| |
| |||||||
Log-Analyse und Auswertung: Log mit OTLWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.06.2018, 06:59
| #1 |
 |  Log mit OTL edit Themen zusammengführt +code tags //cosinus Code:
ATTFilter OTL logfile created on: 15.06.2018 07:24:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jan\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10240.16384) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,92 Gb Total Physical Memory | 14,67 Gb Available Physical Memory | 92,14% Memory free 18,80 Gb Paging File | 17,70 Gb Available in Paging File | 94,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,21 Gb Total Space | 442,79 Gb Free Space | 95,18% Space Free | Partition Type: NTFS Computer Name: DESKTOP-MPKLAP2 | User Name: jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2018.06.15 07:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe PRC - [2018.06.15 07:17:46 | 000,382,144 | ---- | M] (Microsoft Corporation) -- C:\Users\jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe PRC - [2015.07.10 18:43:51 | 007,496,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe PRC - [2015.07.10 13:00:23 | 000,412,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2015.07.10 13:00:15 | 004,528,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2015.07.10 18:43:48 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2015.07.10 13:01:10 | 000,956,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:64bit: - [2015.07.10 13:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2015.07.10 13:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:64bit: - [2015.07.10 13:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2015.07.10 13:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2015.07.10 13:00:38 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2015.07.10 13:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015.07.10 13:00:21 | 001,031,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:64bit: - [2015.07.10 13:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2015.07.10 13:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2015.07.10 13:00:10 | 000,228,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:64bit: - [2015.07.10 13:00:10 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:64bit: - [2015.07.10 13:00:09 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015.07.10 13:00:09 | 001,420,288 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:64bit: - [2015.07.10 13:00:09 | 001,202,176 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2015.07.10 13:00:09 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2015.07.10 13:00:09 | 000,289,280 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:64bit: - [2015.07.10 13:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:64bit: - [2015.07.10 13:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:64bit: - [2015.07.10 13:00:07 | 002,674,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:64bit: - [2015.07.10 13:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:64bit: - [2015.07.10 13:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,512,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:64bit: - [2015.07.10 13:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:64bit: - [2015.07.10 13:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:64bit: - [2015.07.10 13:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:64bit: - [2015.07.10 13:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:64bit: - [2015.07.10 13:00:05 | 000,808,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:64bit: - [2015.07.10 13:00:04 | 000,279,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2015.07.10 13:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2015.07.10 13:00:03 | 001,169,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:64bit: - [2015.07.10 13:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2015.07.10 13:00:02 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:64bit: - [2015.07.10 13:00:02 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2015.07.10 13:00:01 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2015.07.10 13:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2015.07.10 13:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2015.07.10 13:00:00 | 000,717,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:64bit: - [2015.07.10 13:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2015.07.10 12:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:64bit: - [2015.07.10 12:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc) SRV:64bit: - [2015.07.10 12:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:64bit: - [2015.07.10 12:59:58 | 000,143,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1) SRV:64bit: - [2015.07.10 12:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2015.07.10 12:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2015.07.10 12:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2015.07.10 12:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2015.07.10 12:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2015.07.10 12:59:54 | 002,178,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2015.07.10 12:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:64bit: - [2015.07.10 12:59:53 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:64bit: - [2015.07.10 12:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:64bit: - [2015.07.10 12:59:52 | 000,593,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2015.07.10 12:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:64bit: - [2015.07.10 12:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2015.07.10 12:59:50 | 000,379,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2015.07.10 12:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2015.07.10 12:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV - [2015.07.10 13:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc) SRV - [2015.07.10 13:00:29 | 002,049,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2015.07.10 13:00:28 | 000,510,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2015.07.10 13:00:25 | 000,924,672 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2015.07.10 13:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2015.07.10 13:00:23 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) ========== Driver Services (SafeList) ========== DRV:64bit: - [2018.06.15 06:33:41 | 000,024,688 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight) DRV:64bit: - [2015.07.10 18:44:18 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2015.07.10 18:43:48 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2015.07.10 13:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2015.07.10 13:00:36 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2015.07.10 13:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2015.07.10 13:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015.07.10 13:00:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:64bit: - [2015.07.10 13:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:64bit: - [2015.07.10 13:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:64bit: - [2015.07.10 13:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2015.07.10 13:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2015.07.10 13:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2015.07.10 13:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:64bit: - [2015.07.10 13:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2015.07.10 13:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos) DRV:64bit: - [2015.07.10 13:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:64bit: - [2015.07.10 13:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:64bit: - [2015.07.10 13:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2015.07.10 13:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2015.07.10 13:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2015.07.10 13:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:64bit: - [2015.07.10 13:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:64bit: - [2015.07.10 12:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2015.07.10 12:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2015.07.10 12:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2015.07.10 12:59:58 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2015.07.10 12:59:56 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:64bit: - [2015.07.10 12:59:55 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2015.07.10 12:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2015.07.10 12:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2015.07.10 12:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2015.07.10 12:59:51 | 000,685,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:64bit: - [2015.07.10 12:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2015.07.10 12:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2015.07.10 12:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2015.07.10 12:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:64bit: - [2015.07.10 12:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2015.07.10 12:59:48 | 000,098,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2015.07.10 12:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:64bit: - [2015.07.10 12:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2015.07.10 12:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2015.07.10 12:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:64bit: - [2015.07.10 12:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:64bit: - [2015.07.10 12:59:40 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2015.07.10 12:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2015.07.10 12:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:64bit: - [2015.07.10 12:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:64bit: - [2015.07.10 12:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2015.07.10 12:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:64bit: - [2015.07.10 12:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus) DRV:64bit: - [2015.07.10 12:59:39 | 000,517,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2015.07.10 12:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2015.07.10 12:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus) DRV:64bit: - [2015.07.10 12:59:39 | 000,371,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2015.07.10 12:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2015.07.10 12:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2015.07.10 12:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys) DRV:64bit: - [2015.07.10 12:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea) DRV:64bit: - [2015.07.10 12:59:39 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2015.07.10 12:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2015.07.10 12:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr) DRV:64bit: - [2015.07.10 12:59:39 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2015.07.10 12:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2015.07.10 12:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs) DRV:64bit: - [2015.07.10 12:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i) DRV:64bit: - [2015.07.10 12:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i) DRV:64bit: - [2015.07.10 12:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2015.07.10 12:59:39 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi) DRV:64bit: - [2015.07.10 12:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2015.07.10 12:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs) DRV:64bit: - [2015.07.10 12:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2015.07.10 12:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2015.07.10 12:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad) DRV:64bit: - [2015.07.10 12:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum) DRV:64bit: - [2015.07.10 12:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2015.07.10 12:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2015.07.10 12:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2015.07.10 12:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2015.07.10 12:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2015.07.10 12:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip) DRV:64bit: - [2015.07.10 12:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2015.07.10 12:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg) DRV:64bit: - [2015.07.10 12:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2015.07.10 12:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i) DRV:64bit: - [2015.07.10 12:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i) DRV:64bit: - [2015.07.10 12:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2015.07.10 12:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2015.07.10 12:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2015.07.10 12:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt) DRV:64bit: - [2015.07.10 12:59:38 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter) DRV:64bit: - [2015.07.10 12:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2015.07.10 12:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid) DRV:64bit: - [2015.07.10 12:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2015.07.10 12:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn) DRV:64bit: - [2015.07.10 12:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2015.07.10 12:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2015.07.10 12:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2015.07.10 12:59:36 | 004,207,104 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr) DRV:64bit: - [2015.07.10 12:59:36 | 000,276,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2015.07.10 12:59:36 | 000,237,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2015.07.10 12:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2015.07.10 12:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2015.07.10 12:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc) DRV:64bit: - [2015.07.10 12:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2015.07.10 12:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2015.07.10 12:59:36 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2015.07.10 12:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2015.07.10 12:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2015.07.10 12:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2015.07.10 12:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2015.07.10 12:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2015.07.10 12:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2015.07.10 12:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2015.07.10 12:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc) DRV:64bit: - [2015.07.10 12:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2015.07.10 12:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2015.07.10 12:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2015.07.10 12:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV - [2015.07.10 12:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum) DRV - [2015.07.10 12:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKU\S-1-5-21-3746248641-295351815-3368058588-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKU\S-1-5-21-3746248641-295351815-3368058588-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2015.07.10 13:02:42 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3746248641-295351815-3368058588-1001..\Run: [OneDrive] C:\Users\jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2018.06.15 07:18:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe [2018.06.15 07:18:19 | 002,413,056 | ---- | C] (Farbar) -- C:\Users\jan\Desktop\FRST64.exe [2018.06.15 07:16:59 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\CrashDumps [2018.06.15 06:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKillerPE [2018.06.15 06:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2018.06.15 06:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT [2018.06.15 06:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2018.06.15 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\CEF [2018.06.15 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\AVAST Software [2018.06.15 06:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2018.06.15 06:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2018.06.15 06:52:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2018.06.15 06:51:24 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Macromedia [2018.06.15 06:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2018.06.15 06:51:02 | 000,000,000 | -HSD | C] -- C:\Users\jan\IntelGraphicsProfiles [2018.06.15 06:51:00 | 000,000,000 | ---D | C] -- C:\Intel [2018.06.15 06:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2018.06.15 06:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2018.06.15 06:49:52 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\MicrosoftEdge [2018.06.15 06:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2018.06.15 06:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2018.06.15 06:44:36 | 000,000,000 | R--D | C] -- C:\Users\jan\OneDrive [2018.06.15 06:43:31 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\PeerDistRepub [2018.06.15 06:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller [2018.06.15 06:23:55 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\lang [2018.06.15 06:22:44 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\NPE [2018.06.15 06:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2018.06.15 06:21:38 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\FixZeroAccess [2018.06.15 06:21:20 | 009,497,720 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\NPE.exe [2018.06.15 06:21:16 | 001,124,816 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\NSPremiumDownloader.exe [2018.06.15 06:20:57 | 000,393,168 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\jan\Desktop\show-hidden.exe [2018.06.15 06:13:52 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2018.06.15 06:13:40 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\jan\Desktop\FixZeroAccess.exe [2018.06.15 06:11:15 | 000,000,000 | ---D | C] -- C:\Windows\pss [2018.06.15 06:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive [2018.06.15 06:09:15 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Publishers [2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\Searches [2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\Contacts [2018.06.15 06:08:54 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2018.06.15 06:08:41 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Adobe [2018.06.15 06:08:38 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\VirtualStore [2018.06.15 06:08:38 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Packages [2018.06.15 06:08:37 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\TileDataLayer [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Vorlagen [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Verlauf [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Temporary Internet Files [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Startmenü [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\SendTo [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Recent [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Netzwerkumgebung [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Lokale Einstellungen [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Videos [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Musik [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Eigene Dateien [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\Eigene Bilder [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Druckumgebung [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Cookies [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Anwendungsdaten [2018.06.15 06:08:33 | 000,000,000 | -HSD | C] -- C:\Users\jan\Anwendungsdaten [2018.06.15 06:08:32 | 000,000,000 | --SD | C] -- C:\Users\jan\AppData\Roaming\Microsoft [2018.06.15 06:08:32 | 000,000,000 | R-SD | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Videos [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Saved Games [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Pictures [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Music [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Links [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Favorites [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Downloads [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Documents [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\Desktop [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2018.06.15 06:08:32 | 000,000,000 | R--D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2018.06.15 06:08:32 | 000,000,000 | -H-D | C] -- C:\Users\jan\AppData [2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Temp [2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Microsoft [2018.06.15 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2018.06.15 06:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2018.06.15 06:00:34 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Programme [2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2018.06.15 05:58:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2018.06.15 05:58:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2018.06.15 05:58:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2018.06.15 05:58:19 | 000,000,000 | -HSD | C] -- C:\Recovery [2018.06.15 05:53:07 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2018.06.15 05:52:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2018.06.15 07:24:07 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_jan_HistoryPrediction.bin [2018.06.15 07:18:39 | 001,699,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018.06.15 07:18:39 | 000,734,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2018.06.15 07:18:39 | 000,696,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2018.06.15 07:18:39 | 000,146,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2018.06.15 07:18:39 | 000,130,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2018.06.15 07:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe [2018.06.15 07:17:46 | 000,000,312 | ---- | M] () -- C:\Users\jan\Desktop\Speccy.ini [2018.06.15 07:14:45 | 007,088,408 | ---- | M] (Piriform Ltd) -- C:\Users\jan\Desktop\Speccy64.exe [2018.06.15 07:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2018.06.15 07:14:25 | 000,001,540 | ---- | M] () -- C:\Users\jan\Desktop\Norton Download Manager.lnk [2018.06.15 07:14:25 | 000,001,350 | ---- | M] () -- C:\Users\jan\Desktop\Norton Installation Files.lnk [2018.06.15 07:14:21 | 001,124,816 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\NSPremiumDownloader.exe [2018.06.15 07:12:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2018.06.15 07:12:36 | 2543,251,455 | -HS- | M] () -- C:\hiberfil.sys [2018.06.15 06:40:28 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job [2018.06.15 06:33:41 | 000,024,688 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys [2018.06.15 06:24:11 | 005,519,128 | ---- | M] (Piriform Ltd) -- C:\Users\jan\Desktop\Speccy.exe [2018.06.15 06:23:52 | 000,000,010 | ---- | M] () -- C:\Users\jan\Desktop\portable.dat [2018.06.15 06:23:23 | 000,852,798 | ---- | M] () -- C:\Users\jan\Desktop\SecurityCheck.exe [2018.06.15 06:22:43 | 009,497,720 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\NPE.exe [2018.06.15 06:22:21 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2018.06.15 06:08:29 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_defaultuser0_HistoryPrediction.bin [2018.06.15 05:57:50 | 000,189,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2018.06.15 05:56:15 | 000,047,950 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2018.06.15 05:56:15 | 000,047,950 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2018.06.15 04:49:25 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\jan\Desktop\FixZeroAccess.exe [2018.06.13 02:24:14 | 000,393,168 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\jan\Desktop\show-hidden.exe [2018.06.12 19:29:01 | 005,381,587 | ---- | M] () -- C:\Users\jan\Desktop\spsetup128.zip [2018.06.12 19:26:39 | 000,228,140 | ---- | M] () -- C:\Users\jan\Desktop\WMIExplorer_2.0.0.0.zip [2018.06.12 19:24:45 | 009,214,024 | ---- | M] () -- C:\jan.exe [2018.06.12 19:23:46 | 002,413,056 | ---- | M] (Farbar) -- C:\Users\jan\Desktop\FRST64.exe ========== Files Created - No Company Name ========== [2018.06.15 07:24:07 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_jan_HistoryPrediction.bin [2018.06.15 07:17:49 | 000,002,348 | ---- | C] () -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [2018.06.15 07:14:24 | 000,001,540 | ---- | C] () -- C:\Users\jan\Desktop\Norton Download Manager.lnk [2018.06.15 07:14:24 | 000,001,350 | ---- | C] () -- C:\Users\jan\Desktop\Norton Installation Files.lnk [2018.06.15 06:38:13 | 000,000,312 | ---- | C] () -- C:\Users\jan\Desktop\Speccy.ini [2018.06.15 06:27:10 | 000,024,688 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys [2018.06.15 06:21:10 | 005,381,587 | ---- | C] () -- C:\Users\jan\Desktop\spsetup128.zip [2018.06.15 06:21:04 | 000,228,140 | ---- | C] () -- C:\Users\jan\Desktop\WMIExplorer_2.0.0.0.zip [2018.06.15 06:21:00 | 000,852,798 | ---- | C] () -- C:\Users\jan\Desktop\SecurityCheck.exe [2018.06.15 06:20:51 | 009,214,024 | ---- | C] () -- C:\jan.exe [2018.06.15 06:14:03 | 001,699,356 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018.06.15 06:12:29 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job [2018.06.15 06:08:29 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_defaultuser0_HistoryPrediction.bin [2018.06.15 05:57:34 | 2543,251,455 | -HS- | C] () -- C:\hiberfil.sys [2018.06.15 05:52:46 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2015.07.10 13:00:07 | 006,490,832 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2015.07.10 13:00:29 | 005,121,128 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.07.10 12:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2015.07.10 13:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.07.10 12:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2018.06.15 06:53:30 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\AVAST Software ========== Purity Check ========== < End of report > Geändert von cosinus (15.06.2018 um 08:45 Uhr) |
|
15.06.2018, 07:00
| #2 |
| | OTL Extras edit
__________________Themen zusammengführt +code tags //cosinus Code:
ATTFilter OTL Extras logfile created on: 15.06.2018 07:24:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jan\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,92 Gb Total Physical Memory | 14,67 Gb Available Physical Memory | 92,14% Memory free
18,80 Gb Paging File | 17,70 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,21 Gb Total Space | 442,79 Gb Free Space | 95,18% Space Free | Partition Type: NTFS
Computer Name: DESKTOP-MPKLAP2 | User Name: jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 2D 4C CF B5 5E 04 D4 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0827656D-B43A-4232-B20A-F7E800980D08}" = dir=in | name=@{microsoft.bingweather_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitle} |
"{0A3CA34F-D138-43B0-8F6A-F86DAE4CF971}" = dir=out | name=@{microsoft.zunevideo_3.6.10811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{0A7FD480-065E-484C-827B-CE18ED8BB652}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{1CA168A1-0D45-46B6-8CE4-90E1E9CC436F}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{23D0B790-AAF5-4071-8550-C923CE9A75ED}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{29EFA40D-AC67-4F84-916E-7AB49A297908}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{2A176DEE-BBC4-4A28-9395-3363180405C8}" = dir=out | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{2F104000-A4BC-419F-AE98-9195A84E3939}" = dir=out | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{320EA192-C312-46E8-B0D8-4521A89B7DD6}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{3A637CF0-2737-45ED-B262-7070E4EB4E18}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{3C95A6E3-DD95-45A9-A702-34FFE7E6E32C}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{48E29CEB-538F-473D-A027-C01DF1D41BB3}" = dir=out | name=@{microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{4ED45301-101A-4033-9DBA-02455F76973B}" = dir=out | name=@{microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{50C82A93-EE7F-48F1-9C33-C0CA69880546}" = dir=in | name=xbox |
"{51AF3367-E250-4029-AE77-456616F48FF4}" = dir=out | name=@{microsoft.bingweather_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitle} |
"{576086E3-1BEC-4BE1-B86E-29FE354D3630}" = dir=out | name=@{microsoft.windowsphone_10.1506.20010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{6BC963BF-27D4-4A18-B64A-CEB1D44943F8}" = dir=out | name=@{microsoft.people_1.10159.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{7082800F-F374-4F0A-BAE2-A7664F31C1A6}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{72897A72-950D-471B-94B4-D1382FB9AEC5}" = dir=out | name=@{microsoft.windows.cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{76BD5E73-0C44-4918-945E-76CA539D1301}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{7925A6C5-8C6B-47C5-B3B5-B09D9902BE28}" = dir=out | name=@{microsoft.windowsmaps_4.1505.50619.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{7A50E392-F469-45D1-8622-EA063E3E6972}" = dir=out | name=xbox |
"{82E03A05-AE6D-4B8C-AEE0-9C56266917D5}" = dir=in | name=@{microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{87855CC6-80FA-4230-AE69-739224DC341C}" = dir=out | name=@{microsoft.accountscontrol_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{8AEF2A7C-4D21-4466-86F7-EF7A176BC82F}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{8C1ABA46-881E-465E-BE8F-0E161E5E177F}" = dir=in | name=@{microsoft.windowsstore_2015.7.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{8F5D5F93-9A36-40F2-A6EC-91279D5830A3}" = dir=out | name=@{microsoft.lockapp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{9B103220-D188-4245-A354-45E672C725F5}" = dir=out | name=@{microsoft.zunemusic_3.6.10841.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{A0C78CE3-BF91-45FB-9795-2DE9CE1C8F57}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{AB80F61C-94B3-4887-9938-45E05D5B956A}" = dir=in | name=@{microsoft.microsoftedge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{B831829E-9675-4B42-88E4-FA35286A7232}" = dir=in | name=@{microsoft.windows.cortana_1.4.8.152_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{BCF17A2C-B254-43C7-BAFD-79593687AFF5}" = dir=out | name=@{microsoft.windowsstore_2015.7.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{BCFAD2F1-E14B-4CFE-A9DD-1EE508F924FC}" = dir=in | name=@{microsoft.windows.photos_15.618.18170.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{BDA39C6F-DCE6-4901-89B5-3D6E913B55AC}" = dir=in | name=@{windows.contactsupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{BF7200D8-C860-4C3B-BF8A-44942B6E26EB}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C207683E-519D-4EAF-BE3E-41A7B00702C2}" = dir=out | name=@{microsoft.windows.photos_15.618.18170.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{C389127B-F970-4460-ABD7-78864AE43D83}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{C6D1E500-4B4A-4B14-A549-A7E88DAB2E50}" = dir=out | name=get started |
"{CC26D5DF-7B17-4359-B55E-0DCE65A55F28}" = protocol=58 | dir=in | app=system |
"{D0E2D1E2-9D22-4967-91BD-D508864F7760}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6002.42251.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{D65450B8-FD94-4ED7-A531-F4188CB46BB1}" = dir=in | name=@{microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{E011CA1B-FDD3-4152-BC35-6BAE04CA15A2}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2018 01:04:22 | Computer Name = DESKTOP-MPKLAP2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: APEV_portable64.exe, Version: 2.0.3.0,
Zeitstempel: 0x59df192e Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10240.16384,
Zeitstempel: 0x559f384f Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea31c
ID
des fehlerhaften Prozesses: 0xbe0 Startzeit der fehlerhaften Anwendung: 0x01d404659189c099
Pfad
der fehlerhaften Anwendung: C:\Users\jan\Downloads\APEV_portable64.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 66dee32b-cd04-4fb9-8c8b-c6914d50a012
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.06.2018 01:13:02 | Computer Name = DESKTOP-MPKLAP2 | Source = ESENT | ID = 455
Description = svchost (1560) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei
C:\Windows\system32\SRU\SRU00006.log.
