Hallo, ich habe seit ein paar Tagen das Problem, dass Outlook mit einer der angegebenen e-Mails "Massenweise" e-Mails versendet.

Ich habe zwischenzeitlich das PW bei web.de und auch bei Outlook geändert und danach war einige Tage alles OK.

Heute habe ich wieder 4 e-Mails mit folgenden Inhalt bekommen.

"This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

<yqcontreras@gurlmail.com>

--- The header of the original message is following. ---

Received: from SVR-DATA.TRIXSOLUCIONES.LOCAL ([186.137.70.190]) by smtp.web.de
(mrweb103) with ESMTPA (Nemesis) id 0MWB4X-1TkzQe1nqb-00XImp for
<yqcontreras@gurlmail.com>; Mon, 19 Nov 2012 09:12:02 +0100
MIME-Version: 1.0
Date: Mon, 19 Nov 2012 05:04:23 -0300
X-Priority: 3 (Normal)
X-Mailer: Ximian Evolution 1.7.0 (1.5.0-9)
Subject: New update to vacancy bulletin on 11/11/2012
From: mr.jackdaniel@web.de
Reply-To: jedndje@hotmail.com
To: yqcontreras@gurlmail.com
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID: <OUTLOOK-IDM-5fbd1430-2b7f-d792-2e6f-6d2043371323@SVR-DATA.TRIXSOLUCIONES.LOCAL>
X-Provags-ID: V02:K0:yTlP3t3wzWkTPv1edyWDL+XeojaRQpr9u5DTSvncGe/
vwsYPm5RND9UJ4aiCAkKpbHIB8iGCgTtIXuCEDkwr8IbI/2KS4
Q3RvZd6aqC6s/wbit4CrPmP8AcOzQQhb0NWV24Aal95MneSNp9
1PDAYYEMcH+Gz+fcDswKUy6PkXvvfW6JNyBapbAK7Wzsttgg8P
Fbq3WARgmO5YcXIdgw0Tg=="

Microsoft Security Essentials läuft immer und hat auch nichts gefunden.


OTL logfile created on: 22.11.2012 14:08:37 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,76 Gb Available Physical Memory | 79,51% Memory free
11,98 Gb Paging File | 10,54 Gb Available in Paging File | 87,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 63,14 Gb Free Space | 63,20% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 770,42 Gb Free Space | 92,65% Space Free | Partition Type: NTFS

Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.22 13:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.18 19:24:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.16 16:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 67 04 FB 9D A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.10.03 22:02:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Logitech Flow Scroll = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\4.0.33_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D6B76E-0F04-449B-A3C8-146A879A819F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.22 13:54:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2012.11.17 17:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012.11.17 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Netzmanager
[2012.11.17 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012.11.17 17:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012.11.17 17:56:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012.11.17 17:55:53 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\PackageAware
[2012.11.02 18:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.11.02 18:51:04 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.11.02 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\My Games
[2012.11.02 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Macromedia
[2012.11.02 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Runic Games
[2012.11.02 17:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II
[2012.11.02 17:36:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.11.02 17:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.11.02 17:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012.11.02 17:31:26 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.11.02 17:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP240 series
[2012.11.02 17:31:03 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.11.02 12:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012.10.31 07:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.31 07:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.31 07:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.10.31 07:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.31 07:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.22 14:05:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 14:05:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 14:05:34 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.22 13:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2012.11.22 13:54:11 | 000,020,859 | ---- | M] () -- C:\Users\Timo\Desktop\Unbenannt 1.odt
[2012.11.22 13:53:24 | 000,000,000 | ---- | M] () -- C:\Users\Timo\defogger_reenable
[2012.11.22 13:52:53 | 000,050,477 | ---- | M] () -- C:\Users\Timo\Desktop\Defogger.exe
[2012.11.22 13:44:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.22 13:41:24 | 000,085,291 | ---- | M] () -- C:\Users\Timo\Desktop\Trojaner.png
[2012.11.22 09:58:54 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 09:58:54 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 20:05:35 | 000,149,264 | ---- | M] () -- C:\Users\Timo\Desktop\Unbenannt.png
[2012.11.19 15:06:55 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 15:06:55 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 15:06:55 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 15:06:55 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 15:06:55 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.16 12:41:14 | 000,366,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.02 17:57:32 | 000,000,672 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012.10.30 17:46:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.28 22:25:25 | 000,021,622 | ---- | M] () -- C:\Users\Timo\Desktop\Mixed.m3u
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.22 13:54:10 | 000,020,859 | ---- | C] () -- C:\Users\Timo\Desktop\Unbenannt 1.odt
[2012.11.22 13:53:24 | 000,000,000 | ---- | C] () -- C:\Users\Timo\defogger_reenable
[2012.11.22 13:52:52 | 000,050,477 | ---- | C] () -- C:\Users\Timo\Desktop\Defogger.exe
[2012.11.22 13:41:23 | 000,085,291 | ---- | C] () -- C:\Users\Timo\Desktop\Trojaner.png
[2012.11.21 20:05:35 | 000,149,264 | ---- | C] () -- C:\Users\Timo\Desktop\Unbenannt.png
[2012.11.15 21:29:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 21:24:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.02 17:57:32 | 000,000,672 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012.10.30 17:46:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.28 21:58:13 | 000,021,622 | ---- | C] () -- C:\Users\Timo\Desktop\Mixed.m3u
[2012.10.03 23:11:04 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012.10.03 22:54:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.10.03 22:54:48 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.03 22:54:48 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.10.03 22:54:47 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.10.03 22:54:44 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.10.03 22:19:55 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.03 21:46:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.03 23:01:59 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited
[2012.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canon
[2012.10.18 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DAEMON Tools Lite
[2012.10.03 23:00:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoft
[2012.10.03 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.03 22:01:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leadertech
[2012.10.04 14:45:39 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org
[2012.10.03 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Seagate
[2012.10.03 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Timo\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Timo\Desktop\desktop.ini:gs5sys

< End of report >



Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Timo :: TIMO-PC [Administrator]

Schutz: Aktiviert

22.11.2012 14:18:20
mbam-log-2012-11-22 (14-18-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200540
Laufzeit: 1 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Bitte um Hilfe.

