| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.01.2013, 18:22
| #1 |
| |  Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Hallo Soeben bin ich (eher zufällig) darauf gekommen, dass auf dem Computer meiner Arbeitskollegin (Windows 7 Pro, 32bit) eine Menge "Dienste" mit der Beschreibung "New service would allow parents to control their children´s online activity." vorhanden sind. Eine Suche bei Google hat mich auf den Forumeintrag http://www.trojaner-board.de/115453-...irefef-br.html gebracht. Ich weiss, dass auf dem Computer meiner Kollegin einmal ein Trojaner gefunden wurde, ob es der erwähnte "Trojan.Sirefef.BR" ist, kann ich allerdings nicht sagen, insbesondere weil ich damals noch nicht in der Firma gearbeitet habe. Der Chef hat damals den Trojaner (anscheinend nur teilweise) entfernt. Alle diese zusätzlichen Dienste sind auf automatisch gesetzt, jedoch nicht gestartet. Wie sollen/können wir vorgehen, um diese zu entfernen? Eine Anmerkung vorweg: Da es ein Arbeitsplatz-PC und dazu nicht mein eigener ist, kann es z.T. etwas länger dauern, bis ich eine Rückmeldung auf empfohlene Schritte geben kann. Danke schon im voraus für jede Hilfe. Geändert von hacori (18.01.2013 um 18:28 Uhr) |
|
18.01.2013, 18:37
| #2 |
| /// Malware-holic   | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Hi,
__________________arbeitsplatz pc heißt firmen pc? habt ihr ne IT abteilung?
__________________ |
|
21.01.2013, 11:37
| #3 | |
| | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch TrojanerZitat:
|
|
21.01.2013, 13:40
| #4 |
| /// Malware-holic | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Ok. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 12:19
| #5 |
| | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Leider scheitere ich bereits beim ausführen von OTL. Nach dem Herunterladen und rechtem Mausklick, ausführen als Administrator erscheint die folgende Fehlermeldung: "Die Anwendung konnte nicht korrekt gestartet werden (0xc0000005). Klicken Sie auf "OK", um die Anwendung zu schliessen." Was mir sonst noch aufgefallen ist: Der Dienst Windows Firewall existiert nicht und kann somit auch nicht gestartet werden. Beim Versuch, die empfohlenen Einstellungen in der Systemsteuerung zu aktivieren, erscheint ebenfalls eine Fehlermeldung: "Einige der Einstellungen können von der Windows Firewall nicht geändert werden. Fehlercode 0x80070424" |
|
23.01.2013, 13:15
| #6 |
| /// Malware-holic | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner hi will mir etwas ansehen, aber ich denke, ich werd dir den Rat geben, das gerät neu aufzusetzen. das ist bei Firmen pcs mit Malware das beste. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner |
|
23.01.2013, 17:44
| #7 |
| | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Hier die Logdatei, es wurden mehrere Einträge gefunden. Währenddessen hat das Antivirenprogramm (Norman Security Suite) ebenfalls mehrmals ein Popup-Fenster mit einer Trojaner-Erkennung angezeigt. Code:
ATTFilter 17:33:10.0015 3744 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:33:10.0234 3744 ============================================================
17:33:10.0234 3744 Current date / time: 2013/01/23 17:33:10.0234
17:33:10.0234 3744 SystemInfo:
17:33:10.0234 3744
17:33:10.0234 3744 OS Version: 6.1.7601 ServicePack: 1.0
17:33:10.0234 3744 Product type: Workstation
17:33:10.0234 3744 ComputerName: MARTINA4
17:33:10.0234 3744 UserName: Martina
17:33:10.0234 3744 Windows directory: C:\Windows
17:33:10.0234 3744 System windows directory: C:\Windows
17:33:10.0234 3744 Processor architecture: Intel x86
17:33:10.0234 3744 Number of processors: 2
17:33:10.0234 3744 Page size: 0x1000
17:33:10.0234 3744 Boot type: Normal boot
17:33:10.0234 3744 ============================================================
17:33:11.0420 3744 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:33:11.0451 3744 ============================================================
17:33:11.0451 3744 \Device\Harddisk0\DR0:
17:33:11.0451 3744 MBR partitions:
17:33:11.0451 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
17:33:11.0451 3744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x23BE2800
17:33:11.0451 3744 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23FE2800, BlocksNum 0x1447000
17:33:11.0451 3744 ============================================================
17:33:11.0467 3744 C: <-> \Device\Harddisk0\DR0\Partition2
17:33:11.0498 3744 D: <-> \Device\Harddisk0\DR0\Partition3
17:33:11.0498 3744 ============================================================
17:33:11.0498 3744 Initialize success
17:33:11.0498 3744 ============================================================
17:33:47.0819 4700 ============================================================
17:33:47.0819 4700 Scan started
17:33:47.0819 4700 Mode: Manual; SigCheck; TDLFS;
17:33:47.0819 4700 ============================================================
17:33:48.0225 4700 ================ Scan system memory ========================
17:33:48.0225 4700 System memory - ok
17:33:48.0225 4700 ================ Scan services =============================
17:33:48.0396 4700 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:33:48.0568 4700 1394ohci - ok
17:33:48.0584 4700 6to4 - ok
17:33:48.0584 4700 a016bus - ok
17:33:48.0599 4700 A88xXBar - ok
17:33:48.0599 4700 a8djavs - ok
17:33:48.0615 4700 abnetmon - ok
17:33:48.0615 4700 abp480n5 - ok
17:33:48.0677 4700 [ 00659E56339389469473AEC41587E706 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:33:48.0755 4700 ac.sharedstore - ok
17:33:48.0787 4700 ACDaemon - ok
17:33:48.0787 4700 acdservice - ok
17:33:48.0802 4700 acedrv05 - ok
17:33:48.0818 4700 acermemusagecheckservice - ok
17:33:48.0818 4700 acmservice - ok
17:33:48.0818 4700 acnusvc - ok
17:33:48.0849 4700 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:33:48.0911 4700 ACPI - ok
17:33:48.0927 4700 acpiec - ok
17:33:48.0958 4700 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:33:49.0021 4700 AcpiPmi - ok
17:33:49.0036 4700 acprfmgrsvc - ok
17:33:49.0068 4700 acrsch2svc - ok
17:33:49.0083 4700 admservice - ok
17:33:49.0114 4700 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:49.0177 4700 AdobeARMservice - ok
17:33:49.0270 4700 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:49.0333 4700 AdobeFlashPlayerUpdateSvc - ok
17:33:49.0380 4700 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:33:49.0442 4700 adp94xx - ok
17:33:49.0473 4700 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:33:49.0505 4700 adpahci - ok
17:33:49.0536 4700 [ B89CFBE8CB247B57D8C10ADAA66B462B ] adpu160m C:\Windows\system32\se44unic.dll
17:33:49.0551 4700 Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:33:49.0551 4700 adpu160m ( Backdoor.Multi.ZAccess.gen ) - infected
17:33:49.0551 4700 adpu160m - detected Backdoor.Multi.ZAccess.gen (0)
17:33:49.0583 4700 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:33:49.0645 4700 adpu320 - ok
17:33:49.0661 4700 aegisp - ok
17:33:49.0692 4700 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:33:49.0770 4700 AeLookupSvc - ok
17:33:49.0786 4700 AF15BDA - ok
17:33:49.0801 4700 Afc - ok
17:33:49.0818 4700 [ 8461978817841601ED6FBA20A7724BCA ] AFD C:\Windows\system32\drivers\afd.sys
17:33:49.0865 4700 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 8461978817841601ED6FBA20A7724BCA, Fake md5: 9EBBBA55060F786F0FCAA3893BFA2806
17:33:49.0865 4700 AFD ( Virus.Win32.ZAccess.g ) - infected
17:33:49.0865 4700 AFD - detected Virus.Win32.ZAccess.g (0)
17:33:49.0865 4700 AFGSp50 - ok
17:33:49.0865 4700 ageresoftmodem - ok
17:33:49.0880 4700 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:33:49.0911 4700 agp440 - ok
17:33:49.0911 4700 agrsrvce - ok
17:33:49.0927 4700 AGV - ok
17:33:49.0943 4700 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:33:49.0989 4700 aic78xx - ok
17:33:49.0989 4700 aiclient - ok
17:33:50.0005 4700 Airgo - ok
17:33:50.0021 4700 alertmanager - ok
17:33:50.0052 4700 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:33:50.0146 4700 ALG - ok
17:33:50.0161 4700 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:33:50.0192 4700 aliide - ok
17:33:50.0208 4700 alim1541 - ok
17:33:50.0224 4700 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:33:50.0255 4700 amdagp - ok
17:33:50.0270 4700 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:33:50.0286 4700 amdide - ok