Error - 15.06.2018 01:13:32 | Computer Name = DESKTOP-MPKLAP2 | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 15.06.2018 01:13:32 | Computer Name = DESKTOP-MPKLAP2 | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error - 15.06.2018 01:13:32 | Computer Name = DESKTOP-MPKLAP2 | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error - 15.06.2018 01:16:26 | Computer Name = DESKTOP-MPKLAP2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version:
10.0.10240.16384, Zeitstempel: 0x559f467c Name des fehlerhaften Moduls: ntdll.dll,
Version: 10.0.10240.16384, Zeitstempel: 0x559f384f Ausnahmecode: 0xc0000374 Fehleroffset:
0x00000000000ea31c ID des fehlerhaften Prozesses: 0xf50 Startzeit der fehlerhaften
Anwendung: 0x01d40467a39ed9ee Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0906b13c-b360-4dd2-a342-87ea5f6fa5b1
Vollständiger
Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 15.06.2018 01:16:32 | Computer Name = DESKTOP-MPKLAP2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RuntimeBroker.exe, Version: 10.0.10240.16384,
Zeitstempel: 0x559f39eb Name des fehlerhaften Moduls: SHELL32.dll, Version: 10.0.10240.16384,
Zeitstempel: 0x559f3ee0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001c7c17
ID
des fehlerhaften Prozesses: 0xe14 Startzeit der fehlerhaften Anwendung: 0x01d40467a2b5f43c
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\RuntimeBroker.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\SHELL32.dll Berichtskennung: 0efbd078-ab15-45ad-b41b-c278cf99ebbf
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.06.2018 01:17:43 | Computer Name = DESKTOP-MPKLAP2 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.WindowsAlarms_8wekyb3d8bbwe!App“
ist folgender Fehler aufgetreten: -2147023665. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 15.06.2018 01:17:47 | Computer Name = DESKTOP-MPKLAP2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version:
10.0.10240.16384, Zeitstempel: 0x559f467c Name des fehlerhaften Moduls: twinapi.appcore.dll,
Version: 10.0.10240.16384, Zeitstempel: 0x559f39fb Ausnahmecode: 0xc000027b Fehleroffset:
0x000000000006684f ID des fehlerhaften Prozesses: 0x1780 Startzeit der fehlerhaften
Anwendung: 0x01d404681773897f Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\twinapi.appcore.dll Berichtskennung:
0e08df95-482d-4f07-993b-4c791768d857 Vollständiger Name des fehlerhaften Pakets:
Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 15.06.2018 01:26:19 | Computer Name = DESKTOP-MPKLAP2 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App“
ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
[ System Events ]
Error - 15.06.2018 01:26:05 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:05 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:05 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:05 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:06 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:06 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:06 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:07 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:07 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
Error - 15.06.2018 01:26:08 | Computer Name = DESKTOP-MPKLAP2 | Source = DCOM | ID = 10016
Description =
< End of report >
Geändert von cosinus (15.06.2018 um 08:43 Uhr) |
|
15.06.2018, 07:10
| #3 |
| | Otl mit Extra RegistrierungCode:
ATTFilter OTL logfile created on: 15.06.2018 08:02:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jan\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10240.16384) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,92 Gb Total Physical Memory | 13,40 Gb Available Physical Memory | 84,14% Memory free 18,80 Gb Paging File | 16,74 Gb Available in Paging File | 89,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,21 Gb Total Space | 439,04 Gb Free Space | 94,38% Space Free | Partition Type: NTFS Computer Name: DESKTOP-MPKLAP2 | User Name: jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (All) ========== PRC - File not found -- PRC - [2018.06.15 08:01:06 | 009,214,024 | ---- | M] () -- C:\jan.exe PRC - [2018.06.15 07:53:27 | 012,007,128 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2018.06.15 07:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe PRC - [2018.06.15 07:17:46 | 000,382,144 | ---- | M] (Microsoft Corporation) -- C:\Users\jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe PRC - [2015.07.10 18:43:51 | 007,496,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:25 | 000,035,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch] PRC - [2015.07.10 13:00:15 | 004,528,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Services (All) ========== SRV:64bit: - [2018.06.15 07:27:13 | 000,365,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0) SRV:64bit: - [2015.07.10 18:44:22 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2015.07.10 18:44:12 | 000,177,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2015.07.10 18:43:48 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2015.07.10 18:43:30 | 000,733,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2015.07.10 18:43:24 | 001,977,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2015.07.10 13:01:38 | 000,651,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:64bit: - [2015.07.10 13:01:34 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService) SRV:64bit: - [2015.07.10 13:01:33 | 001,570,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2015.07.10 13:01:20 | 000,086,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum) SRV:64bit: - [2015.07.10 13:01:10 | 001,105,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain) SRV:64bit: - [2015.07.10 13:01:10 | 000,956,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:64bit: - [2015.07.10 13:01:10 | 000,637,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:64bit: - [2015.07.10 13:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2015.07.10 13:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:64bit: - [2015.07.10 13:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2015.07.10 13:01:09 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:64bit: - [2015.07.10 13:01:09 | 000,179,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:64bit: - [2015.07.10 13:01:09 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) SRV:64bit: - [2015.07.10 13:00:41 | 000,394,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc) SRV:64bit: - [2015.07.10 13:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2015.07.10 13:00:39 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:64bit: - [2015.07.10 13:00:38 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2015.07.10 13:00:38 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2015.07.10 13:00:38 | 000,359,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2015.07.10 13:00:38 | 000,273,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2015.07.10 13:00:36 | 000,434,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc) SRV:64bit: - [2015.07.10 13:00:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2015.07.10 13:00:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2015.07.10 13:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015.07.10 13:00:36 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2015.07.10 13:00:21 | 001,031,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:64bit: - [2015.07.10 13:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc) SRV:64bit: - [2015.07.10 13:00:21 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport) SRV:64bit: - [2015.07.10 13:00:20 | 001,032,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService) SRV:64bit: - [2015.07.10 13:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2015.07.10 13:00:20 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv) SRV:64bit: - [2015.07.10 13:00:20 | 000,043,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService) SRV:64bit: - [2015.07.10 13:00:19 | 000,593,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV:64bit: - [2015.07.10 13:00:17 | 000,058,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2015.07.10 13:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2015.07.10 13:00:14 | 000,781,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:64bit: - [2015.07.10 13:00:14 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV:64bit: - [2015.07.10 13:00:13 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc) SRV:64bit: - [2015.07.10 13:00:10 | 000,228,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:64bit: - [2015.07.10 13:00:10 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:64bit: - [2015.07.10 13:00:10 | 000,079,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2015.07.10 13:00:10 | 000,056,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:64bit: - [2015.07.10 13:00:10 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:64bit: - [2015.07.10 13:00:09 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015.07.10 13:00:09 | 001,420,288 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:64bit: - [2015.07.10 13:00:09 | 001,202,176 