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Das mit dem SPAM versenden über web.de scheint gerade ne Welle zu sein, du bist glaub ich schon der dritte oder vierte hier, dem ich versuche dabei zu helfen binnen 2-3 Tagen...so ganz klar ist es noch nicht was genau der Auslöser ist

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 18:18:49
-----------------------------
18:18:49.393 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:49.393 Number of processors: 8 586 0x1A04
18:18:49.393 ComputerName: TIMO-PC UserName: Timo
18:18:49.564 Initialize success
18:18:56.990 AVAST engine defs: 12112301
18:19:22.396 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:19:22.400 Disk 0 Vendor: ST1000DM005_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
18:19:22.408 Disk 0 MBR read successfully
18:19:22.410 Disk 0 MBR scan
18:19:22.415 Disk 0 Windows 7 default MBR code
18:19:22.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:19:22.463 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102300 MB offset 206848
18:19:22.492 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 851467 MB offset 209717248
18:19:22.549 Disk 0 scanning C:\Windows\system32\drivers
18:19:30.436 Service scanning
18:19:48.258 Modules scanning
18:19:48.266 Disk 0 trace - called modules:
18:19:48.280 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:19:48.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006544790]
18:19:48.614 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> [0xfffffa8006311520]
18:19:48.620 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800630d680]
18:19:48.771 AVAST engine scan C:\Windows
18:19:49.928 AVAST engine scan C:\Windows\system32
18:22:24.189 AVAST engine scan C:\Windows\system32\drivers
18:22:45.629 AVAST engine scan C:\Users\Timo
18:27:56.622 AVAST engine scan C:\ProgramData
18:28:36.189 Scan finished successfully
18:29:03.742 Disk 0 MBR has been saved successfully to "C:\Users\Timo\Desktop\MBR.dat"
18:29:03.789 The log file has been saved successfully to "C:\Users\Timo\Desktop\aswMBR.txt"