17:33:50.0317 4700 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:33:50.0380 4700 AmdK8 - ok
17:33:50.0395 4700 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:33:50.0442 4700 AmdPPM - ok
17:33:50.0473 4700 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:33:50.0536 4700 amdsata - ok
17:33:50.0567 4700 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:33:50.0614 4700 amdsbs - ok
17:33:50.0614 4700 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:33:50.0630 4700 amdxata - ok
17:33:50.0649 4700 amfilter - ok
17:33:50.0659 4700 amoagent - ok
17:33:50.0659 4700 Angel2 - ok
17:33:50.0669 4700 anio - ok
17:33:50.0669 4700 aolavupd - ok
17:33:50.0679 4700 aolservice - ok
17:33:50.0711 4700 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:33:50.0820 4700 AppID - ok
17:33:50.0851 4700 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:33:50.0918 4700 AppIDSvc - ok
17:33:50.0960 4700 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:33:50.0992 4700 Appinfo - ok
17:33:51.0053 4700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:33:51.0094 4700 Apple Mobile Device - ok
17:33:51.0110 4700 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:33:51.0184 4700 AppMgmt - ok
17:33:51.0194 4700 Appn - ok
17:33:51.0209 4700 AppnApi - ok
17:33:51.0225 4700 AR5523 - ok
17:33:51.0241 4700 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:33:51.0273 4700 arc - ok
17:33:51.0288 4700 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:33:51.0320 4700 arcsas - ok
17:33:51.0340 4700 arkbcfltr - ok
17:33:51.0340 4700 arp1394 - ok
17:33:51.0350 4700 ARSVC - ok
17:33:51.0367 4700 artdhcp - ok
17:33:51.0367 4700 asapiw2k - ok
17:33:51.0367 4700 AsDsm - ok
17:33:51.0367 4700 AsIO - ok
17:33:51.0378 4700 ASNDIS5 - ok
17:33:51.0398 4700 aspi32 - ok
17:33:51.0398 4700 aspnet_state - ok
17:33:51.0398 4700 asuskeyboardservice - ok
17:33:51.0429 4700 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:51.0538 4700 AsyncMac - ok
17:33:51.0585 4700 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:33:51.0616 4700 atapi - ok
17:33:51.0632 4700 athr - ok
17:33:51.0632 4700 atikmdag - ok
17:33:51.0632 4700 AtiPcie - ok
17:33:51.0648 4700 atitool - ok
17:33:51.0663 4700 atkdisplf - ok
17:33:51.0663 4700 ATKFUSService - ok
17:33:51.0663 4700 atksgt - ok
17:33:51.0710 4700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:51.0819 4700 AudioEndpointBuilder - ok
17:33:51.0819 4700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:33:51.0835 4700 Audiosrv - ok
17:33:51.0850 4700 autostore - ok
17:33:51.0850 4700 avcgbfl - ok
17:33:51.0850 4700 AVCSTRM - ok
17:33:51.0866 4700 avfilter - ok
17:33:51.0882 4700 avg7alrt - ok
17:33:51.0882 4700 AVRec - ok
17:33:51.0897 4700 avsinc - ok
17:33:51.0913 4700 avupdsvc - ok
17:33:51.0913 4700 awecho - ok
17:33:51.0944 4700 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:33:52.0116 4700 AxInstSV - ok
17:33:52.0116 4700 AYDrvNT_ALYAC - ok
17:33:52.0163 4700 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:33:52.0256 4700 b06bdrv - ok
17:33:52.0288 4700 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:33:52.0334 4700 b57nd60x - ok
17:33:52.0334 4700 backupexecnotificationserver - ok
17:33:52.0350 4700 BASFND - ok
17:33:52.0366 4700 bcoreusb - ok
17:33:52.0366 4700 bc_ip_f - ok
17:33:52.0381 4700 bc_ngn - ok
17:33:52.0397 4700 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:33:52.0475 4700 BDESVC - ok
17:33:52.0490 4700 bdftdif - ok
17:33:52.0490 4700 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:33:52.0553 4700 Beep - ok
17:33:52.0553 4700 bglivesvc - ok
17:33:52.0584 4700 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:33:52.0678 4700 BITS - ok
17:33:52.0693 4700 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:33:52.0740 4700 blbdrive - ok
17:33:52.0740 4700 blueservice - ok
17:33:52.0756 4700 bmwebcfg - ok
17:33:52.0756 4700 bobo - ok
17:33:52.0803 4700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:33:52.0865 4700 Bonjour Service - ok
17:33:52.0881 4700 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:33:52.0943 4700 bowser - ok
17:33:52.0959 4700 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:33:53.0021 4700 BrFiltLo - ok
17:33:53.0021 4700 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:33:53.0068 4700 BrFiltUp - ok
17:33:53.0084 4700 brmfbags - ok
17:33:53.0115 4700 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:33:53.0162 4700 Browser - ok
17:33:53.0177 4700 BrScnUsb - ok
17:33:53.0224 4700 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:33:53.0271 4700 Brserid - ok
17:33:53.0286 4700 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:33:53.0333 4700 BrSerWdm - ok
17:33:53.0349 4700 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:33:53.0380 4700 BrUsbMdm - ok
17:33:53.0396 4700 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:33:53.0443 4700 BrUsbSer - ok
17:33:53.0458 4700 BsHelpCS - ok
17:33:53.0458 4700 btaudio - ok
17:33:53.0474 4700 btfirst - ok
17:33:53.0474 4700 bthidenum - ok
17:33:53.0474 4700 bthidmgr - ok
17:33:53.0489 4700 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:33:53.0552 4700 BTHMODEM - ok
17:33:53.0552 4700 bthpan - ok
17:33:53.0599 4700 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:33:53.0661 4700 bthserv - ok
17:33:53.0661 4700 btnetfilter - ok
17:33:53.0692 4700 btwaudio - ok
17:33:53.0692 4700 btwavdt - ok
17:33:53.0692 4700 btwhid - ok
17:33:53.0692 4700 btwrchid - ok
17:33:53.0708 4700 buslogic - ok
17:33:53.0708 4700 bwcsrv - ok
17:33:53.0708 4700 C-Dilla - ok
17:33:53.0708 4700 ca-messagequeuing - ok
17:33:53.0708 4700 CA561 - ok
17:33:53.0724 4700 cachemgr - ok
17:33:53.0724 4700 cacheserver - ok
17:33:53.0739 4700 CADlink - ok
17:33:53.0739 4700 caisafe - ok
17:33:53.0739 4700 CAMCAUD - ok
17:33:53.0739 4700 camdrl - ok
17:33:53.0755 4700 carboncopy32 - ok
17:33:53.0755 4700 Cardex - ok
17:33:53.0755 4700 ccflic0 - ok
17:33:53.0770 4700 CcmExec - ok
17:33:53.0770 4700 CdaC15BA - ok
17:33:53.0770 4700 cdaudio - ok
17:33:53.0786 4700 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:33:53.0833 4700 cdfs - ok
17:33:53.0864 4700 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:33:53.0926 4700 cdrom - ok
17:33:53.0926 4700 CDRPDACC - ok
17:33:53.0926 4700 cdudf_xp - ok
17:33:53.0926 4700 cebdaldr - ok
17:33:53.0973 4700 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:33:54.0020 4700 CertPropSvc - ok
17:33:54.0020 4700 cfsvcs - ok
17:33:54.0036 4700 cicssfs.scmmc223 - ok
17:33:54.0051 4700 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:33:54.0098 4700 circlass - ok
17:33:54.0114 4700 CiscoVpnInstallService - ok
17:33:54.0114 4700 citrixwmiservice - ok
17:33:54.0145 4700 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:33:54.0192 4700 CLFS - ok
17:33:54.0192 4700 clmtomcatstartersvc - ok
17:33:54.0192 4700 clr_optimization_v2.0.50215_32 - ok
17:33:54.0254 4700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:54.0348 4700 clr_optimization_v2.0.50727_32 - ok
17:33:54.0395 4700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:54.0520 4700 clr_optimization_v4.0.30319_32 - ok
17:33:54.0520 4700 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:54.0566 4700 CmBatt - ok
17:33:54.0582 4700 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:33:54.0613 4700 cmdide - ok
17:33:54.0613 4700 cmuda - ok
17:33:54.0660 4700 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
17:33:54.0691 4700 CNG - ok
17:33:54.0707 4700 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:33:54.0722 4700 Compbatt - ok
17:33:54.0754 4700 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:33:54.0800 4700 CompositeBus - ok
17:33:54.0800 4700 COMSysApp - ok
17:33:54.0816 4700 contentfilter - ok
17:33:54.0816 4700 cpqalert - ok
17:33:54.0832 4700 cqcpu - ok
17:33:54.0832 4700 cq_mem - ok
17:33:54.0847 4700 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:33:54.0879 4700 crcdisk - ok
17:33:54.0910 4700 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:33:54.0988 4700 CryptSvc - ok
17:33:55.0003 4700 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:33:55.0081 4700 CSC - ok
17:33:55.0113 4700 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:33:55.0206 4700 CscService - ok
17:33:55.0206 4700 CTAudSvcService - ok
17:33:55.0222 4700 CTEDSPSY.DLL - ok
