier scheint zu denken, er währe der wichtigste und kann nicht mal einen Tag warten, leute, wir machen das hier in unserer Freizeit und haben eventuell auch mal was anderes zu tun.... schon mal bitdefender de und reinstaliert?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Linear-Darstellung