18:33:09.0906 4496 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:33:10.0108 4496 ============================================================
18:33:10.0108 4496 Current date / time: 2012/11/23 18:33:10.0108
18:33:10.0108 4496 SystemInfo:
18:33:10.0108 4496
18:33:10.0108 4496 OS Version: 6.1.7601 ServicePack: 1.0
18:33:10.0108 4496 Product type: Workstation
18:33:10.0108 4496 ComputerName: TIMO-PC
18:33:10.0108 4496 UserName: Timo
18:33:10.0108 4496 Windows directory: C:\Windows
18:33:10.0108 4496 System windows directory: C:\Windows
18:33:10.0108 4496 Running under WOW64
18:33:10.0108 4496 Processor architecture: Intel x64
18:33:10.0108 4496 Number of processors: 8
18:33:10.0108 4496 Page size: 0x1000
18:33:10.0108 4496 Boot type: Normal boot
18:33:10.0108 4496 ============================================================
18:33:11.0150 4496 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:11.0154 4496 ============================================================
18:33:11.0154 4496 \Device\Harddisk0\DR0:
18:33:11.0154 4496 MBR partitions:
18:33:11.0154 4496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:33:11.0154 4496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
18:33:11.0154 4496 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x67F05800
18:33:11.0154 4496 ============================================================
18:33:11.0173 4496 C: <-> \Device\Harddisk0\DR0\Partition2
18:33:11.0203 4496 D: <-> \Device\Harddisk0\DR0\Partition3
18:33:11.0203 4496 ============================================================
18:33:11.0203 4496 Initialize success
18:33:11.0203 4496 ============================================================
18:34:09.0323 4008 ============================================================
18:34:09.0323 4008 Scan started
18:34:09.0323 4008 Mode: Manual; SigCheck; TDLFS;
18:34:09.0323 4008 ============================================================
18:34:09.0569 4008 ================ Scan system memory ========================
18:34:09.0569 4008 System memory - ok
18:34:09.0569 4008 ================ Scan services =============================
18:34:09.0664 4008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:34:09.0735 4008 1394ohci - ok
18:34:09.0761 4008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:34:09.0775 4008 ACPI - ok
18:34:09.0787 4008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:34:09.0805 4008 AcpiPmi - ok
18:34:09.0883 4008 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:34:09.0895 4008 AdobeARMservice - ok
18:34:09.0904 4008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:34:09.0925 4008 adp94xx - ok
18:34:09.0935 4008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:34:09.0947 4008 adpahci - ok
18:34:09.0951 4008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:34:09.0960 4008 adpu320 - ok
18:34:09.0983 4008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:34:10.0072 4008 AeLookupSvc - ok
18:34:10.0108 4008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:34:10.0141 4008 AFD - ok
18:34:10.0148 4008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:34:10.0161 4008 agp440 - ok
18:34:10.0164 4008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:34:10.0189 4008 ALG - ok
18:34:10.0195 4008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:34:10.0204 4008 aliide - ok
18:34:10.0233 4008 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:34:10.0277 4008 AMD External Events Utility - ok
18:34:10.0287 4008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:34:10.0299 4008 amdide - ok
18:34:10.0312 4008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:34:10.0340 4008 AmdK8 - ok
18:34:10.0484 4008 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:34:10.0632 4008 amdkmdag - ok
18:34:10.0650 4008 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:34:10.0663 4008 amdkmdap - ok
18:34:10.0666 4008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:34:10.0690 4008 AmdPPM - ok
18:34:10.0720 4008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:34:10.0729 4008 amdsata - ok
18:34:10.0741 4008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:34:10.0751 4008 amdsbs - ok
18:34:10.0765 4008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:34:10.0773 4008 amdxata - ok
18:34:10.0794 4008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:34:10.0880 4008 AppID - ok
18:34:10.0897 4008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:34:10.0922 4008 AppIDSvc - ok
18:34:10.0941 4008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:34:10.0971 4008 Appinfo - ok
18:34:11.0017 4008 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:34:11.0040 4008 AppMgmt - ok
18:34:11.0048 4008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:34:11.0061 4008 arc - ok
18:34:11.0069 4008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:34:11.0078 4008 arcsas - ok
18:34:11.0145 4008 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:34:11.0158 4008 aspnet_state - ok
18:34:11.0175 4008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:11.0218 4008 AsyncMac - ok
18:34:11.0227 4008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:34:11.0235 4008 atapi - ok
18:34:11.0268 4008 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:34:11.0283 4008 AtiHDAudioService - ok
18:34:11.0310 4008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:34:11.0362 4008 AudioEndpointBuilder - ok
18:34:11.0370 4008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:34:11.0398 4008 AudioSrv - ok
18:34:11.0419 4008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:34:11.0437 4008 AxInstSV - ok
18:34:11.0473 4008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:34:11.0498 4008 b06bdrv - ok
18:34:11.0516 4008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:34:11.0538 4008 b57nd60a - ok
18:34:11.0545 4008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:34:11.0553 4008 BDESVC - ok
18:34:11.0560 4008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:34:11.0585 4008 Beep - ok
18:34:11.0615 4008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:34:11.0646 4008 BFE - ok
18:34:11.0671 4008 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:34:11.0717 4008 BITS - ok
18:34:11.0733 4008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:34:11.0749 4008 blbdrive - ok
18:34:11.0768 4008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:34:11.0797 4008 bowser - ok
18:34:11.0801 4008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:34:11.0821 4008 BrFiltLo - ok
18:34:11.0824 4008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:34:11.0837 4008 BrFiltUp - ok
18:34:11.0856 4008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:34:11.0868 4008 Browser - ok
18:34:11.0878 4008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:34:11.0893 4008 Brserid - ok
18:34:11.0896 4008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:11.0913 4008 BrSerWdm - ok
18:34:11.0915 4008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:11.0926 4008 BrUsbMdm - ok
18:34:11.0928 4008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:11.0936 4008 BrUsbSer - ok
18:34:11.0947 4008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:34:11.0958 4008 BTHMODEM - ok
18:34:11.0971 4008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:34:11.0996 4008 bthserv - ok
18:34:12.0004 4008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:34:12.0036 4008 cdfs - ok
18:34:12.0053 4008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:34:12.0071 4008 cdrom - ok
18:34:12.0089 4008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:34:12.0118 4008 CertPropSvc - ok
18:34:12.0121 4008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:34:12.0131 4008 circlass - ok