17:33:55.0222 4700 CTMSHD - ok
17:33:55.0238 4700 ctprxy2k - ok
17:33:55.0238 4700 cusrvc - ok
17:33:55.0253 4700 cvsnt - ok
17:33:55.0253 4700 cwafrmiregistry - ok
17:33:55.0269 4700 CX88AUD - ok
17:33:55.0269 4700 cxpt_service - ok
17:33:55.0269 4700 cyberpowerups - ok
17:33:55.0269 4700 datunidr - ok
17:33:55.0284 4700 db2das00 - ok
17:33:55.0300 4700 db2governor - ok
17:33:55.0300 4700 db2jds - ok
17:33:55.0316 4700 dbmanagerscheduler - ok
17:33:55.0316 4700 DCamUSBGrandTek - ok
17:33:55.0316 4700 DCFS2K - ok
17:33:55.0331 4700 DcLps - ok
17:33:55.0347 4700 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:33:55.0378 4700 DcomLaunch - ok
17:33:55.0378 4700 DcPTP - ok
17:33:55.0394 4700 ddxgb - ok
17:33:55.0409 4700 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:33:55.0472 4700 defragsvc - ok
17:33:55.0487 4700 Dell1100_FUService - ok
17:33:55.0487 4700 deltafw - ok
17:33:55.0487 4700 de_serv - ok
17:33:55.0518 4700 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:33:55.0581 4700 DfsC - ok
17:33:55.0612 4700 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:33:55.0675 4700 Dhcp - ok
17:33:55.0675 4700 DirectUpdate - ok
17:33:55.0690 4700 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:33:55.0737 4700 discache - ok
17:33:55.0768 4700 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:33:55.0799 4700 Disk - ok
17:33:55.0815 4700 dkeysync - ok
17:33:55.0815 4700 dktknsrv - ok
17:33:55.0831 4700 dladresn - ok
17:33:55.0831 4700 dlapoolm - ok
17:33:55.0831 4700 dlartl_n - ok
17:33:55.0831 4700 dlbx_device - ok
17:33:55.0831 4700 dlcc_device - ok
17:33:55.0846 4700 dlcf_device - ok
17:33:55.0846 4700 dlcj_device - ok
17:33:55.0846 4700 dmprimer - ok
17:33:55.0877 4700 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:33:55.0940 4700 Dnscache - ok
17:33:55.0940 4700 dnsexit - ok
17:33:55.0971 4700 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:33:56.0034 4700 dot3svc - ok
17:33:56.0034 4700 dot4 - ok
17:33:56.0034 4700 downloadmanagerlite - ok
17:33:56.0034 4700 dpc_srv_webcast - ok
17:33:56.0065 4700 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:33:56.0127 4700 DPS - ok
17:33:56.0158 4700 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:33:56.0190 4700 drmkaud - ok
17:33:56.0205 4700 drvnddm - ok
17:33:56.0236 4700 ds1 - ok
17:33:56.0252 4700 dsunidrv - ok
17:33:56.0252 4700 dtsrvc - ok
17:33:56.0252 4700 dwmrcs - ok
17:33:56.0283 4700 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:33:56.0330 4700 DXGKrnl - ok
17:33:56.0346 4700 e1000 - ok
17:33:56.0377 4700 [ 20C70A4226C9A066D2EAD0C814083A95 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
17:33:56.0408 4700 e1kexpress - ok
17:33:56.0424 4700 EACSvrMngr - ok
17:33:56.0439 4700 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:33:56.0502 4700 EapHost - ok
17:33:56.0502 4700 easdrv - ok
17:33:56.0580 4700 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:33:56.0798 4700 ebdrv - ok
17:33:56.0814 4700 edspport - ok
17:33:56.0830 4700 eectrl - ok
17:33:56.0830 4700 eeyeevnt - ok
17:33:56.0845 4700 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:33:56.0923 4700 EFS - ok
17:33:56.0986 4700 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:33:57.0095 4700 ehRecvr - ok
17:33:57.0095 4700 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:33:57.0173 4700 ehSched - ok
17:33:57.0189 4700 EIO_XP - ok
17:33:57.0189 4700 EL90X - ok
17:33:57.0189 4700 elaunidr - ok
17:33:57.0189 4700 eliservice - ok
17:33:57.0235 4700 [ 05CC05C83EFAE4E98EEAE223DC22234F ] eLoggerSvc6 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
17:33:57.0329 4700 eLoggerSvc6 - ok
17:33:57.0345 4700 elotouchscreen - ok
17:33:57.0345 4700 elservice - ok
17:33:57.0376 4700 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:33:57.0423 4700 elxstor - ok
17:33:57.0438 4700 emAudio - ok
17:33:57.0438 4700 emitray - ok
17:33:57.0438 4700 emproxy - ok
17:33:57.0438 4700 entech - ok
17:33:57.0454 4700 Epfwndis - ok
17:33:57.0454 4700 epgspooler - ok
17:33:57.0454 4700 Eplpdx02 - ok
17:33:57.0470 4700 EpmPsd - ok
17:33:57.0470 4700 EPOWER - ok
17:33:57.0470 4700 epsonbidirectionalagent - ok
17:33:57.0470 4700 epstnt01 - ok
17:33:57.0470 4700 erecoveryservice - ok
17:33:57.0485 4700 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:33:57.0516 4700 ErrDev - ok
17:33:57.0532 4700 ersvc - ok
17:33:57.0532 4700 eventclientmultiplexer - ok
17:33:57.0563 4700 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:33:57.0594 4700 EventSystem - ok
17:33:57.0594 4700 evteng - ok
17:33:57.0626 4700 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:33:57.0672 4700 exfat - ok
17:33:57.0688 4700 Exportit - ok
17:33:57.0688 4700 F700iob - ok
17:33:57.0688 4700 F700ius - ok
17:33:57.0688 4700 fallback - ok
17:33:57.0735 4700 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:33:57.0797 4700 fastfat - ok
17:33:57.0813 4700 fasttrackinstallerservice - ok
17:33:57.0813 4700 fastuserswitchingcompatibility - ok
17:33:57.0829 4700 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:33:57.0875 4700 Fax - ok
17:33:57.0907 4700 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:33:57.0938 4700 fdc - ok
17:33:57.0953 4700 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:33:58.0000 4700 fdPHost - ok
17:33:58.0016 4700 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:33:58.0063 4700 FDResPub - ok
17:33:58.0078 4700 fetnd5bv - ok
17:33:58.0078 4700 FETNDIS - ok
17:33:58.0078 4700 filechecker - ok
17:33:58.0094 4700 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:33:58.0125 4700 FileInfo - ok
17:33:58.0125 4700 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:33:58.0188 4700 Filetrace - ok
17:33:58.0203 4700 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:58.0234 4700 flpydisk - ok
17:33:58.0266 4700 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:33:58.0297 4700 FltMgr - ok
17:33:58.0328 4700 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:33:58.0468 4700 FontCache - ok
17:33:58.0531 4700 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:33:58.0562 4700 FontCache3.0.0.0 - ok
17:33:58.0562 4700 Freedom - ok
17:33:58.0593 4700 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:33:58.0609 4700 FsDepends - ok
17:33:58.0625 4700 fshttps - ok
17:33:58.0625 4700 fsssvc - ok
17:33:58.0640 4700 FsVga - ok
17:33:58.0640 4700 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:33:58.0671 4700 Fs_Rec - ok
17:33:58.0687 4700 FTDIBUS - ok
17:33:58.0687 4700 ftpds - ok
17:33:58.0687 4700 ftpqueue - ok
17:33:58.0703 4700 FTSER2K - ok
17:33:58.0734 4700 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:33:58.0765 4700 fvevol - ok
17:33:58.0765 4700 FVNETusb - ok
17:33:58.0781 4700 FVXSCSI - ok
17:33:58.0796 4700 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:33:58.0827 4700 gagp30kx - ok
17:33:58.0827 4700 gbpoll - ok
17:33:58.0827 4700 gdihook5 - ok
17:33:58.0843 4700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:33:58.0874 4700 GEARAspiWDM - ok
17:33:58.0874 4700 GENERICDRV - ok
17:33:58.0874 4700 [ B89CFBE8CB247B57D8C10ADAA66B462B ] genmcmn C:\Windows\system32\se44unic.dll
17:33:58.0890 4700 Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:33:58.0890 4700 genmcmn ( Backdoor.Multi.ZAccess.gen ) - infected
17:33:58.0890 4700 genmcmn - detected Backdoor.Multi.ZAccess.gen (0)
17:33:58.0890 4700 ghostsec - ok
17:33:58.0890 4700 giveio - ok
17:33:58.0890 4700 GMSIPCI - ok
17:33:58.0906 4700 googledesktopmanager - ok
17:33:58.0906 4700 gpc - ok
17:33:58.0937 4700 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:33:58.0999 4700 gpsvc - ok
17:33:58.0999 4700 gtndis5 - ok
17:33:58.0999 4700 GTPTSER - ok
17:33:59.0015 4700 guardian2 - ok
17:33:59.0046 4700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:59.0186 4700 gupdate - ok
17:33:59.0202 4700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:59.0218 4700 gupdatem - ok
17:33:59.0249 4700 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:59.0389 4700 gusvc - ok
17:33:59.0389 4700 gv3 - ok
17:33:59.0405 4700 GVCplDrv - ok
17:33:59.0405 4700 hap17v2k - ok
17:33:59.0405 4700 HBtnKey - ok
17:33:59.0436 4700 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:33:59.0483 4700 hcw85cir - ok
17:33:59.0530 4700 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:59.0577 4700 HdAudAddService - ok
