Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Log mit OTL

Log mit OTL


Log-Analyse und Auswertung: Log mit OTL

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.06.2018, 06:59   #1
Jan10001
 
Log mit OTL - Standard

Log mit OTL


edit
Themen zusammengführt +code tags
//cosinus

Code:
ATTFilter
OTL logfile created on: 15.06.2018 07:24:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jan\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,92 Gb Total Physical Memory | 14,67 Gb Available Physical Memory | 92,14% Memory free
18,80 Gb Paging File | 17,70 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,21 Gb Total Space | 442,79 Gb Free Space | 95,18% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-MPKLAP2 | User Name: jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2018.06.15 07:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
PRC - [2018.06.15 07:17:46 | 000,382,144 | ---- | M] (Microsoft Corporation) -- C:\Users\jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2015.07.10 18:43:51 | 007,496,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
PRC - [2015.07.10 13:00:23 | 000,412,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2015.07.10 13:00:15 | 004,528,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015.07.10 18:43:48 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2015.07.10 13:01:10 | 000,956,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015.07.10 13:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015.07.10 13:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015.07.10 13:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015.07.10 13:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015.07.10 13:00:38 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015.07.10 13:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015.07.10 13:00:21 | 001,031,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015.07.10 13:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015.07.10 13:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015.07.10 13:00:10 | 000,228,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015.07.10 13:00:10 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015.07.10 13:00:09 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.07.10 13:00:09 | 001,420,288 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015.07.10 13:00:09 | 001,202,176 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015.07.10 13:00:09 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015.07.10 13:00:09 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015.07.10 13:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015.07.10 13:00:09 | 000,289,280 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015.07.10 13:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015.07.10 13:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015.07.10 13:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015.07.10 13:00:07 | 002,674,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015.07.10 13:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015.07.10 13:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015.07.10 13:00:07 | 000,512,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015.07.10 13:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015.07.10 13:00:07 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015.07.10 13:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015.07.10 13:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015.07.10 13:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015.07.10 13:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015.07.10 13:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015.07.10 13:00:05 | 000,808,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015.07.10 13:00:04 | 000,279,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015.07.10 13:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015.07.10 13:00:03 | 001,169,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015.07.10 13:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015.07.10 13:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015.07.10 13:00:02 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015.07.10 13:00:02 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015.07.10 13:00:02 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015.07.10 13:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015.07.10 13:00:01 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015.07.10 13:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015.07.10 13:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015.07.10 13:00:00 | 000,717,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015.07.10 13:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015.07.10 12:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015.07.10 12:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015.07.10 12:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015.07.10 12:59:58 | 000,143,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015.07.10 12:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015.07.10 12:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015.07.10 12:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015.07.10 12:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015.07.10 12:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015.07.10 12:59:54 | 002,178,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015.07.10 12:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015.07.10 12:59:53 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015.07.10 12:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015.07.10 12:59:52 | 000,593,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015.07.10 12:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015.07.10 12:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015.07.10 12:59:50 | 000,379,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015.07.10 12:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015.07.10 12:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV - [2015.07.10 13:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015.07.10 13:00:29 | 002,049,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015.07.10 13:00:28 | 000,510,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015.07.10 13:00:25 | 000,924,672 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015.07.10 13:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015.07.10 13:00:23 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2018.06.15 06:33:41 | 000,024,688 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2015.07.10 18:44:18 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015.07.10 18:43:48 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015.07.10 13:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015.07.10 13:00:36 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015.07.10 13:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015.07.10 13:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015.07.10 13:00:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015.07.10 13:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015.07.10 13:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015.07.10 13:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015.07.10 13:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015.07.10 13:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015.07.10 13:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015.07.10 13:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015.07.10 13:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015.07.10 13:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015.07.10 13:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015.07.10 13:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015.07.10 13:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015.07.10 13:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015.07.10 13:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015.07.10 13:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015.07.10 12:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015.07.10 12:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015.07.10 12:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015.07.10 12:59:58 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015.07.10 12:59:56 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015.07.10 12:59:55 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015.07.10 12:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015.07.10 12:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015.07.10 12:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015.07.10 12:59:51 | 000,685,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015.07.10 12:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015.07.10 12:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015.07.10 12:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015.07.10 12:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015.07.10 12:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015.07.10 12:59:48 | 000,098,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015.07.10 12:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015.07.10 12:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015.07.10 12:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015.07.10 12:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015.07.10 12:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015.07.10 12:59:40 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015.07.10 12:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015.07.10 12:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015.07.10 12:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015.07.10 12:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015.07.10 12:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015.07.10 12:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015.07.10 12:59:39 | 000,517,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015.07.10 12:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015.07.10 12:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015.07.10 12:59:39 | 000,371,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015.07.10 12:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015.07.10 12:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015.07.10 12:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015.07.10 12:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015.07.10 12:59:39 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015.07.10 12:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015.07.10 12:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015.07.10 12:59:39 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015.07.10 12:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015.07.10 12:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015.07.10 12:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015.07.10 12:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015.07.10 12:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015.07.10 12:59:39 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015.07.10 12:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015.07.10 12:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015.07.10 12:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015.07.10 12:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015.07.10 12:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015.07.10 12:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015.07.10 12:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015.07.10 12:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015.07.10 12:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015.07.10 12:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015.07.10 12:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015.07.10 12:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015.07.10 12:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015.07.10 12:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015.07.10 12:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015.07.10 12:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015.07.10 12:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015.07.10 12:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015.07.10 12:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015.07.10 12:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015.07.10 12:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015.07.10 12:59:38 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015.07.10 12:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015.07.10 12:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015.07.10 12:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015.07.10 12:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015.07.10 12:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015.07.10 12:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015.07.10 12:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015.07.10 12:59:36 | 004,207,104 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2015.07.10 12:59:36 | 000,276,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015.07.10 12:59:36 | 000,237,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2015.07.10 12:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015.07.10 12:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015.07.10 12:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015.07.10 12:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015.07.10 12:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015.07.10 12:59:36 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015.07.10 12:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015.07.10 12:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015.07.10 12:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015.07.10 12:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015.07.10 12:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015.07.10 12:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015.07.10 12:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015.07.10 12:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015.07.10 12:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015.07.10 12:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015.07.10 12:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015.07.10 12:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV - [2015.07.10 12:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015.07.10 12:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-3746248641-295351815-3368058588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3746248641-295351815-3368058588-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
O1 HOSTS File: ([2015.07.10 13:02:42 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3746248641-295351815-3368058588-1001..\Run: [OneDrive] C:\Users\jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2018.06.15 07:18:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2018.06.15 07:18:19 | 002,413,056 | ---- | C] (Farbar) -- C:\Users\jan\Desktop\FRST64.exe
[2018.06.15 07:16:59 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\CrashDumps
[2018.06.15 06:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKillerPE
[2018.06.15 06:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2018.06.15 06:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[2018.06.15 06:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2018.06.15 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\CEF
[2018.06.15 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\AVAST Software