18:34:12.0148 4008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:34:12.0161 4008 CLFS - ok
18:34:12.0209 4008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:12.0222 4008 clr_optimization_v2.0.50727_32 - ok
18:34:12.0247 4008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:34:12.0259 4008 clr_optimization_v2.0.50727_64 - ok
18:34:12.0296 4008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:34:12.0325 4008 clr_optimization_v4.0.30319_32 - ok
18:34:12.0337 4008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:34:12.0346 4008 clr_optimization_v4.0.30319_64 - ok
18:34:12.0355 4008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:34:12.0373 4008 CmBatt - ok
18:34:12.0386 4008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:34:12.0396 4008 cmdide - ok
18:34:12.0425 4008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:34:12.0449 4008 CNG - ok
18:34:12.0469 4008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:34:12.0479 4008 Compbatt - ok
18:34:12.0516 4008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:34:12.0535 4008 CompositeBus - ok
18:34:12.0538 4008 COMSysApp - ok
18:34:12.0552 4008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:34:12.0562 4008 crcdisk - ok
18:34:12.0600 4008 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:34:12.0620 4008 CryptSvc - ok
18:34:12.0650 4008 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:34:12.0678 4008 CSC - ok
18:34:12.0695 4008 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:34:12.0713 4008 CscService - ok
18:34:12.0746 4008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:34:12.0788 4008 DcomLaunch - ok
18:34:12.0804 4008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:34:12.0832 4008 defragsvc - ok
18:34:12.0841 4008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:34:12.0875 4008 DfsC - ok
18:34:12.0894 4008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:34:12.0913 4008 Dhcp - ok
18:34:12.0915 4008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:34:12.0948 4008 discache - ok
18:34:12.0971 4008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:34:12.0980 4008 Disk - ok
18:34:12.0996 4008 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:34:13.0011 4008 dmvsc - ok
18:34:13.0033 4008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:34:13.0051 4008 Dnscache - ok
18:34:13.0072 4008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:34:13.0118 4008 dot3svc - ok
18:34:13.0127 4008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:34:13.0161 4008 DPS - ok
18:34:13.0186 4008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:34:13.0206 4008 drmkaud - ok
18:34:13.0228 4008 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:34:13.0241 4008 dtsoftbus01 - ok
18:34:13.0266 4008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:34:13.0288 4008 DXGKrnl - ok
18:34:13.0294 4008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:34:13.0319 4008 EapHost - ok
18:34:13.0365 4008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:34:13.0422 4008 ebdrv - ok
18:34:13.0443 4008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:34:13.0452 4008 EFS - ok
18:34:13.0496 4008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:34:13.0521 4008 ehRecvr - ok
18:34:13.0532 4008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:34:13.0550 4008 ehSched - ok
18:34:13.0566 4008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:34:13.0581 4008 elxstor - ok
18:34:13.0590 4008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:34:13.0605 4008 ErrDev - ok
18:34:13.0631 4008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:34:13.0669 4008 EventSystem - ok
18:34:13.0684 4008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:34:13.0710 4008 exfat - ok
18:34:13.0731 4008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:13.0758 4008 fastfat - ok
18:34:13.0790 4008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:34:13.0823 4008 Fax - ok
18:34:13.0832 4008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:34:13.0854 4008 fdc - ok
18:34:13.0861 4008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:13.0910 4008 fdPHost - ok
18:34:13.0917 4008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:13.0947 4008 FDResPub - ok
18:34:13.0961 4008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:13.0969 4008 FileInfo - ok
18:34:13.0974 4008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:14.0005 4008 Filetrace - ok
18:34:14.0025 4008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:14.0033 4008 flpydisk - ok
18:34:14.0038 4008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:14.0049 4008 FltMgr - ok
18:34:14.0065 4008 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
18:34:14.0141 4008 FontCache - ok
18:34:14.0207 4008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:34:14.0237 4008 FontCache3.0.0.0 - ok
18:34:14.0246 4008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:14.0260 4008 FsDepends - ok
18:34:14.0280 4008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:14.0294 4008 Fs_Rec - ok
18:34:14.0299 4008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:14.0321 4008 fvevol - ok
18:34:14.0333 4008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:34:14.0342 4008 gagp30kx - ok
18:34:14.0363 4008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:14.0396 4008 gpsvc - ok
18:34:14.0446 4008 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:34:14.0455 4008 gupdate - ok
18:34:14.0459 4008 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:34:14.0469 4008 gupdatem - ok
18:34:14.0478 4008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:14.0495 4008 hcw85cir - ok
18:34:14.0526 4008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:34:14.0551 4008 HdAudAddService - ok
18:34:14.0569 4008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:34:14.0589 4008 HDAudBus - ok
18:34:14.0593 4008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:34:14.0609 4008 HidBatt - ok
18:34:14.0623 4008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:34:14.0634 4008 HidBth - ok
18:34:14.0636 4008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:34:14.0646 4008 HidIr - ok
18:34:14.0657 4008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:34:14.0682 4008 hidserv - ok
18:34:14.0697 4008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:14.0705 4008 HidUsb - ok
18:34:14.0719 4008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:14.0752 4008 hkmsvc - ok
18:34:14.0772 4008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:14.0789 4008 HomeGroupListener - ok
18:34:14.0804 4008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:14.0822 4008 HomeGroupProvider - ok
18:34:14.0835 4008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:34:14.0844 4008 HpSAMD - ok
18:34:14.0869 4008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:14.0907 4008 HTTP - ok
18:34:14.0930 4008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:14.0938 4008 hwpolicy - ok
18:34:14.0963 4008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:34:14.0971 4008 i8042prt - ok
18:34:14.0982 4008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:14.0995 4008 iaStorV - ok
18:34:15.0021 4008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:34:15.0040 4008 idsvc - ok
18:34:15.0054 4008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:34:15.0062 4008 iirsp - ok
18:34:15.0094 4008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:15.0138 4008 IKEEXT - ok
18:34:15.0147 4008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:34:15.0155 4008 intelide - ok
18:34:15.0171 4008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:34:15.0183 4008 intelppm - ok