17:33:59.0592 4700 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:33:59.0655 4700 HDAudBus - ok
17:33:59.0670 4700 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
17:33:59.0717 4700 HECI - ok
17:33:59.0733 4700 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:33:59.0764 4700 HidBatt - ok
17:33:59.0780 4700 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:33:59.0826 4700 HidBth - ok
17:33:59.0826 4700 hidgame - ok
17:33:59.0858 4700 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:33:59.0889 4700 HidIr - ok
17:33:59.0920 4700 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:33:59.0983 4700 hidserv - ok
17:34:00.0014 4700 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:34:00.0045 4700 HidUsb - ok
17:34:00.0076 4700 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:34:00.0139 4700 hkmsvc - ok
17:34:00.0139 4700 hnmsvc - ok
17:34:00.0154 4700 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:34:00.0279 4700 HomeGroupListener - ok
17:34:00.0295 4700 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:34:00.0326 4700 HomeGroupProvider - ok
17:34:00.0357 4700 houdiniserver - ok
17:34:00.0404 4700 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:34:00.0435 4700 HP Support Assistant Service - ok
17:34:00.0435 4700 hpci - ok
17:34:00.0482 4700 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:34:00.0529 4700 HPDrvMntSvc.exe - ok
17:34:00.0529 4700 hpqddsvc - ok
17:34:00.0529 4700 hpqwmi - ok
17:34:00.0576 4700 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:34:00.0747 4700 hpqwmiex - ok
17:34:00.0779 4700 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:34:00.0810 4700 HpSAMD - ok
17:34:00.0810 4700 hpt3xx - ok
17:34:00.0825 4700 hsf_msft - ok
17:34:00.0825 4700 HssSrv - ok
17:34:00.0872 4700 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:34:00.0935 4700 HTTP - ok
17:34:00.0950 4700 httpfilter - ok
17:34:00.0950 4700 https-admserv61 - ok
17:34:00.0966 4700 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:34:00.0981 4700 hwpolicy - ok
17:34:01.0028 4700 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:34:01.0043 4700 i8042prt - ok
17:34:01.0108 4700 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\drivers\iastor.sys
17:34:01.0108 4700 iaStor - ok
17:34:01.0124 4700 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:34:01.0185 4700 iaStorV - ok
17:34:01.0185 4700 ibmsmbus - ok
17:34:01.0185 4700 IBM_LLC2 - ok
17:34:01.0201 4700 icam4usb - ok
17:34:01.0201 4700 ICAM5USB - ok
17:34:01.0201 4700 iclarityqosservice - ok
17:34:01.0216 4700 idebusdr - ok
17:34:01.0216 4700 idisw2km - ok
17:34:01.0249 4700 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:34:01.0366 4700 idsvc - ok
17:34:01.0510 4700 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:34:02.0143 4700 igfx - ok
17:34:02.0174 4700 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:34:02.0206 4700 iirsp - ok
17:34:02.0221 4700 iisadmin - ok
17:34:02.0252 4700 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:34:02.0362 4700 IKEEXT - ok
17:34:02.0362 4700 ikfilesec - ok
17:34:02.0377 4700 imap4d32 - ok
17:34:02.0377 4700 imonitor - ok
17:34:02.0393 4700 incdrec - ok
17:34:02.0393 4700 inspect - ok
17:34:02.0455 4700 [ D0A6C0CEB3B74A91884F804FF4F031C0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:34:02.0549 4700 IntcAzAudAddService - ok
17:34:02.0549 4700 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:34:02.0580 4700 intelide - ok
17:34:02.0611 4700 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:34:02.0643 4700 intelppm - ok
17:34:02.0643 4700 InterBaseGuardian - ok
17:34:02.0658 4700 iomdisk - ok
17:34:02.0658 4700 ip6fw - ok
17:34:02.0674 4700 ipahelper.exe - ok
17:34:02.0674 4700 iPassP - ok
17:34:02.0689 4700 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:34:02.0736 4700 IPBusEnum - ok
17:34:02.0752 4700 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:02.0814 4700 IpFilterDriver - ok
17:34:02.0830 4700 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:34:02.0861 4700 IPMIDRV - ok
17:34:02.0877 4700 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:34:02.0924 4700 IPNAT - ok
17:34:02.0955 4700 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:34:02.0970 4700 iPod Service - ok
17:34:02.0986 4700 IPSECSHM - ok
17:34:02.0986 4700 ipsraidn - ok
17:34:03.0002 4700 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:34:03.0064 4700 IRENUM - ok
17:34:03.0080 4700 irsir - ok
17:34:03.0080 4700 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:34:03.0111 4700 isapnp - ok
17:34:03.0111 4700 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:34:03.0158 4700 iScsiPrt - ok
17:34:03.0173 4700 isdrv120 - ok
17:34:03.0173 4700 ispwdsvc - ok
17:34:03.0173 4700 issvc - ok
17:34:03.0189 4700 iteatapi - ok
17:34:03.0204 4700 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:34:03.0329 4700 IviRegMgr - ok
17:34:03.0329 4700 ixiaendpoint - ok
17:34:03.0345 4700 JGOGO - ok
17:34:03.0345 4700 JRAID - ok
17:34:03.0345 4700 jsdaemon - ok
17:34:03.0361 4700 k750mgmt - ok
17:34:03.0361 4700 kavsvc - ok
17:34:03.0376 4700 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:34:03.0407 4700 kbdclass - ok
17:34:03.0423 4700 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:34:03.0470 4700 kbdhid - ok
17:34:03.0470 4700 kbstuff - ok
17:34:03.0470 4700 kerbkey - ok
17:34:03.0501 4700 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:34:03.0501 4700 KeyIso - ok
17:34:03.0501 4700 klif - ok
17:34:03.0517 4700 kpf4 - ok
17:34:03.0517 4700 kpfwsvc - ok
17:34:03.0532 4700 KR3NPXP - ok
17:34:03.0548 4700 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:34:03.0579 4700 KSecDD - ok
17:34:03.0595 4700 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:34:03.0642 4700 KSecPkg - ok
17:34:03.0642 4700 ksthunk - ok
17:34:03.0673 4700 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:34:03.0735 4700 KtmRm - ok
17:34:03.0735 4700 L6POD - ok
17:34:03.0782 4700 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:34:03.0844 4700 LanmanServer - ok
17:34:03.0876 4700 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:34:03.0954 4700 LanmanWorkstation - ok
17:34:03.0954 4700 lbrtfdc - ok
17:34:03.0969 4700 lbtserv - ok
17:34:03.0985 4700 LEX_AS_NIC_SERVICE_YNOS - ok
17:34:03.0985 4700 lhidflt2 - ok
17:34:03.0985 4700 LHidKe - ok
17:34:04.0001 4700 lhidusb - ok
17:34:04.0001 4700 livesrv - ok
17:34:04.0001 4700 liveupdate - ok
17:34:04.0016 4700 LKbdFlt2 - ok
17:34:04.0032 4700 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:34:04.0079 4700 lltdio - ok
17:34:04.0110 4700 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:34:04.0157 4700 lltdsvc - ok
17:34:04.0172 4700 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:34:04.0203 4700 lmhosts - ok
17:34:04.0203 4700 LMIRfsClientNP - ok
17:34:04.0219 4700 lmouflt2 - ok
17:34:04.0250 4700 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files\Intel\AMT\LMS.exe
17:34:04.0438 4700 LMS - ok
17:34:04.0453 4700 lockmgr - ok
17:34:04.0453 4700 LoopBeMidi1 - ok
17:34:04.0453 4700 lp6nds35 - ok
17:34:04.0469 4700 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:34:04.0500 4700 LSI_FC - ok
17:34:04.0531 4700 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:34:04.0562 4700 LSI_SAS - ok
17:34:04.0578 4700 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:34:04.0609 4700 LSI_SAS2 - ok
17:34:04.0625 4700 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:34:04.0672 4700 LSI_SCSI - ok
17:34:04.0672 4700 ltck000c - ok
17:34:04.0687 4700 ltmodem5 - ok
17:34:04.0703 4700 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:34:04.0750 4700 luafv - ok
17:34:04.0765 4700 LUsbFilt - ok
17:34:04.0781 4700 LVCap138 - ok
17:34:04.0781 4700 lvckap - ok
17:34:04.0781 4700 lvhidsvc - ok
17:34:04.0797 4700 lxbs_device - ok
17:34:04.0797 4700 lxbt_device - ok
17:34:04.0797 4700 lxda_device - ok
17:34:04.0812 4700 lyncusbserv - ok
17:34:04.0812 4700 MA-620 - ok
17:34:04.0812 4700 MA8032U - ok
17:34:04.0812 4700 MagicTune - ok
17:34:04.0828 4700 magictuneengine - ok
17:34:04.0828 4700 MailService - ok
17:34:04.0843 4700 MASPINT - ok
17:34:04.0843 4700 matlabserver - ok
17:34:04.0843 4700 MA_CMIDI - ok
17:34:04.0843 4700 mbr - ok
17:34:04.0875 4700 mcmscsvc - ok
17:34:04.0875 4700 mcnasvc - ok
17:34:04.0890 4700 mcontrol - ok
17:34:04.0890 4700 mcredirector - ok
17:34:04.0890 4700 mcstrm - ok