[2018.06.15 06:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2018.06.15 06:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2018.06.15 06:52:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2018.06.15 06:51:24 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Macromedia
[2018.06.15 06:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2018.06.15 06:51:02 | 000,000,000 | -HSD | C] -- C:\Users\jan\IntelGraphicsProfiles
[2018.06.15 06:51:00 | 000,000,000 | ---D | C] -- C:\Intel
[2018.06.15 06:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2018.06.15 06:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2018.06.15 06:49:52 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\MicrosoftEdge
[2018.06.15 06:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2018.06.15 06:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2018.06.15 06:44:36 | 000,000,000 | R--D | C] -- C:\Users\jan\OneDrive
[2018.06.15 06:43:31 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\PeerDistRepub
[2018.06.15 06:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2018.06.15 06:23:55 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\lang
[2018.06.15 06:22:44 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\NPE
[2018.06.15 06:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2018.06.15 06:21:38 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\FixZeroAccess
[2018.06.15 06:21:20 | 009,497,720 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\NPE.exe
[2018.06.15 06:21:16 | 001,124,816 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\NSPremiumDownloader.exe
[2018.06.15 06:20:57 | 000,393,168 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\jan\Desktop\show-hidden.exe
[2018.06.15 06:13:52 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2018.06.15 06:13:40 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\FixZeroAccess.exe
[2018.06.15 06:11:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2018.06.15 06:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2018.06.15 06:09:15 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Publishers
[2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\Searches
[2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\Contacts
[2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2018.06.15 06:08:41 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Adobe
[2018.06.15 06:08:38 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\VirtualStore
[2018.06.15 06:08:38 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Packages
[2018.06.15 06:08:37 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\TileDataLayer
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Vorlagen
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Verlauf
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Temporary Internet Files
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Startmenü
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\SendTo
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Recent
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Netzwerkumgebung
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Lokale Einstellungen
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Videos
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Musik
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Eigene Dateien
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Bilder
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Druckumgebung
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Cookies
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Anwendungsdaten
[2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Anwendungsdaten
[2018.06.15 06:08:32 | 000,000,000 | --SD | C] -- C:\Users\jan\AppData\Roaming\Microsoft
[2018.06.15 06:08:32 | 000,000,000 | R-SD | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Videos
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Saved Games
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Pictures
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Music
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Links
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Favorites
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Downloads
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Documents
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Desktop
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2018.06.15 06:08:32 | 000,000,000 | -H-D | C] -- C:\Users\jan\AppData
[2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Temp
[2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Microsoft
[2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2018.06.15 06:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2018.06.15 06:00:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Programme
[2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2018.06.15 05:58:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2018.06.15 05:58:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2018.06.15 05:53:07 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2018.06.15 05:52:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2018.06.15 07:24:07 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_jan_HistoryPrediction.bin
[2018.06.15 07:18:39 | 001,699,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018.06.15 07:18:39 | 000,734,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2018.06.15 07:18:39 | 000,696,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018.06.15 07:18:39 | 000,146,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2018.06.15 07:18:39 | 000,130,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018.06.15 07:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2018.06.15 07:17:46 | 000,000,312 | ---- | M] () -- C:\Users\jan\Desktop\Speccy.ini
[2018.06.15 07:14:45 | 007,088,408 | ---- | M] (Piriform Ltd) -- C:\Users\jan\Desktop\Speccy64.exe
[2018.06.15 07:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018.06.15 07:14:25 | 000,001,540 | ---- | M] () -- C:\Users\jan\Desktop\Norton Download Manager.lnk
[2018.06.15 07:14:25 | 000,001,350 | ---- | M] () -- C:\Users\jan\Desktop\Norton Installation Files.lnk
[2018.06.15 07:14:21 | 001,124,816 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\NSPremiumDownloader.exe
[2018.06.15 07:12:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2018.06.15 07:12:36 | 2543,251,455 | -HS- | M] () -- C:\hiberfil.sys
[2018.06.15 06:40:28 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job
[2018.06.15 06:33:41 | 000,024,688 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2018.06.15 06:24:11 | 005,519,128 | ---- | M] (Piriform Ltd) -- C:\Users\jan\Desktop\Speccy.exe
[2018.06.15 06:23:52 | 000,000,010 | ---- | M] () -- C:\Users\jan\Desktop\portable.dat
[2018.06.15 06:23:23 | 000,852,798 | ---- | M] () -- C:\Users\jan\Desktop\SecurityCheck.exe
[2018.06.15 06:22:43 | 009,497,720 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\NPE.exe
[2018.06.15 06:22:21 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2018.06.15 06:08:29 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_defaultuser0_HistoryPrediction.bin
[2018.06.15 05:57:50 | 000,189,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018.06.15 05:56:15 | 000,047,950 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2018.06.15 05:56:15 | 000,047,950 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2018.06.15 04:49:25 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\FixZeroAccess.exe
[2018.06.13 02:24:14 | 000,393,168 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\jan\Desktop\show-hidden.exe
[2018.06.12 19:29:01 | 005,381,587 | ---- | M] () -- C:\Users\jan\Desktop\spsetup128.zip
[2018.06.12 19:26:39 | 000,228,140 | ---- | M] () -- C:\Users\jan\Desktop\WMIExplorer_2.0.0.0.zip
[2018.06.12 19:24:45 | 009,214,024 | ---- | M] () -- C:\jan.exe
[2018.06.12 19:23:46 | 002,413,056 | ---- | M] (Farbar) -- C:\Users\jan\Desktop\FRST64.exe
 