18:34:15.0194 4008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:15.0226 4008 IPBusEnum - ok
18:34:15.0236 4008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:15.0260 4008 IpFilterDriver - ok
18:34:15.0289 4008 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:34:15.0344 4008 iphlpsvc - ok
18:34:15.0347 4008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:34:15.0364 4008 IPMIDRV - ok
18:34:15.0366 4008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:15.0393 4008 IPNAT - ok
18:34:15.0406 4008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:15.0417 4008 IRENUM - ok
18:34:15.0426 4008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:34:15.0434 4008 isapnp - ok
18:34:15.0454 4008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:34:15.0465 4008 iScsiPrt - ok
18:34:15.0485 4008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:34:15.0493 4008 kbdclass - ok
18:34:15.0499 4008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:34:15.0516 4008 kbdhid - ok
18:34:15.0529 4008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:34:15.0537 4008 KeyIso - ok
18:34:15.0556 4008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:15.0565 4008 KSecDD - ok
18:34:15.0579 4008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:15.0589 4008 KSecPkg - ok
18:34:15.0595 4008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:34:15.0629 4008 ksthunk - ok
18:34:15.0649 4008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:15.0688 4008 KtmRm - ok
18:34:15.0715 4008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:15.0745 4008 LanmanServer - ok
18:34:15.0766 4008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:15.0792 4008 LanmanWorkstation - ok
18:34:15.0876 4008 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:34:15.0895 4008 LBTServ - ok
18:34:15.0929 4008 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:34:15.0940 4008 LEqdUsb - ok
18:34:15.0958 4008 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:34:15.0969 4008 LHidEqd - ok
18:34:15.0999 4008 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:34:16.0011 4008 LHidFilt - ok
18:34:16.0038 4008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:16.0084 4008 lltdio - ok
18:34:16.0104 4008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:16.0139 4008 lltdsvc - ok
18:34:16.0150 4008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:16.0183 4008 lmhosts - ok
18:34:16.0203 4008 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:34:16.0210 4008 LMouFilt - ok
18:34:16.0237 4008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:34:16.0246 4008 LSI_FC - ok
18:34:16.0255 4008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:34:16.0264 4008 LSI_SAS - ok
18:34:16.0277 4008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:34:16.0285 4008 LSI_SAS2 - ok
18:34:16.0292 4008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:34:16.0301 4008 LSI_SCSI - ok
18:34:16.0312 4008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:16.0337 4008 luafv - ok
18:34:16.0377 4008 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:34:16.0390 4008 MBAMProtector - ok
18:34:16.0420 4008 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:34:16.0439 4008 MBAMScheduler - ok
18:34:16.0468 4008 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:34:16.0492 4008 MBAMService - ok
18:34:16.0511 4008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:34:16.0520 4008 Mcx2Svc - ok
18:34:16.0528 4008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:34:16.0536 4008 megasas - ok
18:34:16.0546 4008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:34:16.0557 4008 MegaSR - ok
18:34:16.0579 4008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:34:16.0610 4008 MMCSS - ok
18:34:16.0618 4008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:34:16.0643 4008 Modem - ok
18:34:16.0651 4008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:34:16.0669 4008 monitor - ok
18:34:16.0687 4008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:34:16.0696 4008 mouclass - ok
18:34:16.0711 4008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:34:16.0730 4008 mouhid - ok
18:34:16.0744 4008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:34:16.0753 4008 mountmgr - ok
18:34:16.0785 4008 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:34:16.0798 4008 MpFilter - ok
18:34:16.0804 4008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:34:16.0814 4008 mpio - ok
18:34:16.0822 4008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:34:16.0847 4008 mpsdrv - ok
18:34:16.0868 4008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:34:16.0901 4008 MpsSvc - ok
18:34:16.0916 4008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:34:16.0933 4008 MRxDAV - ok
18:34:16.0954 4008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:16.0987 4008 mrxsmb - ok
18:34:17.0001 4008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:17.0017 4008 mrxsmb10 - ok
18:34:17.0042 4008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:17.0054 4008 mrxsmb20 - ok
18:34:17.0077 4008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:34:17.0089 4008 msahci - ok
18:34:17.0114 4008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:34:17.0128 4008 msdsm - ok
18:34:17.0145 4008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:34:17.0167 4008 MSDTC - ok
18:34:17.0183 4008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:34:17.0230 4008 Msfs - ok
18:34:17.0239 4008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:34:17.0264 4008 mshidkmdf - ok
18:34:17.0271 4008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:34:17.0279 4008 msisadrv - ok
18:34:17.0294 4008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:34:17.0331 4008 MSiSCSI - ok
18:34:17.0333 4008 msiserver - ok
18:34:17.0345 4008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:34:17.0376 4008 MSKSSRV - ok
18:34:17.0413 4008 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:34:17.0422 4008 MsMpSvc - ok
18:34:17.0439 4008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:17.0484 4008 MSPCLOCK - ok
18:34:17.0491 4008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:34:17.0519 4008 MSPQM - ok
18:34:17.0531 4008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:34:17.0544 4008 MsRPC - ok
18:34:17.0555 4008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:34:17.0563 4008 mssmbios - ok
18:34:17.0565 4008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:34:17.0600 4008 MSTEE - ok
18:34:17.0611 4008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:34:17.0619 4008 MTConfig - ok
18:34:17.0659 4008 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:34:17.0675 4008 MTsensor - ok
18:34:17.0679 4008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:34:17.0692 4008 Mup - ok
18:34:17.0717 4008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:34:17.0750 4008 napagent - ok
18:34:17.0770 4008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:34:17.0795 4008 NativeWifiP - ok
18:34:17.0827 4008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:34:17.0848 4008 NDIS - ok
18:34:17.0857 4008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:17.0882 4008 NdisCap - ok
18:34:17.0903 4008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:17.0927 4008 NdisTapi - ok
18:34:17.0941 4008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:17.0965 4008 Ndisuio - ok
18:34:17.0980 4008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:18.0015 4008 NdisWan - ok
18:34:18.0027 4008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:34:18.0056 4008 NDProxy - ok
18:34:18.0064 4008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:34:18.0089 4008 NetBIOS - ok