17:34:04.0906 4700 mcsysmon - ok
17:34:04.0906 4700 mctaskmanager - ok
17:34:04.0921 4700 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:34:04.0954 4700 Mcx2Svc - ok
17:34:04.0969 4700 mdc8021x - ok
17:34:04.0969 4700 mdm - ok
17:34:04.0969 4700 mediamaxxlservice - ok
17:34:05.0000 4700 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:34:05.0016 4700 megasas - ok
17:34:05.0047 4700 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:34:05.0094 4700 MegaSR - ok
17:34:05.0110 4700 mfeavfk - ok
17:34:05.0110 4700 mfetdik - ok
17:34:05.0110 4700 mhndrv - ok
17:34:05.0172 4700 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:34:05.0219 4700 Microsoft Office Groove Audit Service - ok
17:34:05.0219 4700 mlkkbdntdriver - ok
17:34:05.0250 4700 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:34:05.0297 4700 MMCSS - ok
17:34:05.0297 4700 MMRTKRNL - ok
17:34:05.0328 4700 mnmdd - ok
17:34:05.0344 4700 mnsframework - ok
17:34:05.0359 4700 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:34:05.0406 4700 Modem - ok
17:34:05.0406 4700 modemcsa - ok
17:34:05.0437 4700 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:34:05.0469 4700 monitor - ok
17:34:05.0469 4700 motoswitchservice - ok
17:34:05.0484 4700 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:34:05.0516 4700 mouclass - ok
17:34:05.0547 4700 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:34:05.0578 4700 mouhid - ok
17:34:05.0594 4700 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:34:05.0625 4700 mountmgr - ok
17:34:05.0640 4700 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:34:05.0687 4700 mpio - ok
17:34:05.0703 4700 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:34:05.0750 4700 mpsdrv - ok
17:34:05.0765 4700 MREMP50a64 - ok
17:34:05.0765 4700 mrpostman - ok
17:34:05.0765 4700 MRV6X32P - ok
17:34:05.0796 4700 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:34:05.0843 4700 MRxDAV - ok
17:34:05.0859 4700 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:05.0921 4700 mrxsmb - ok
17:34:05.0937 4700 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:05.0999 4700 mrxsmb10 - ok
17:34:06.0015 4700 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:06.0062 4700 mrxsmb20 - ok
17:34:06.0062 4700 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:34:06.0093 4700 msahci - ok
17:34:06.0109 4700 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:34:06.0140 4700 msdsm - ok
17:34:06.0155 4700 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:34:06.0218 4700 MSDTC - ok
17:34:06.0234 4700 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:34:06.0280 4700 Msfs - ok
17:34:06.0280 4700 msftpsvc - ok
17:34:06.0280 4700 MSFWDrv - ok
17:34:06.0296 4700 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:34:06.0343 4700 mshidkmdf - ok
17:34:06.0374 4700 MSIRCOMM - ok
17:34:06.0374 4700 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:34:06.0405 4700 msisadrv - ok
17:34:06.0436 4700 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:34:06.0483 4700 MSiSCSI - ok
17:34:06.0483 4700 msiserver - ok
17:34:06.0530 4700 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:34:06.0577 4700 MSKSSRV - ok
17:34:06.0593 4700 msloop - ok
17:34:06.0593 4700 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:06.0639 4700 MSPCLOCK - ok
17:34:06.0655 4700 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:34:06.0702 4700 MSPQM - ok
17:34:06.0717 4700 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:34:06.0749 4700 MsRPC - ok
17:34:06.0749 4700 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:34:06.0764 4700 mssmbios - ok
17:34:06.0780 4700 MSSQL$AUTODESKVAULT - ok
17:34:06.0780 4700 mssql$sqlexpress - ok
17:34:06.0780 4700 mstdc - ok
17:34:06.0795 4700 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:34:06.0827 4700 MSTEE - ok
17:34:06.0827 4700 msvad_simple - ok
17:34:06.0827 4700 msvsmon90 - ok
17:34:06.0842 4700 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:34:06.0873 4700 MTConfig - ok
17:34:06.0889 4700 Mtlstrm - ok
17:34:06.0889 4700 MtxDma0 - ok
17:34:06.0905 4700 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:34:06.0920 4700 Mup - ok
17:34:06.0920 4700 mvdcodec - ok
17:34:06.0936 4700 mwspollserver - ok
17:34:06.0936 4700 mwssched - ok
17:34:06.0952 4700 mwstick - ok
17:34:06.0952 4700 MXOFX - ok
17:34:06.0952 4700 nalntservice - ok
17:34:06.0983 4700 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:34:07.0014 4700 napagent - ok
17:34:07.0061 4700 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:34:07.0139 4700 NativeWifiP - ok
17:34:07.0139 4700 NCPro - ok
17:34:07.0186 4700 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:34:07.0279 4700 NDIS - ok
17:34:07.0311 4700 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:07.0357 4700 NdisCap - ok
17:34:07.0389 4700 [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
17:34:07.0404 4700 Ndiskio - ok
17:34:07.0404 4700 Ndismeetro - ok
17:34:07.0435 4700 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:07.0467 4700 NdisTapi - ok
17:34:07.0498 4700 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:07.0529 4700 Ndisuio - ok
17:34:07.0545 4700 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:07.0591 4700 NdisWan - ok
17:34:07.0607 4700 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:34:07.0670 4700 NDProxy - ok
17:34:07.0670 4700 neokdss - ok
17:34:07.0716 4700 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:34:07.0748 4700 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:07.0748 4700 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:07.0779 4700 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:34:07.0841 4700 NetBIOS - ok
17:34:07.0857 4700 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:34:07.0919 4700 NetBT - ok
17:34:07.0919 4700 netddedsdm - ok
17:34:07.0935 4700 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:34:07.0950 4700 Netlogon - ok
17:34:07.0997 4700 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:34:08.0060 4700 Netman - ok
17:34:08.0075 4700 NETMDUSB - ok
17:34:08.0091 4700 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:34:08.0122 4700 netprofm - ok
17:34:08.0138 4700 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:34:08.0169 4700 NetTcpPortSharing - ok
17:34:08.0169 4700 NETw3x32 - ok
17:34:08.0169 4700 NETw5x32 - ok
17:34:08.0169 4700 networkx - ok
17:34:08.0216 4700 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:34:08.0247 4700 nfrd960 - ok
17:34:08.0309 4700 [ 0D439F6337ADC15B1393060D108CA8D8 ] NGS c:\program files\norman\ngs\bin\ngs.sys
17:34:08.0341 4700 NGS - ok
17:34:08.0356 4700 [ AF6AF4685FBA9EF80589B688C231CBAA ] NHS C:\Program Files\Norman\Nvc\bin\nhs.exe
17:34:08.0544 4700 NHS - ok
17:34:08.0544 4700 nim32 - ok
17:34:08.0544 4700 nimdbgk - ok
17:34:08.0559 4700 nipxirmu - ok
17:34:08.0575 4700 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:34:08.0637 4700 NlaSvc - ok
17:34:08.0637 4700 nm - ok
17:34:08.0653 4700 Nmea - ok
17:34:08.0653 4700 NMSAccessU - ok
17:34:08.0653 4700 nmservice - ok
17:34:08.0668 4700 nmwcdc - ok
17:34:08.0668 4700 nmwcdcm - ok
17:34:08.0684 4700 [ EFB8638C018CD428B9DD78B7F89E2FAF ] NNFSVC C:\Program Files\Norman\Ngs\Bin\Nnf.exe
17:34:08.0793 4700 NNFSVC - ok
17:34:08.0809 4700 nod32krn - ok
17:34:08.0825 4700 [ C4D2D678F08F11F0EDB3BB4E89CE2B7A ] Norman NJeeves C:\Program Files\Norman\Npm\Bin\Njeeves.exe
17:34:08.0934 4700 Norman NJeeves - ok
17:34:08.0949 4700 [ 88CA218696CF13B260DB003787AB65AE ] Norman ZANDA C:\Program Files\Norman\Npm\Bin\Zanda.exe
17:34:09.0105 4700 Norman ZANDA - ok
17:34:09.0121 4700 NOWMEMDF - ok
17:34:09.0121 4700 npapimon - ok
17:34:09.0137 4700 npfmntor - ok
17:34:09.0152 4700 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:34:09.0199 4700 Npfs - ok
17:34:09.0215 4700 npkcmsvc - ok
17:34:09.0215 4700 npkcusb - ok
17:34:09.0246 4700 [ 0FDDFE0CF41B5EB87689E465E34DDD18 ] NPROSEC C:\Program Files\Norman\Ngs\Bin\nprosec.sys
17:34:09.0277 4700 NPROSEC - ok
17:34:09.0293 4700 [ A7C274DAB79D0F50BD4202A678684A71 ] NPROSECSVC C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
17:34:09.0386 4700 NPROSECSVC - ok
17:34:09.0402 4700 [ 82A058999D0CFB5C285FC22856E235C2 ] nregsec C:\Program Files\Norman\Ngs\Bin\nregsec.sys
17:34:09.0433 4700 nregsec - ok
17:34:09.0433 4700 nsctop - ok