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,954,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT) SRV:64bit: - [2015.07.10 13:00:09 | 000,794,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:64bit: - [2015.07.10 13:00:09 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2015.07.10 13:00:09 | 000,504,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2015.07.10 13:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2015.07.10 13:00:09 | 000,289,280 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:64bit: - [2015.07.10 13:00:09 | 000,276,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:64bit: - [2015.07.10 13:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:64bit: - [2015.07.10 13:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:64bit: - [2015.07.10 13:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:64bit: - [2015.07.10 13:00:07 | 002,674,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:64bit: - [2015.07.10 13:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:64bit: - [2015.07.10 13:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,902,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch) SRV:64bit: - [2015.07.10 13:00:07 | 000,856,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,512,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:64bit: - [2015.07.10 13:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:64bit: - [2015.07.10 13:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:64bit: - [2015.07.10 13:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:64bit: - [2015.07.10 13:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:64bit: - [2015.07.10 13:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:64bit: - [2015.07.10 13:00:05 | 001,679,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2015.07.10 13:00:05 | 000,808,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:64bit: - [2015.07.10 13:00:04 | 001,082,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv) SRV:64bit: - [2015.07.10 13:00:04 | 000,279,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2015.07.10 13:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2015.07.10 13:00:03 | 002,239,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:64bit: - [2015.07.10 13:00:03 | 001,169,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:64bit: - [2015.07.10 13:00:02 | 006,525,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:64bit: - [2015.07.10 13:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2015.07.10 13:00:02 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:64bit: - [2015.07.10 13:00:02 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2015.07.10 13:00:02 | 000,093,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:64bit: - [2015.07.10 13:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2015.07.10 13:00:02 | 000,043,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect) SRV:64bit: - [2015.07.10 13:00:01 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2015.07.10 13:00:01 | 001,335,296 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc) SRV:64bit: - [2015.07.10 13:00:01 | 000,605,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2015.07.10 13:00:01 | 000,283,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:64bit: - [2015.07.10 13:00:01 | 000,279,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) SRV:64bit: - [2015.07.10 13:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2015.07.10 13:00:01 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV:64bit: - [2015.07.10 13:00:01 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2015.07.10 13:00:01 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:64bit: - [2015.07.10 13:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2015.07.10 13:00:00 | 000,717,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:64bit: - [2015.07.10 13:00:00 | 000,518,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time) SRV:64bit: - [2015.07.10 13:00:00 | 000,232,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr) SRV:64bit: - [2015.07.10 13:00:00 | 000,192,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc) SRV:64bit: - [2015.07.10 13:00:00 | 000,192,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc) SRV:64bit: - [2015.07.10 13:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2015.07.10 13:00:00 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI) SRV:64bit: - [2015.07.10 13:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2015.07.10 13:00:00 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2015.07.10 12:59:59 | 000,873,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:64bit: - [2015.07.10 12:59:59 | 000,873,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:64bit: - [2015.07.10 12:59:59 | 000,472,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV:64bit: - [2015.07.10 12:59:59 | 000,378,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm) SRV:64bit: - [2015.07.10 12:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:64bit: - [2015.07.10 12:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc) SRV:64bit: - [2015.07.10 12:59:59 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC) SRV:64bit: - [2015.07.10 12:59:59 | 000,114,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks) SRV:64bit: - [2015.07.10 12:59:59 | 000,093,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2015.07.10 12:59:59 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV:64bit: - [2015.07.10 12:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:64bit: - [2015.07.10 12:59:59 | 000,018,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp) SRV:64bit: - [2015.07.10 12:59:59 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator) SRV:64bit: - [2015.07.10 12:59:58 | 001,486,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla) SRV:64bit: - [2015.07.10 12:59:58 | 001,370,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:64bit: - [2015.07.10 12:59:58 | 000,508,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc) SRV:64bit: - [2015.07.10 12:59:58 | 000,143,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1) SRV:64bit: - [2015.07.10 12:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1) SRV:64bit: - [2015.07.10 12:59:57 | 000,665,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds) SRV:64bit: - [2015.07.10 12:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2015.07.10 12:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2015.07.10 12:59:57 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:64bit: - [2015.07.10 12:59:57 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (DeviceInstall) SRV:64bit: - [2015.07.10 12:59:56 | 000,495,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2015.07.10 12:59:56 | 000,228,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient) SRV:64bit: - [2015.07.10 12:59:56 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dps.dll -- (DPS) SRV:64bit: - [2015.07.10 12:59:56 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost) SRV:64bit: - [2015.07.10 12:59:56 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost) SRV:64bit: - [2015.07.10 12:59:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS) SRV:64bit: - [2015.07.10 12:59:56 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub) SRV:64bit: - [2015.07.10 12:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2015.07.10 12:59:55 | 000,464,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:64bit: - [2015.07.10 12:59:55 | 000,154,112 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry) SRV:64bit: - [2015.07.10 12:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2015.07.10 12:59:55 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost) SRV:64bit: - [2015.07.10 12:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2015.07.10 12:59:54 | 002,556,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM) SRV:64bit: - [2015.07.10 12:59:54 | 002,178,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2015.07.10 12:59:54 | 001,729,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog) SRV:64bit: - [2015.07.10 12:59:54 | 001,008,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:64bit: - [2015.07.10 12:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:64bit: - [2015.07.10 12:59:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:64bit: - [2015.07.10 12:59:54 | 000,202,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv) SRV:64bit: - [2015.07.10 12:59:53 | 001,168,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:64bit: - [2015.07.10 12:59:53 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc) SRV:64bit: - [2015.07.10 12:59:53 | 000,452,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2015.07.10 12:59:53 | 000,452,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\upnphost.dll -- (upnphost) SRV:64bit: - [2015.07.10 12:59:53 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:64bit: - [2015.07.10 12:59:53 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:64bit: - [2015.07.10 12:59:53 | 000,211,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc) SRV:64bit: - [2015.07.10 12:59:53 | 