18:34:18.0103 4008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:34:18.0129 4008 NetBT - ok
18:34:18.0137 4008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:34:18.0145 4008 Netlogon - ok
18:34:18.0167 4008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:34:18.0205 4008 Netman - ok
18:34:18.0226 4008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:18.0234 4008 NetMsmqActivator - ok
18:34:18.0237 4008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:18.0244 4008 NetPipeActivator - ok
18:34:18.0258 4008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:34:18.0296 4008 netprofm - ok
18:34:18.0299 4008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:18.0306 4008 NetTcpActivator - ok
18:34:18.0308 4008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:34:18.0315 4008 NetTcpPortSharing - ok
18:34:18.0398 4008 [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
18:34:18.0451 4008 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
18:34:18.0451 4008 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
18:34:18.0463 4008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:34:18.0472 4008 nfrd960 - ok
18:34:18.0505 4008 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:34:18.0523 4008 NisDrv - ok
18:34:18.0536 4008 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:34:18.0550 4008 NisSrv - ok
18:34:18.0567 4008 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:34:18.0602 4008 NlaSvc - ok
18:34:18.0631 4008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:34:18.0656 4008 Npfs - ok
18:34:18.0673 4008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:34:18.0705 4008 nsi - ok
18:34:18.0718 4008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:34:18.0750 4008 nsiproxy - ok
18:34:18.0784 4008 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:34:18.0816 4008 Ntfs - ok
18:34:18.0825 4008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:34:18.0855 4008 Null - ok
18:34:18.0872 4008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:34:18.0882 4008 nvraid - ok
18:34:18.0901 4008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:34:18.0910 4008 nvstor - ok
18:34:18.0923 4008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:34:18.0932 4008 nv_agp - ok
18:34:18.0993 4008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:34:19.0012 4008 odserv - ok
18:34:19.0020 4008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:34:19.0039 4008 ohci1394 - ok
18:34:19.0063 4008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:19.0072 4008 ose - ok
18:34:19.0101 4008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:34:19.0128 4008 p2pimsvc - ok
18:34:19.0150 4008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:34:19.0162 4008 p2psvc - ok
18:34:19.0173 4008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:34:19.0194 4008 Parport - ok
18:34:19.0217 4008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:34:19.0226 4008 partmgr - ok
18:34:19.0251 4008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:34:19.0269 4008 PcaSvc - ok
18:34:19.0282 4008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:34:19.0292 4008 pci - ok
18:34:19.0298 4008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:34:19.0306 4008 pciide - ok
18:34:19.0320 4008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:34:19.0331 4008 pcmcia - ok
18:34:19.0337 4008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:34:19.0346 4008 pcw - ok
18:34:19.0364 4008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:34:19.0395 4008 PEAUTH - ok
18:34:19.0426 4008 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:34:19.0459 4008 PeerDistSvc - ok
18:34:19.0505 4008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:34:19.0527 4008 PerfHost - ok
18:34:19.0562 4008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:34:19.0613 4008 pla - ok
18:34:19.0650 4008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:34:19.0672 4008 PlugPlay - ok
18:34:19.0693 4008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:34:19.0705 4008 PNRPAutoReg - ok
18:34:19.0710 4008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:34:19.0722 4008 PNRPsvc - ok
18:34:19.0745 4008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:34:19.0781 4008 PolicyAgent - ok
18:34:19.0808 4008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:34:19.0855 4008 Power - ok
18:34:19.0882 4008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:34:19.0910 4008 PptpMiniport - ok
18:34:19.0922 4008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:34:19.0931 4008 Processor - ok
18:34:19.0949 4008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:34:19.0963 4008 ProfSvc - ok
18:34:19.0975 4008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:34:19.0983 4008 ProtectedStorage - ok
18:34:19.0999 4008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:34:20.0024 4008 Psched - ok
18:34:20.0047 4008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:34:20.0076 4008 ql2300 - ok
18:34:20.0091 4008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:34:20.0100 4008 ql40xx - ok
18:34:20.0113 4008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:34:20.0128 4008 QWAVE - ok
18:34:20.0137 4008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:34:20.0149 4008 QWAVEdrv - ok
18:34:20.0160 4008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:34:20.0185 4008 RasAcd - ok
18:34:20.0196 4008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:20.0221 4008 RasAgileVpn - ok
18:34:20.0235 4008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:34:20.0261 4008 RasAuto - ok
18:34:20.0269 4008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:20.0301 4008 Rasl2tp - ok
18:34:20.0311 4008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:34:20.0339 4008 RasMan - ok
18:34:20.0346 4008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:20.0379 4008 RasPppoe - ok
18:34:20.0390 4008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:34:20.0416 4008 RasSstp - ok
18:34:20.0429 4008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:34:20.0456 4008 rdbss - ok
18:34:20.0470 4008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:34:20.0486 4008 rdpbus - ok
18:34:20.0492 4008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:20.0516 4008 RDPCDD - ok
18:34:20.0537 4008 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:34:20.0546 4008 RDPDR - ok
18:34:20.0559 4008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:34:20.0588 4008 RDPENCDD - ok
18:34:20.0601 4008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:34:20.0626 4008 RDPREFMP - ok
18:34:20.0650 4008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:34:20.0673 4008 RDPWD - ok
18:34:20.0688 4008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:34:20.0704 4008 rdyboost - ok
18:34:20.0724 4008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:34:20.0773 4008 RemoteAccess - ok
18:34:20.0798 4008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:34:20.0845 4008 RemoteRegistry - ok
18:34:20.0854 4008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:34:20.0891 4008 RpcEptMapper - ok
18:34:20.0899 4008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:34:20.0918 4008 RpcLocator - ok
18:34:20.0941 4008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:34:20.0969 4008 RpcSs - ok
18:34:20.0977 4008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:34:21.0002 4008 rspndr - ok
18:34:21.0017 4008 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:34:21.0036 4008 s3cap - ok
18:34:21.0038 4008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:34:21.0046 4008 SamSs - ok
18:34:21.0053 4008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:34:21.0062 4008 sbp2port - ok