17:34:09.0449 4700 [ 8634779EC283D55EEAFA9101733C6E93 ] nsesvc C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
17:34:09.0574 4700 nsesvc - ok
17:34:09.0605 4700 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:34:09.0667 4700 nsi - ok
17:34:09.0683 4700 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:34:09.0730 4700 nsiproxy - ok
17:34:09.0745 4700 nsysaudm - ok
17:34:09.0792 4700 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:34:09.0917 4700 Ntfs - ok
17:34:09.0917 4700 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:34:09.0964 4700 Null - ok
17:34:09.0964 4700 nvax - ok
17:34:09.0995 4700 [ 464F8915E1D9E831D807ECD7B195423D ] NvcMFlt C:\Windows\system32\DRIVERS\nvcv32mf.sys
17:34:10.0011 4700 NvcMFlt - ok
17:34:10.0042 4700 [ FF04B683F1260468789804C95077E1D4 ] nvcoas C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
17:34:10.0167 4700 nvcoas - ok
17:34:10.0198 4700 [ 98CDB972FD946B904CD1C6D5ECF2E878 ] NVOY C:\Program Files\Norman\npm\bin\nvoy.exe
17:34:10.0261 4700 NVOY - ok
17:34:10.0276 4700 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:34:10.0323 4700 nvraid - ok
17:34:10.0339 4700 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:34:10.0385 4700 nvstor - ok
17:34:10.0401 4700 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:34:10.0448 4700 nv_agp - ok
17:34:10.0448 4700 nwlnkspx - ok
17:34:10.0448 4700 nwrdr - ok
17:34:10.0448 4700 NwSapAgent - ok
17:34:10.0463 4700 NWUSBPort - ok
17:34:10.0463 4700 NxNetMon - ok
17:34:10.0510 4700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:34:10.0573 4700 odserv - ok
17:34:10.0573 4700 odysseyIM3 - ok
17:34:10.0588 4700 OEM02Afx - ok
17:34:10.0588 4700 OEM02Dev - ok
17:34:10.0604 4700 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:34:10.0651 4700 ohci1394 - ok
17:34:10.0651 4700 omci - ok
17:34:10.0651 4700 omniinet - ok
17:34:10.0651 4700 omniusbl - ok
17:34:10.0666 4700 omsad - ok
17:34:10.0666 4700 oracleoradb10g_home1isql*plus - ok
17:34:10.0666 4700 oracleorahomeagent - ok
17:34:10.0666 4700 oracleorahomemanagementserver - ok
17:34:10.0698 4700 oracleorahomepagingserver - ok
17:34:10.0698 4700 oracleorahometnslistener - ok
17:34:10.0698 4700 oracle_load_balancer_60_client-forms6i - ok
17:34:10.0713 4700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:10.0760 4700 ose - ok
17:34:10.0760 4700 p1131vid - ok
17:34:10.0760 4700 p17xfilt - ok
17:34:10.0791 4700 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:34:10.0854 4700 p2pimsvc - ok
17:34:10.0885 4700 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:34:10.0947 4700 p2psvc - ok
17:34:10.0947 4700 parallel - ok
17:34:10.0979 4700 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:34:11.0010 4700 Parport - ok
17:34:11.0025 4700 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:34:11.0057 4700 partmgr - ok
17:34:11.0072 4700 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:34:11.0103 4700 Parvdm - ok
17:34:11.0103 4700 patrolagent - ok
17:34:11.0119 4700 pavprsrv - ok
17:34:11.0135 4700 pav_security - ok
17:34:11.0150 4700 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:34:11.0181 4700 PcaSvc - ok
17:34:11.0181 4700 pchost - ok
17:34:11.0197 4700 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:34:11.0228 4700 pci - ok
17:34:11.0244 4700 pcidrv - ok
17:34:11.0259 4700 pcidump - ok
17:34:11.0259 4700 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:34:11.0291 4700 pciide - ok
17:34:11.0291 4700 pciSd - ok
17:34:11.0322 4700 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:34:11.0353 4700 pcmcia - ok
17:34:11.0353 4700 pcouffin - ok
17:34:11.0353 4700 pcradminserver - ok
17:34:11.0369 4700 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:34:11.0384 4700 pcw - ok
17:34:11.0400 4700 pcx1unic - ok
17:34:11.0400 4700 pdengine - ok
17:34:11.0416 4700 pdfcDispatcher - ok
17:34:11.0416 4700 pdfcreatormessages - ok
17:34:11.0416 4700 pdlnafac - ok
17:34:11.0431 4700 pdlndint - ok
17:34:11.0447 4700 pdlnebas - ok
17:34:11.0447 4700 pdlnslea - ok
17:34:11.0447 4700 pdlnsv25 - ok
17:34:11.0462 4700 pdscheduler - ok
17:34:11.0478 4700 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:34:11.0572 4700 PEAUTH - ok
17:34:11.0603 4700 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:34:11.0775 4700 PeerDistSvc - ok
17:34:11.0775 4700 penrendezvous - ok
17:34:11.0790 4700 persfw - ok
17:34:11.0806 4700 pfmodnt - ok
17:34:11.0806 4700 PhilCam8116_XP - ok
17:34:11.0806 4700 phnxvcdservice - ok
17:34:11.0806 4700 pid_0928 - ok
17:34:11.0821 4700 pinetmgr - ok
17:34:11.0821 4700 pinnaclesys.mediaserver - ok
17:34:11.0868 4700 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:34:11.0977 4700 pla - ok
17:34:12.0024 4700 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:34:12.0102 4700 PlugPlay - ok
17:34:12.0102 4700 pmem - ok
17:34:12.0118 4700 pml - ok
17:34:12.0149 4700 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:34:12.0196 4700 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:12.0196 4700 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:12.0212 4700 pmounter - ok
17:34:12.0212 4700 pnkbstrk - ok
17:34:12.0212 4700 pnmsrv - ok
17:34:12.0227 4700 pnrouter - ok
17:34:12.0243 4700 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:34:12.0305 4700 PNRPAutoReg - ok
17:34:12.0336 4700 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:34:12.0352 4700 PNRPsvc - ok
17:34:12.0368 4700 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:34:12.0430 4700 PolicyAgent - ok
17:34:12.0446 4700 pop3d32 - ok
17:34:12.0477 4700 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:34:12.0524 4700 Power - ok
17:34:12.0524 4700 ppmoucls - ok
17:34:12.0524 4700 PPPoEWin - ok
17:34:12.0555 4700 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:34:12.0633 4700 PptpMiniport - ok
17:34:12.0633 4700 prepdrvr - ok
17:34:12.0649 4700 prevxagent - ok
17:34:12.0680 4700 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:34:12.0727 4700 Processor - ok
17:34:12.0727 4700 procmon10 - ok
17:34:12.0727 4700 profos - ok
17:34:12.0773 4700 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:34:12.0836 4700 ProfSvc - ok
17:34:12.0852 4700 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:12.0867 4700 ProtectedStorage - ok
17:34:12.0867 4700 proxyhostdriver - ok
17:34:12.0867 4700 proxyhostservice - ok
17:34:12.0898 4700 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:34:12.0945 4700 Psched - ok
17:34:12.0945 4700 psdvdisk - ok
17:34:12.0976 4700 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:34:13.0070 4700 PSI_SVC_2 - ok
17:34:13.0086 4700 PSSdk23 - ok
17:34:13.0086 4700 ptilink - ok
17:34:13.0086 4700 PTproct - ok
17:34:13.0086 4700 ptserial - ok
17:34:13.0101 4700 pwkntmon - ok
17:34:13.0101 4700 pxfhmdm - ok
17:34:13.0101 4700 pxfhserd - ok
17:34:13.0117 4700 qcdonner - ok
17:34:13.0117 4700 qkbfiltr - ok
17:34:13.0148 4700 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:34:13.0242 4700 ql2300 - ok
17:34:13.0273 4700 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:34:13.0320 4700 ql40xx - ok
17:34:13.0320 4700 qmofiltr - ok
17:34:13.0320 4700 qserver - ok
17:34:13.0320 4700 quickbooksdb - ok
17:34:13.0335 4700 QV2KUX - ok
17:34:13.0367 4700 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:34:13.0413 4700 QWAVE - ok
17:34:13.0429 4700 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:34:13.0460 4700 QWAVEdrv - ok
17:34:13.0460 4700 R300 - ok
17:34:13.0491 4700 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:34:13.0523 4700 RasAcd - ok
17:34:13.0570 4700 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:13.0616 4700 RasAgileVpn - ok
17:34:13.0648 4700 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:34:13.0694 4700 RasAuto - ok
17:34:13.0710 4700 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:13.0757 4700 Rasl2tp - ok
17:34:13.0788 4700 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:34:13.0835 4700 RasMan - ok
17:34:13.0850 4700 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:13.0882 4700 RasPppoe - ok
17:34:13.0913 4700 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:34:13.0960 4700 RasSstp - ok
17:34:13.0960 4700 Rawwan - ok
17:34:13.0975 4700 raysatxsi5_0server - ok
17:34:13.0975 4700 rbfilter - ok
17:34:14.0007 4700 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:34:14.0069 4700 rdbss - ok
17:34:14.0085 4700 RDID1007 - ok