========== Files Created - No Company Name ==========
 
[2018.06.15 07:24:07 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_jan_HistoryPrediction.bin
[2018.06.15 07:17:49 | 000,002,348 | ---- | C] () -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2018.06.15 07:14:24 | 000,001,540 | ---- | C] () -- C:\Users\jan\Desktop\Norton Download Manager.lnk
[2018.06.15 07:14:24 | 000,001,350 | ---- | C] () -- C:\Users\jan\Desktop\Norton Installation Files.lnk
[2018.06.15 06:38:13 | 000,000,312 | ---- | C] () -- C:\Users\jan\Desktop\Speccy.ini
[2018.06.15 06:27:10 | 000,024,688 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2018.06.15 06:21:10 | 005,381,587 | ---- | C] () -- C:\Users\jan\Desktop\spsetup128.zip
[2018.06.15 06:21:04 | 000,228,140 | ---- | C] () -- C:\Users\jan\Desktop\WMIExplorer_2.0.0.0.zip
[2018.06.15 06:21:00 | 000,852,798 | ---- | C] () -- C:\Users\jan\Desktop\SecurityCheck.exe
[2018.06.15 06:20:51 | 009,214,024 | ---- | C] () -- C:\jan.exe
[2018.06.15 06:14:03 | 001,699,356 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018.06.15 06:12:29 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job
[2018.06.15 06:08:29 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_defaultuser0_HistoryPrediction.bin
[2018.06.15 05:57:34 | 2543,251,455 | -HS- | C] () -- C:\hiberfil.sys
[2018.06.15 05:52:46 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015.07.10 13:00:07 | 006,490,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015.07.10 13:00:29 | 005,121,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.07.10 12:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.07.10 13:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.07.10 12:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2018.06.15 06:53:30 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\AVAST Software
 
========== Purity Check ==========
 
 

< End of report >
Geändert von cosinus (15.06.2018 um 08:45 Uhr)

 

Themen zu Log mit OTL
%systemroot%, amd, antivirus, appdata, autorun, avast, c:\windows, cdrom, center, check, current, dll, down, download, error, explorer, explorer.exe, extra, fastprox.dll, firewall, folge, format, homepage, iexplore.exe, inprocserver32, installation, local, log, logfile, lsass.exe, machine, microsoft, neu, norton, not, nvidia, pagefile.sys, ports, programme, registrierung, registry, report, roaming, rundll, rundll32.exe, scan, security, services, software, spoolsv.exe, start, svchost, svchost.exe, symantec, system32, userinit, users, wbemess.dll, windows, winlogon, zeroaccess


« Windows 10: Webseiten über Wlan nicht erreichbar, über LAN keine Einschränkung | Win10: anderer Rechner mit OpenOfficeUpdater plus Windows Defender Trojaner Fund »


Zum Thema Log mit OTL - edit Themen zusammengführt +code tags //cosinus Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 15.06.2018 07:24:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jan\Desktop 64bit- - Log mit OTL...
Archiv
Du betrachtest: Log mit OTL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131