18:34:21.0071 4008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:34:21.0098 4008 SCardSvr - ok
18:34:21.0107 4008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:34:21.0140 4008 scfilter - ok
18:34:21.0162 4008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:34:21.0203 4008 Schedule - ok
18:34:21.0220 4008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:34:21.0245 4008 SCPolicySvc - ok
18:34:21.0269 4008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:34:21.0281 4008 SDRSVC - ok
18:34:21.0294 4008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:34:21.0319 4008 secdrv - ok
18:34:21.0329 4008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:34:21.0353 4008 seclogon - ok
18:34:21.0365 4008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:34:21.0397 4008 SENS - ok
18:34:21.0407 4008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:34:21.0425 4008 SensrSvc - ok
18:34:21.0438 4008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:34:21.0459 4008 Serenum - ok
18:34:21.0465 4008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:34:21.0483 4008 Serial - ok
18:34:21.0485 4008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:34:21.0499 4008 sermouse - ok
18:34:21.0511 4008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:34:21.0547 4008 SessionEnv - ok
18:34:21.0550 4008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:34:21.0560 4008 sffdisk - ok
18:34:21.0562 4008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:34:21.0571 4008 sffp_mmc - ok
18:34:21.0583 4008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:34:21.0602 4008 sffp_sd - ok
18:34:21.0604 4008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:34:21.0612 4008 sfloppy - ok
18:34:21.0634 4008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:34:21.0669 4008 SharedAccess - ok
18:34:21.0691 4008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:34:21.0719 4008 ShellHWDetection - ok
18:34:21.0736 4008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:34:21.0744 4008 SiSRaid2 - ok
18:34:21.0753 4008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:34:21.0762 4008 SiSRaid4 - ok
18:34:21.0784 4008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:34:21.0809 4008 Smb - ok
18:34:21.0824 4008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:34:21.0833 4008 SNMPTRAP - ok
18:34:21.0868 4008 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
18:34:21.0893 4008 speedfan - ok
18:34:21.0914 4008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:34:21.0928 4008 spldr - ok
18:34:21.0949 4008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:34:21.0972 4008 Spooler - ok
18:34:22.0032 4008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:34:22.0098 4008 sppsvc - ok
18:34:22.0109 4008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:34:22.0134 4008 sppuinotify - ok
18:34:22.0152 4008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:34:22.0169 4008 srv - ok
18:34:22.0188 4008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:34:22.0200 4008 srv2 - ok
18:34:22.0216 4008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:34:22.0224 4008 srvnet - ok
18:34:22.0257 4008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:34:22.0293 4008 SSDPSRV - ok
18:34:22.0301 4008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:34:22.0327 4008 SstpSvc - ok
18:34:22.0332 4008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:34:22.0340 4008 stexstor - ok
18:34:22.0374 4008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:34:22.0405 4008 stisvc - ok
18:34:22.0422 4008 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:34:22.0430 4008 storflt - ok
18:34:22.0443 4008 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:34:22.0462 4008 StorSvc - ok
18:34:22.0481 4008 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:34:22.0489 4008 storvsc - ok
18:34:22.0499 4008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:34:22.0507 4008 swenum - ok
18:34:22.0520 4008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:34:22.0560 4008 swprv - ok
18:34:22.0595 4008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:34:22.0632 4008 SysMain - ok
18:34:22.0635 4008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:34:22.0653 4008 TabletInputService - ok
18:34:22.0658 4008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:34:22.0693 4008 TapiSrv - ok
18:34:22.0705 4008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:34:22.0731 4008 TBS - ok
18:34:22.0773 4008 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:34:22.0812 4008 Tcpip - ok
18:34:22.0839 4008 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:34:22.0866 4008 TCPIP6 - ok
18:34:22.0880 4008 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:34:22.0895 4008 tcpipreg - ok
18:34:22.0911 4008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:34:22.0930 4008 TDPIPE - ok
18:34:22.0948 4008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:34:22.0961 4008 TDTCP - ok
18:34:22.0976 4008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:34:23.0000 4008 tdx - ok
18:34:23.0035 4008 [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
18:34:23.0055 4008 TelekomNM6 - ok
18:34:23.0067 4008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:34:23.0082 4008 TermDD - ok
18:34:23.0100 4008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:34:23.0135 4008 TermService - ok
18:34:23.0145 4008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:34:23.0158 4008 Themes - ok
18:34:23.0177 4008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:34:23.0202 4008 THREADORDER - ok
18:34:23.0214 4008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:34:23.0244 4008 TrkWks - ok
18:34:23.0283 4008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:34:23.0323 4008 TrustedInstaller - ok
18:34:23.0336 4008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:23.0363 4008 tssecsrv - ok
18:34:23.0377 4008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:34:23.0385 4008 TsUsbFlt - ok
18:34:23.0387 4008 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:34:23.0402 4008 TsUsbGD - ok
18:34:23.0422 4008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:34:23.0453 4008 tunnel - ok
18:34:23.0464 4008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:34:23.0472 4008 uagp35 - ok
18:34:23.0486 4008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:34:23.0519 4008 udfs - ok
18:34:23.0532 4008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:34:23.0551 4008 UI0Detect - ok
18:34:23.0568 4008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:34:23.0576 4008 uliagpkx - ok
18:34:23.0587 4008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:34:23.0605 4008 umbus - ok
18:34:23.0608 4008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:34:23.0619 4008 UmPass - ok
18:34:23.0647 4008 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:34:23.0684 4008 UmRdpService - ok
18:34:23.0703 4008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:34:23.0753 4008 upnphost - ok
18:34:23.0769 4008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:23.0784 4008 usbccgp - ok
18:34:23.0796 4008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:34:23.0807 4008 usbcir - ok
18:34:23.0829 4008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:34:23.0852 4008 usbehci - ok
18:34:23.0869 4008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:34:23.0890 4008 usbhub - ok
18:34:23.0908 4008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:34:23.0927 4008 usbohci - ok
18:34:23.0942 4008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:34:23.0967 4008 usbprint - ok