17:34:14.0100 4700 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:14.0131 4700 rdpbus - ok
17:34:14.0147 4700 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:14.0194 4700 RDPCDD - ok
17:34:14.0209 4700 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:34:14.0272 4700 RDPDR - ok
17:34:14.0288 4700 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:34:14.0350 4700 RDPENCDD - ok
17:34:14.0366 4700 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:34:14.0412 4700 RDPREFMP - ok
17:34:14.0444 4700 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:34:14.0490 4700 RdpVideoMiniport - ok
17:34:14.0506 4700 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:34:14.0584 4700 RDPWD - ok
17:34:14.0600 4700 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:34:14.0647 4700 rdyboost - ok
17:34:14.0647 4700 regdefend - ok
17:34:14.0693 4700 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
17:34:14.0709 4700 regi - ok
17:34:14.0725 4700 regmon701 - ok
17:34:14.0725 4700 regsrvc - ok
17:34:14.0725 4700 relational - ok
17:34:14.0756 4700 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:34:14.0803 4700 RemoteAccess - ok
17:34:14.0834 4700 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:34:14.0896 4700 RemoteRegistry - ok
17:34:14.0896 4700 retrowdsvc - ok
17:34:14.0896 4700 RIOXDRV - ok
17:34:14.0912 4700 risdptsk - ok
17:34:14.0912 4700 rismxdp - ok
17:34:14.0912 4700 rksample - ok
17:34:14.0912 4700 rnadiagnosticsservice - ok
17:34:14.0927 4700 rnadirmultiplexor - ok
17:34:14.0959 4700 [ F7B9D92BFEAB3209070A43157BCBE765 ] ROCKEYNT C:\Windows\system32\DRIVERS\Rockey4.sys
17:34:14.0990 4700 ROCKEYNT - ok
17:34:15.0021 4700 [ 6C181380C7C0AEF128B59C1B300EF53E ] Rockey_USB C:\Windows\system32\DRIVERS\Rockey4USB.sys
17:34:15.0052 4700 Rockey_USB - ok
17:34:15.0052 4700 roxliveshare - ok
17:34:15.0068 4700 roxupnpserver - ok
17:34:15.0068 4700 rpcapd - ok
17:34:15.0099 4700 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:34:15.0146 4700 RpcEptMapper - ok
17:34:15.0177 4700 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:34:15.0224 4700 RpcLocator - ok
17:34:15.0224 4700 rpcnet - ok
17:34:15.0240 4700 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:34:15.0271 4700 RpcSs - ok
17:34:15.0271 4700 rpskt - ok
17:34:15.0271 4700 rpsupdaterr - ok
17:34:15.0286 4700 RR2Vbi - ok
17:34:15.0286 4700 rrrspy - ok
17:34:15.0302 4700 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:34:15.0364 4700 rspndr - ok
17:34:15.0364 4700 RT25USBAP - ok
17:34:15.0364 4700 rt2870 - ok
17:34:15.0364 4700 rtl8139 - ok
17:34:15.0380 4700 rtm - ok
17:34:15.0380 4700 rxfilter - ok
17:34:15.0380 4700 s117mdm - ok
17:34:15.0396 4700 s117unic - ok
17:34:15.0396 4700 s125mdm - ok
17:34:15.0396 4700 s125obex - ok
17:34:15.0396 4700 s217mgmt - ok
17:34:15.0411 4700 s217nd5 - ok
17:34:15.0427 4700 s217obex - ok
17:34:15.0458 4700 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:34:15.0505 4700 s3cap - ok
17:34:15.0521 4700 S3GIGP - ok
17:34:15.0521 4700 s3savagemx - ok
17:34:15.0521 4700 s616mdm - ok
17:34:15.0536 4700 s716mdfl - ok
17:34:15.0536 4700 s716mgmt - ok
17:34:15.0536 4700 SaiNtSub - ok
17:34:15.0552 4700 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:34:15.0567 4700 SamSs - ok
17:34:15.0567 4700 savscan - ok
17:34:15.0567 4700 sbcssvc - ok
17:34:15.0599 4700 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:34:15.0630 4700 sbp2port - ok
17:34:15.0692 4700 [ 55C1E4FDFD62A48FB5A2CE25F3AA8AE8 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:34:15.0864 4700 SBSDWSCService - ok
17:34:15.0864 4700 scanexplicit - ok
17:34:15.0880 4700 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:34:15.0942 4700 SCardSvr - ok
17:34:15.0973 4700 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:34:16.0020 4700 scfilter - ok
17:34:16.0051 4700 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:34:16.0129 4700 Schedule - ok
17:34:16.0145 4700 [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler C:\Program Files\Norman\Npm\Bin\scheduler.exe
17:34:16.0239 4700 Scheduler - ok
17:34:16.0270 4700 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:34:16.0285 4700 SCPolicySvc - ok
17:34:16.0285 4700 ScsiPort - ok
17:34:16.0301 4700 scsk4 - ok
17:34:16.0301 4700 sdcoreservice - ok
17:34:16.0301 4700 SDdriver - ok
17:34:16.0332 4700 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:34:16.0395 4700 SDRSVC - ok
17:34:16.0395 4700 SE26obex - ok
17:34:16.0395 4700 se27nd5 - ok
17:34:16.0395 4700 SE27obex - ok
17:34:16.0410 4700 SE2Bmdm - ok
17:34:16.0410 4700 SE2Cmdfl - ok
17:34:16.0410 4700 SE2Dmdfl - ok
17:34:16.0426 4700 SE2Dmdm - ok
17:34:16.0426 4700 se2Dunic - ok
17:34:16.0426 4700 SE2Ebus - ok
17:34:16.0426 4700 se44bus - ok
17:34:16.0441 4700 se45nd5 - ok
17:34:16.0441 4700 se45unic - ok
17:34:16.0441 4700 se59bus - ok
17:34:16.0473 4700 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:34:16.0520 4700 secdrv - ok
17:34:16.0535 4700 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:34:16.0598 4700 seclogon - ok
17:34:16.0598 4700 SED133x - ok
17:34:16.0613 4700 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:34:16.0660 4700 SENS - ok
17:34:16.0691 4700 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:34:16.0754 4700 SensrSvc - ok
17:34:16.0769 4700 ser2pl - ok
17:34:16.0769 4700 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:34:16.0816 4700 Serenum - ok
17:34:16.0832 4700 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:34:16.0863 4700 Serial - ok
17:34:16.0894 4700 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:34:16.0925 4700 sermouse - ok
17:34:16.0925 4700 servicemgr - ok
17:34:16.0925 4700 servidor - ok
17:34:16.0957 4700 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:34:17.0019 4700 SessionEnv - ok
17:34:17.0050 4700 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:34:17.0081 4700 sffdisk - ok
17:34:17.0097 4700 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:34:17.0113 4700 sffp_mmc - ok
17:34:17.0128 4700 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:34:17.0159 4700 sffp_sd - ok
17:34:17.0175 4700 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:17.0222 4700 sfloppy - ok
17:34:17.0222 4700 sfman - ok
17:34:17.0222 4700 sfsync02 - ok
17:34:17.0222 4700 sglfb - ok
17:34:17.0269 4700 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:34:17.0316 4700 SharedAccess - ok
17:34:17.0316 4700 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:17.0378 4700 ShellHWDetection - ok
17:34:17.0394 4700 shuttleengine - ok
17:34:17.0409 4700 si3114r - ok
17:34:17.0409 4700 SiS7018 - ok
17:34:17.0425 4700 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:34:17.0456 4700 sisagp - ok
17:34:17.0456 4700 SISNICXP - ok
17:34:17.0472 4700 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:17.0503 4700 SiSRaid2 - ok
17:34:17.0534 4700 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:17.0565 4700 SiSRaid4 - ok
17:34:17.0581 4700 sit_bus - ok
17:34:17.0581 4700 sit_mdm - ok
17:34:17.0690 4700 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:34:18.0065 4700 Skype C2C Service - ok
17:34:18.0112 4700 [ EF3B592545676301CDEB7C2609EED7BF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:34:18.0268 4700 SkypeUpdate - ok
17:34:18.0283 4700 slapd-data52 - ok
17:34:18.0283 4700 slave - ok
17:34:18.0283 4700 sleepy - ok
17:34:18.0299 4700 slee_503_service - ok
17:34:18.0299 4700 slimsvc - ok
17:34:18.0299 4700 Slntamr - ok
17:34:18.0315 4700 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:34:18.0361 4700 Smb - ok
17:34:18.0361 4700 smservauth - ok
17:34:18.0361 4700 smstsmgr - ok
17:34:18.0377 4700 smwdm - ok
17:34:18.0408 4700 [ B89CFBE8CB247B57D8C10ADAA66B462B ] snapman C:\Windows\system32\se44unic.dll
17:34:18.0408 4700 Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:34:18.0408 4700 snapman ( Backdoor.Multi.ZAccess.gen ) - infected
17:34:18.0408 4700 snapman - detected Backdoor.Multi.ZAccess.gen (0)
17:34:18.0424 4700 SndTDriverV32 - ok
17:34:18.0455 4700 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:34:18.0486 4700 SNMPTRAP - ok
17:34:18.0486 4700 SNTIE - ok
17:34:18.0502 4700 softfax - ok
17:34:18.0502 4700 sonicatheaterinstallerservice - ok
17:34:18.0502 4700 sonypvu1 - ok
17:34:18.0517 4700 sparrow - ok
17:34:18.0517 4700 spcsutilityservice - ok
17:34:18.0517 4700 SPCtl - ok
17:34:18.0517 4700 speakerphone - ok