000,097,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:64bit: - [2015.07.10 12:59:53 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV:64bit: - [2015.07.10 12:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:64bit: - [2015.07.10 12:59:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts) SRV:64bit: - [2015.07.10 12:59:53 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP) SRV:64bit: - [2015.07.10 12:59:52 | 002,226,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc) SRV:64bit: - [2015.07.10 12:59:52 | 001,175,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2015.07.10 12:59:52 | 000,593,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2015.07.10 12:59:52 | 000,471,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc) SRV:64bit: - [2015.07.10 12:59:52 | 000,390,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) SRV:64bit: - [2015.07.10 12:59:52 | 000,279,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc) SRV:64bit: - [2015.07.10 12:59:52 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV) SRV:64bit: - [2015.07.10 12:59:52 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc) SRV:64bit: - [2015.07.10 12:59:52 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost) SRV:64bit: - [2015.07.10 12:59:51 | 000,679,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:64bit: - [2015.07.10 12:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:64bit: - [2015.07.10 12:59:50 | 000,954,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc) SRV:64bit: - [2015.07.10 12:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2015.07.10 12:59:50 | 000,497,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2015.07.10 12:59:50 | 000,379,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2015.07.10 12:59:50 | 000,286,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE) SRV:64bit: - [2015.07.10 12:59:50 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:64bit: - [2015.07.10 12:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2015.07.10 12:59:50 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2015.07.10 12:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2015.07.10 12:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV - [2018.06.15 07:51:52 | 000,317,280 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2018.06.15 07:51:42 | 007,620,096 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent) SRV - [2018.06.15 07:31:11 | 000,266,328 | ---- | M] (Synaptics Incorporated) [Auto | Running] -- C:\Programme\Synaptics\SynTP\SynTPEnhService.exe -- (SynTPEnhService) SRV - [2018.06.15 07:27:17 | 000,494,056 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2016.12.29 15:10:15 | 000,458,176 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem) SRV - [2015.07.10 18:43:43 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\appmgmts.dll -- (AppMgmt) SRV - [2015.07.10 13:01:20 | 000,381,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2015.07.10 13:00:33 | 000,544,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) SRV - [2015.07.10 13:00:33 | 000,312,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv) SRV - [2015.07.10 13:00:32 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV - [2015.07.10 13:00:31 | 000,410,112 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2015.07.10 13:00:31 | 000,329,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost) SRV - [2015.07.10 13:00:31 | 000,246,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE) SRV - [2015.07.10 13:00:31 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost) SRV - [2015.07.10 13:00:30 | 000,667,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2015.07.10 13:00:30 | 000,292,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2015.07.10 13:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc) SRV - [2015.07.10 13:00:29 | 002,049,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2015.07.10 13:00:29 | 000,711,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch) SRV - [2015.07.10 13:00:28 | 000,510,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2015.07.10 13:00:27 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso) SRV - [2015.07.10 13:00:26 | 000,708,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\netlogon.dll -- (Netlogon) SRV - [2015.07.10 13:00:26 | 000,344,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV - [2015.07.10 13:00:26 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV - [2015.07.10 13:00:26 | 000,017,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp) SRV - [2015.07.10 13:00:25 | 001,536,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla) SRV - [2015.07.10 13:00:25 | 000,924,672 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2015.07.10 13:00:25 | 000,199,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient) SRV - [2015.07.10 13:00:24 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost) SRV - [2015.07.10 13:00:24 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost) SRV - [2015.07.10 13:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2015.07.10 13:00:23 | 002,181,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM) SRV - [2015.07.10 13:00:23 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2015.07.10 13:00:23 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV - [2015.07.10 13:00:21 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService) SRV - [2015.07.10 12:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2015.07.10 11:05:37 | 000,120,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller) ========== Driver Services (All) ========== DRV:64bit: - [2018.06.15 07:52:11 | 000,460,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2018.06.15 07:52:11 | 000,381,552 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2018.06.15 07:52:11 | 000,205,976 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:64bit: - [2018.06.15 07:52:11 | 000,159,120 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2018.06.15 07:52:11 | 000,085,968 | ---- | M] (AVAST Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2018.06.15 07:52:10 | 000,196,640 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswArPot.sys -- (aswArPot) DRV:64bit: - [2018.06.15 07:52:10 | 000,111,360 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2018.06.15 07:52:10 | 000,046,968 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2018.06.15 07:51:46 | 001,027,720 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2018.06.15 07:51:40 | 000,234,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswHdsKe.sys -- (aswHdsKe) DRV:64bit: - [2018.06.15 07:51:38 | 000,057,680 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv) DRV:64bit: - [2018.06.15 07:51:37 | 000,343,752 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog) DRV:64bit: - [2018.06.15 07:51:37 | 000,227,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver) DRV:64bit: - [2018.06.15 07:51:37 | 000,199,440 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh) DRV:64bit: - [2018.06.15 07:34:24 | 000,024,688 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight) DRV:64bit: - [2018.06.15 07:31:23 | 000,162,456 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e2xw10x64.sys -- (KillerEth) DRV:64bit: - [2018.06.15 07:31:10 | 000,925,280 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2018.06.15 07:28:56 | 000,048,696 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2018.06.15 07:28:54 | 014,190,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvlddmkm.sys -- (nvlddmkm) DRV:64bit: - [2018.06.15 07:28:33 | 000,760,968 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER) DRV:64bit: - [2018.06.15 07:27:10 | 007,963,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2018.06.15 07:27:01 | 000,195,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64) DRV:64bit: - [2015.07.10 18:44:20 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2015.07.10 18:44:18 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2015.07.10 18:43:48 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2015.07.10 18:43:39 | 000,176,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR) DRV:64bit: - [2015.07.10 18:43:28 | 000,544,768 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2015.07.10 13:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2015.07.10 13:00:38 | 000,410,624 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv) DRV:64bit: - [2015.07.10 13:00:38 | 000,284,672 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10) DRV:64bit: - [2015.07.10 13:00:36 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2015.07.10 13:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2015.07.10 13:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015.07.10 13:00:14 | 000,092,672 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2015.07.10 13:00:13 | 001,010,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP) DRV:64bit: - [2015.07.10 13:00:13 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:64bit: - [2015.07.10 13:00:13 | 000,370,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx) DRV:64bit: - [2015.07.10 13:00:13 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT) DRV:64bit: - [2015.07.10 13:00:13 | 000,214,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd) DRV:64bit: - [2015.07.10 13:00:13 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2015.07.10 13:00:13 | 000,029,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2015.07.10 13:00:10 | 002,430,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip6) DRV:64bit: - [2015.07.10 13:00:10 | 002,430,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip) DRV:64bit: - [2015.07.10 13:00:10 | 002,117,472 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (NTFS) DRV:64bit: - [2015.07.10 13:00:10 | 001,168,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS) DRV:64bit: - [2015.07.10 13:00:10 | 000,892,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000) DRV:64bit: - [2015.07.10 13:00:10 | 000,633,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2015.07.10 13:00:10 | 000,577,888 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD) DRV:64bit: - [2015.07.10 13:00:10 | 000,368,992 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr) DRV:64bit: - [2015.07.10 13:00:10 | 000,355,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC) DRV:64bit: - [2015.07.10 13:00:10 | 000,131,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD) DRV:64bit: - [2015.07.10 13:00:10 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx) DRV:64bit: - [2015.07.10 13:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:64bit: - [2015.07.10 13:00:10 | 000,063,488 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs) DRV:64bit: - [2015.07.10 13:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:64bit: - [2015.07.10 13:00:10 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy) DRV:64bit: - [2015.07.10 13:00:10 | 000,031,232 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs) DRV:64bit: - [2015.07.10 13:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2015.07.10 13:00:10 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null) DRV:64bit: - [2015.07.10 13:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2015.07.10 13:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2015.07.10 13:00:09 | 000,117,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr) DRV:64bit: - [2015.07.10 13:00:09 | 000,103,264 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr) DRV:64bit: - [2015.07.10 13:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:64bit: - [2015.07.10 13:00:09 | 000,051,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2015.07.10 13:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2015.07.10 13:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos) DRV:64bit: - [2015.07.10 13:00:07 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv) DRV:64bit: - [2015.07.10 13:00:05 | 001,982,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl) DRV:64bit: - [2015.07.10 13:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:64bit: - [2015.07.10 13:00:02 | 000,601,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2015.07.10 13:00:02 | 000,158,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2015.07.10 13:00:01 | 000,141,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2015.07.10 13:00:00 | 000,721,408 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH) DRV:64bit: - [2015.07.10 13:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:64bit: - [2015.07.10 13:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2015.07.10 13:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2015.07.10 13:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2015.07.10 13:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:64bit: - [2015.07.10 13:00:00 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2015.07.10 13:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:64bit: - [2015.07.10 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk) DRV:64bit: - [2015.07.10 13:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK) DRV:64bit: - [2015.07.10 13:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2015.07.10 12:59:59 | 000,415,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb) DRV:64bit: - [2015.07.10 12:59:59 | 000,414,720 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss) DRV:64bit: - [2015.07.10 12:59:59 | 000,331,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat) DRV:64bit: - [2015.07.10 12:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2015.07.10 12:59:59 | 000,118,624 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup) DRV:64bit: - [2015.07.10 12:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2015.07.10 12:59:59 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV) DRV:64bit: - [2015.07.10 12:59:59 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE) DRV:64bit: - [2015.07.10 12:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2015.07.10 12:59:59 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM) DRV:64bit: - [2015.07.10 12:59:59 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2015.07.10 12:59:58 | 000,321,024 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2015.07.10 12:59:58 | 000,313,856 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat) DRV:64bit: - [2015.07.10 12:59:58 | 000,239,616 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet) DRV:64bit: - [2015.07.10 12:59:58 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2015.07.10 12:59:58 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser) DRV:64bit: - [2015.07.10 12:59:58 | 000,083,808 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo) DRV:64bit: - [2015.07.10 12:59:58 | 000,035,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2015.07.10 12:59:57 | 000,674,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2) DRV:64bit: - [2015.07.10 12:59:57 | 000,235,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2015.07.10 12:59:57 | 000,143,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV) DRV:64bit: - [2015.07.10 12:59:57 | 000,138,240 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (Dfsc) DRV:64bit: - [2015.07.10 12:59:56 | 000,217,600 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20) DRV:64bit: - [2015.07.10 12:59:56 | 000,127,488 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv) DRV:64bit: - [2015.07.10 12:59:56 | 000,062,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2015.07.10 12:59:56 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:64bit: - [2015.07.10 12:59:55 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2015.07.10 12:59:55 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace) DRV:64bit: - [2015.07.10 12:59:53 | 000,188,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (ndiswanlegacy) DRV:64bit: - [2015.07.10 12:59:53 | 000,188,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan) DRV:64bit: - [2015.07.10 12:59:53 | 000,143,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT) DRV:64bit: - [2015.07.10 12:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2015.07.10 12:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2015.07.10 12:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio) DRV:64bit: - [2015.07.10 12:59:53 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac) DRV:64bit: - [2015.07.10 12:59:53 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM) DRV:64bit: - [2015.07.10 12:59:52 | 000,114,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (MsBridge) DRV:64bit: - [2015.07.10 12:59:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp) DRV:64bit: - [2015.07.10 12:59:52 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport) DRV:64bit: - [2015.07.10 12:59:52 | 000,085,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV:64bit: - [2015.07.10 12:59:52 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (wanarpv6) DRV:64bit: - [2015.07.10 12:59:52 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (wanarp) DRV:64bit: - [2015.07.10 12:59:52 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp) DRV:64bit: - [2015.07.10 12:59:52 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:64bit: - [2015.07.10 12:59:52 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (ndproxy) DRV:64bit: - [2015.07.10 12:59:52 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg) DRV:64bit: - [2015.07.10 12:59:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2015.07.10 12:59:52 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem) DRV:64bit: - [2015.07.10 12:59:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp) DRV:64bit: - [2015.07.10 12:59:52 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2015.07.10 12:59:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi) DRV:64bit: - [2015.07.10 12:59:52 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2015.07.10 12:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2015.07.10 12:59:51 | 000,685,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:64bit: - [2015.07.10 12:59:51 | 000,529,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP) DRV:64bit: - [2015.07.10 12:59:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel) DRV:64bit: - [2015.07.10 12:59:51 | 000,105,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) DRV:64bit: - [2015.07.10 