18:34:23.0990 4008 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:34:24.0006 4008 usbscan - ok
18:34:24.0020 4008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:24.0037 4008 USBSTOR - ok
18:34:24.0041 4008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:24.0056 4008 usbuhci - ok
18:34:24.0068 4008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:34:24.0106 4008 UxSms - ok
18:34:24.0115 4008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:34:24.0123 4008 VaultSvc - ok
18:34:24.0143 4008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:34:24.0151 4008 vdrvroot - ok
18:34:24.0178 4008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:34:24.0221 4008 vds - ok
18:34:24.0242 4008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:24.0252 4008 vga - ok
18:34:24.0260 4008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:34:24.0285 4008 VgaSave - ok
18:34:24.0288 4008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:34:24.0299 4008 vhdmp - ok
18:34:24.0311 4008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:34:24.0319 4008 viaide - ok
18:34:24.0335 4008 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:34:24.0345 4008 vmbus - ok
18:34:24.0353 4008 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:34:24.0361 4008 VMBusHID - ok
18:34:24.0368 4008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:34:24.0377 4008 volmgr - ok
18:34:24.0392 4008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:34:24.0405 4008 volmgrx - ok
18:34:24.0410 4008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:34:24.0421 4008 volsnap - ok
18:34:24.0439 4008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:34:24.0449 4008 vsmraid - ok
18:34:24.0478 4008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:34:24.0527 4008 VSS - ok
18:34:24.0536 4008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:34:24.0553 4008 vwifibus - ok
18:34:24.0558 4008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:34:24.0587 4008 W32Time - ok
18:34:24.0599 4008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:34:24.0619 4008 WacomPen - ok
18:34:24.0633 4008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:34:24.0668 4008 WANARP - ok
18:34:24.0670 4008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:34:24.0694 4008 Wanarpv6 - ok
18:34:24.0720 4008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:34:24.0753 4008 wbengine - ok
18:34:24.0757 4008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:34:24.0771 4008 WbioSrvc - ok
18:34:24.0776 4008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:34:24.0794 4008 wcncsvc - ok
18:34:24.0813 4008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:34:24.0828 4008 WcsPlugInService - ok
18:34:24.0836 4008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:34:24.0844 4008 Wd - ok
18:34:24.0863 4008 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:34:24.0883 4008 Wdf01000 - ok
18:34:24.0895 4008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:34:24.0917 4008 WdiServiceHost - ok
18:34:24.0919 4008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:34:24.0932 4008 WdiSystemHost - ok
18:34:24.0945 4008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:34:24.0963 4008 WebClient - ok
18:34:24.0970 4008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:34:24.0998 4008 Wecsvc - ok
18:34:25.0012 4008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:34:25.0038 4008 wercplsupport - ok
18:34:25.0041 4008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:34:25.0067 4008 WerSvc - ok
18:34:25.0088 4008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:25.0113 4008 WfpLwf - ok
18:34:25.0120 4008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:34:25.0128 4008 WIMMount - ok
18:34:25.0141 4008 WinDefend - ok
18:34:25.0145 4008 WinHttpAutoProxySvc - ok
18:34:25.0175 4008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:34:25.0217 4008 Winmgmt - ok
18:34:25.0259 4008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:34:25.0311 4008 WinRM - ok
18:34:25.0338 4008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:25.0354 4008 WinUsb - ok
18:34:25.0371 4008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:34:25.0402 4008 Wlansvc - ok
18:34:25.0466 4008 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:34:25.0506 4008 wlidsvc - ok
18:34:25.0516 4008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:34:25.0531 4008 WmiAcpi - ok
18:34:25.0543 4008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:34:25.0561 4008 wmiApSrv - ok
18:34:25.0574 4008 WMPNetworkSvc - ok
18:34:25.0583 4008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:34:25.0592 4008 WPCSvc - ok
18:34:25.0599 4008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:34:25.0609 4008 WPDBusEnum - ok
18:34:25.0617 4008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:34:25.0641 4008 ws2ifsl - ok
18:34:25.0652 4008 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:34:25.0670 4008 wscsvc - ok
18:34:25.0672 4008 WSearch - ok
18:34:25.0718 4008 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:34:25.0761 4008 wuauserv - ok
18:34:25.0780 4008 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:34:25.0806 4008 WudfPf - ok
18:34:25.0825 4008 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:25.0848 4008 WUDFRd - ok
18:34:25.0861 4008 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:34:25.0893 4008 wudfsvc - ok
18:34:25.0900 4008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:34:25.0915 4008 WwanSvc - ok
18:34:25.0941 4008 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:34:25.0961 4008 yukonw7 - ok
18:34:25.0964 4008 ================ Scan global ===============================
18:34:25.0982 4008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:34:26.0006 4008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:34:26.0014 4008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:34:26.0029 4008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:34:26.0048 4008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:34:26.0052 4008 [Global] - ok
18:34:26.0053 4008 ================ Scan MBR ==================================
18:34:26.0062 4008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:34:26.0208 4008 \Device\Harddisk0\DR0 - ok
18:34:26.0208 4008 ================ Scan VBR ==================================
18:34:26.0211 4008 [ 57EAA0BF0ED7255BC28656937DCA816A ] \Device\Harddisk0\DR0\Partition1
18:34:26.0212 4008 \Device\Harddisk0\DR0\Partition1 - ok
18:34:26.0233 4008 [ 777598263569771A2503C6A7CBE4CAFC ] \Device\Harddisk0\DR0\Partition2
18:34:26.0234 4008 \Device\Harddisk0\DR0\Partition2 - ok
18:34:26.0246 4008 [ D18B94953E764044962BCEF98DEAD0DB ] \Device\Harddisk0\DR0\Partition3
18:34:26.0247 4008 \Device\Harddisk0\DR0\Partition3 - ok
18:34:26.0247 4008 ============================================================
18:34:26.0247 4008 Scan finished
18:34:26.0247 4008 ============================================================
18:34:26.0257 4612 Detected object count: 1
18:34:26.0257 4612 Actual detected object count: 1
18:35:04.0191 4612 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:04.0191 4612 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ist unauffällig
Du bist hier der 5. oder so binnen weniger Tage, der sich über Mailspam über sein web.de Konto gesendet meldet

Zitat:

Received: from SVR-DATA.TRIXSOLUCIONES.LOCAL ([186.137.70.190]) by smtp.web.de (mrweb103) ...

Das wurde auch direkt übre den smtp server von web.de gesendet, eigentlich müsste das nach der Passwortänderung aufhören

Hatte das PW ja 1x geändert und dann fing es wieder an.

Werd aber das PW nochmal ändern und mal gucken, was passiert!

Trotzdem vielen Dank für deine Mühe.

Lg und schönes WE