12:59:51 | 000,081,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe) DRV:64bit: - [2015.07.10 12:59:51 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr) DRV:64bit: - [2015.07.10 12:59:51 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio) DRV:64bit: - [2015.07.10 12:59:50 | 000,160,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched) DRV:64bit: - [2015.07.10 12:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2015.07.10 12:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2015.07.10 12:59:50 | 000,057,184 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS) DRV:64bit: - [2015.07.10 12:59:50 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv) DRV:64bit: - [2015.07.10 12:59:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd) DRV:64bit: - [2015.07.10 12:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2015.07.10 12:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:64bit: - [2015.07.10 12:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2015.07.10 12:59:48 | 000,098,144 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2015.07.10 12:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:64bit: - [2015.07.10 12:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2015.07.10 12:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2015.07.10 12:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:64bit: - [2015.07.10 12:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:64bit: - [2015.07.10 12:59:40 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2015.07.10 12:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2015.07.10 12:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:64bit: - [2015.07.10 12:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:64bit: - [2015.07.10 12:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2015.07.10 12:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:64bit: - [2015.07.10 12:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus) DRV:64bit: - [2015.07.10 12:59:39 | 000,671,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2015.07.10 12:59:39 | 000,575,840 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (megasr) DRV:64bit: - [2015.07.10 12:59:39 | 000,565,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI) DRV:64bit: - [2015.07.10 12:59:39 | 000,517,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2015.07.10 12:59:39 | 000,499,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub) DRV:64bit: - [2015.07.10 12:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2015.07.10 12:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus) DRV:64bit: - [2015.07.10 12:59:39 | 000,378,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap) DRV:64bit: - [2015.07.10 12:59:39 | 000,371,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2015.07.10 12:59:39 | 000,325,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci) DRV:64bit: - [2015.07.10 12:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2015.07.10 12:59:39 | 000,174,080 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom) DRV:64bit: - [2015.07.10 12:59:39 | 000,166,752 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)[2018.06.15 07:27:15 | 000,013,808 | ---- | C] ( ) -- C:\Windows\SysNative\igfxLHMLib.dll [2018.06.15 07:27:14 | 000,020,464 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDILibv2_0.dll [2018.06.15 07:27:14 | 000,020,464 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDILib.dll [2018.06.15 07:27:14 | 000,018,928 | ---- | C] ( ) -- C:\Windows\SysNative\igfxEMLibv2_0.dll [2018.06.15 07:27:14 | 000,018,928 | ---- | C] ( ) -- C:\Windows\SysNative\igfxEMLib.dll [2018.06.15 07:27:13 | 000,264,688 | ---- | C] () -- C:\Windows\SysNative\igfxCPL.cpl [2018.06.15 07:27:13 | 000,094,704 | ---- | C] () -- C:\Windows\SysNative\igfxCUIServicePS.dll [2018.06.15 07:27:13 | 000,086,512 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDHLibv2_0.dll [2018.06.15 07:27:13 | 000,076,272 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDHLib.dll [2018.06.15 07:27:09 | 005,799,386 | ---- | C] () -- C:\Windows\SysNative\igdclbif.bin [2018.06.15 07:27:06 | 000,831,685 | ---- | C] () -- C:\Windows\SysNative\DisplayAudiox64.cab [2018.06.15 07:27:06 | 000,641,530 | ---- | C] () -- C:\Windows\SysNative\FilmModeDetection.wmv [2018.06.15 07:27:06 | 000,511,260 | ---- | C] () -- C:\Windows\SysNative\cp_resources.bin [2018.06.15 07:27:06 | 000,000,935 | ---- | C] () -- C:\Windows\SysNative\Gfxv4_0.exe.config [2018.06.15 07:27:06 | 000,000,935 | ---- | C] () -- C:\Windows\SysNative\DPTopologyApp.exe.config [2018.06.15 07:27:06 | 000,000,895 | ---- | C] () -- C:\Windows\SysNative\Gfxv2_0.exe.config [2018.06.15 07:27:06 | 000,000,895 | ---- | C] () -- C:\Windows\SysNative\DPTopologyAppv2_0.exe.config [2018.06.15 07:27:05 | 000,375,173 | ---- | C] () -- C:\Windows\SysNative\ColorImageEnhancement.wmv [2018.06.15 07:24:07 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_jan_HistoryPrediction.bin [2018.06.15 07:17:49 | 000,002,348 | ---- | C] () -- C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [2018.06.15 07:14:24 | 000,001,540 | ---- | C] () -- C:\Users\jan\Desktop\Norton Download Manager.lnk [2018.06.15 07:14:24 | 000,001,350 | ---- | C] () -- C:\Users\jan\Desktop\Norton Installation Files.lnk [2018.06.15 06:38:13 | 000,000,312 | ---- | C] () -- C:\Users\jan\Desktop\Speccy.ini [2018.06.15 06:27:10 | 000,024,688 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys [2018.06.15 06:21:10 | 005,381,587 | ---- | C] () -- C:\Users\jan\Desktop\spsetup128.zip [2018.06.15 06:21:04 | 000,228,140 | ---- | C] () -- C:\Users\jan\Desktop\WMIExplorer_2.0.0.0.zip [2018.06.15 06:21:00 | 000,852,798 | ---- | C] () -- C:\Users\jan\Desktop\SecurityCheck.exe [2018.06.15 06:20:51 | 009,214,024 | ---- | C] () -- C:\jan.exe [2018.06.15 06:14:03 | 001,699,356 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018.06.15 06:12:29 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job [2018.06.15 06:08:29 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-MPKLAP2_defaultuser0_HistoryPrediction.bin [2018.06.15 05:57:34 | 2543,251,455 | -HS- | C] () -- C:\hiberfil.sys [2018.06.15 05:52:46 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2016.09.09 20:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll [2016.09.09 20:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe Geändert von cosinus (15.06.2018 um 08:47 Uhr) |
|
15.06.2018, 07:14
| #4 |
| | Otl mit Extra Registrierung teil 2Code:
ATTFilter .
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015.07.10 13:00:07 | 006,490,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015.07.10 13:00:29 | 005,121,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.07.10 12:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015.07.10 13:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.07.10 12:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2018.06.15 06:53:30 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\AVAST Software
========== Purity Check ==========
< End of report >
Geändert von cosinus (15.06.2018 um 08:49 Uhr) |
|
15.06.2018, 08:40
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Log mit OTL Du knallst hier kommentarlos ein Log rein - was soll denn das? Sollen wir jetzt erraten welche Probleme du hast oder was soll das werden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.06.2018, 09:21
| #6 | ||
| | Log mit OTLZitat:
Mein Laptop der ist teilweise ferngesteuert und das ´Tool RougekillerCmd hat bei mir Zeroaccess und Root.Necurs , Root.Wajam,Adw.DNSunlocker erkannt ich hab schon alles probiert .. Neue Festplatte eingebaut mit einer Linux Live Cd , die sind so gut getarnt , denn hab ich wieder keine Admin rechte mehr auf meine Ordner. Meine Computer einige male neu aufgesetzt ,mit Diskpart Formatiert und so. unter Linux habe ich gesehen das ich keine Root rechte habe und 4 Benutzer auf mein Laptop sind ob wohl ich nie Linux drauf hatte , es besteht da eine Internet Verbindung über routen denk ich mal. installiere ich Vieren Scanner denn öffnet sich ganz schnell mal ein popup Fenster und schon erkennt der Scanner nix mehr . Zitat:
|
|
15.06.2018, 11:00
| #7 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Log mit OTLZitat:
Zitat:
Zitat:
 Du hast unter Linux was geseehen aber hast ja garkein Linux drauf. Bitte mal den Sinn erklären, ich kapier dien Geschreibsel nicht und auch nicht was du als Laie mit Linux willst.  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Log mit OTL |
| %systemroot%, amd, antivirus, appdata, autorun, avast, c:\windows, cdrom, center, check, current, dll, down, download, error, explorer, explorer.exe, extra, fastprox.dll, firewall, folge, format, homepage, iexplore.exe, inprocserver32, installation, local, log, logfile, lsass.exe, machine, microsoft, neu, norton, not, nvidia, pagefile.sys, ports, programme, registrierung, registry, report, roaming, rundll, rundll32.exe, scan, security, services, software, spoolsv.exe, start, svchost, svchost.exe, symantec, system32, userinit, users, wbemess.dll, windows, winlogon, zeroaccess |
Linear-Darstellung