17:34:18.0533 4700 speedfan - ok
17:34:18.0549 4700 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:34:18.0580 4700 spldr - ok
17:34:18.0595 4700 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:34:18.0642 4700 Spooler - ok
17:34:18.0705 4700 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:34:18.0908 4700 sppsvc - ok
17:34:18.0939 4700 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:34:19.0017 4700 sppuinotify - ok
17:34:19.0017 4700 sprtsvc_ddoctorv2 - ok
17:34:19.0017 4700 sptisrv - ok
17:34:19.0017 4700 sp_rssrv - ok
17:34:19.0032 4700 SQLAgent$LG_LP2 - ok
17:34:19.0032 4700 sqlagent$soshome22 - ok
17:34:19.0032 4700 SQLBrowser - ok
17:34:19.0048 4700 sqlserveragent - ok
17:34:19.0064 4700 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:34:19.0142 4700 srv - ok
17:34:19.0173 4700 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:34:19.0235 4700 srv2 - ok
17:34:19.0235 4700 SrvcEPECioctl - ok
17:34:19.0251 4700 srvdpi - ok
17:34:19.0251 4700 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:34:19.0313 4700 srvnet - ok
17:34:19.0313 4700 sr_service - ok
17:34:19.0329 4700 sscdmdfl - ok
17:34:19.0345 4700 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:34:19.0391 4700 SSDPSRV - ok
17:34:19.0407 4700 SSHDRV61 - ok
17:34:19.0407 4700 sskbfd - ok
17:34:19.0423 4700 ssm_bus - ok
17:34:19.0423 4700 ssoftservice - ok
17:34:19.0438 4700 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:34:19.0470 4700 SstpSvc - ok
17:34:19.0470 4700 stacsv - ok
17:34:19.0480 4700 StarOpen - ok
17:34:19.0480 4700 starwindservice - ok
17:34:19.0522 4700 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:34:19.0537 4700 stexstor - ok
17:34:19.0538 4700 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:34:19.0579 4700 StillCam - ok
17:34:19.0589 4700 stirusb - ok
17:34:19.0615 4700 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:34:19.0684 4700 StiSvc - ok
17:34:19.0695 4700 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:34:19.0736 4700 storflt - ok
17:34:19.0751 4700 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:34:19.0784 4700 StorSvc - ok
17:34:19.0815 4700 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:34:19.0835 4700 storvsc - ok
17:34:19.0845 4700 streamloadservice - ok
17:34:19.0845 4700 superproserver - ok
17:34:19.0855 4700 Sus2pl - ok
17:34:19.0855 4700 suservice - ok
17:34:19.0870 4700 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:34:19.0901 4700 swenum - ok
17:34:19.0901 4700 swmidi - ok
17:34:19.0923 4700 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:34:19.0995 4700 swprv - ok
17:34:19.0995 4700 symantecantibotdriver - ok
17:34:20.0010 4700 SymIM - ok
17:34:20.0026 4700 symmpi - ok
17:34:20.0026 4700 symndis - ok
17:34:20.0026 4700 symredrv - ok
17:34:20.0041 4700 symwsc - ok
17:34:20.0041 4700 syntp - ok
17:34:20.0042 4700 sysdown - ok
17:34:20.0073 4700 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:34:20.0166 4700 SysMain - ok
17:34:20.0176 4700 sysmgmthp - ok
17:34:20.0176 4700 szserver - ok
17:34:20.0207 4700 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:20.0254 4700 TabletInputService - ok
17:34:20.0254 4700 tandpl - ok
17:34:20.0285 4700 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:34:20.0332 4700 TapiSrv - ok
17:34:20.0332 4700 tavsvc - ok
17:34:20.0363 4700 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:34:20.0425 4700 TBS - ok
17:34:20.0425 4700 TClass2k - ok
17:34:20.0472 4700 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:34:20.0581 4700 Tcpip - ok
17:34:20.0628 4700 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:34:20.0644 4700 TCPIP6 - ok
17:34:20.0675 4700 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:34:20.0706 4700 tcpipreg - ok
17:34:20.0722 4700 TcUsb - ok
17:34:20.0737 4700 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:34:20.0800 4700 TDPIPE - ok
17:34:20.0800 4700 tdrpman - ok
17:34:20.0800 4700 tdsmapi - ok
17:34:20.0815 4700 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:34:20.0847 4700 TDTCP - ok
17:34:20.0878 4700 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:34:20.0925 4700 tdx - ok
17:34:20.0940 4700 TeamViewer - ok
17:34:21.0034 4700 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:34:21.0268 4700 TeamViewer8 - ok
17:34:21.0284 4700 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:34:21.0315 4700 TermDD - ok
17:34:21.0346 4700 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:34:21.0424 4700 TermService - ok
17:34:21.0440 4700 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:34:21.0487 4700 Themes - ok
17:34:21.0502 4700 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:34:21.0518 4700 THREADORDER - ok
17:34:21.0518 4700 tme3srv - ok
17:34:21.0533 4700 tmesbs32 - ok
17:34:21.0549 4700 TMMEmu - ok
17:34:21.0549 4700 TNaviSrv - ok
17:34:21.0549 4700 tng-dtmg - ok
17:34:21.0549 4700 tnidriver - ok
17:34:21.0565 4700 toscosrv - ok
17:34:21.0565 4700 tosrfnds - ok
17:34:21.0580 4700 tosrfsnd - ok
17:34:21.0580 4700 tossmbnt - ok
17:34:21.0580 4700 tpkmpsvc - ok
17:34:21.0596 4700 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
17:34:21.0627 4700 TPM - ok
17:34:21.0643 4700 TPPWRIF - ok
17:34:21.0643 4700 tpsrv - ok
17:34:21.0643 4700 transactional - ok
17:34:21.0658 4700 transbaseservice - ok
17:34:21.0658 4700 trcboot - ok
17:34:21.0690 4700 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:34:21.0752 4700 TrkWks - ok
17:34:21.0799 4700 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:21.0830 4700 TrustedInstaller - ok
17:34:21.0846 4700 tsdhd - ok
17:34:21.0846 4700 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:21.0892 4700 tssecsrv - ok
17:34:21.0924 4700 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:34:21.0986 4700 TsUsbFlt - ok
17:34:22.0002 4700 TuneUp.Defrag - ok
17:34:22.0002 4700 TuneUp.ProgramStatisticsSvc - ok
17:34:22.0033 4700 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:34:22.0111 4700 tunnel - ok
17:34:22.0111 4700 tunnelguardservice - ok
17:34:22.0111 4700 tvald - ok
17:34:22.0127 4700 tvtpktfilter - ok
17:34:22.0127 4700 twotrack - ok
17:34:22.0127 4700 tzontservice - ok
17:34:22.0142 4700 U2SP - ok
17:34:22.0158 4700 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:34:22.0173 4700 uagp35 - ok
17:34:22.0205 4700 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:34:22.0267 4700 udfs - ok
17:34:22.0298 4700 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:34:22.0345 4700 UI0Detect - ok
17:34:22.0361 4700 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:34:22.0376 4700 uliagpkx - ok
17:34:22.0408 4700 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:34:22.0439 4700 umbus - ok
17:34:22.0454 4700 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:34:22.0486 4700 UmPass - ok
17:34:22.0517 4700 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:34:22.0579 4700 UmRdpService - ok
17:34:22.0579 4700 UNDPX2A - ok
17:34:22.0657 4700 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
17:34:22.0907 4700 UNS - ok
17:34:22.0907 4700 uploadmgr - ok
17:34:22.0938 4700 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:34:22.0985 4700 upnphost - ok
17:34:23.0001 4700 USB28xxOEM - ok
17:34:23.0032 4700 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:34:23.0110 4700 USBAAPL - ok
17:34:23.0126 4700 USBCamera - ok
17:34:23.0141 4700 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
17:34:23.0219 4700 usbccgp - ok
17:34:23.0250 4700 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:34:23.0328 4700 usbcir - ok
17:34:23.0344 4700 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:34:23.0391 4700 usbehci - ok
17:34:23.0422 4700 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:34:23.0500 4700 usbhub - ok
17:34:23.0500 4700 usbmate - ok
17:34:23.0516 4700 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:34:23.0563 4700 usbohci - ok
17:34:23.0578 4700 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:34:23.0609 4700 usbprint - ok
17:34:23.0609 4700 usbscan - ok
17:34:23.0625 4700 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:23.0672 4700 USBSTOR - ok
17:34:23.0687 4700 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:23.0734 4700 usbuhci - ok
17:34:23.0750 4700 usb_rndisx - ok
17:34:23.0750 4700 USIUDF - ok
17:34:23.0765 4700 usprserv - ok
17:34:23.0765 4700 USR1806V - ok
17:34:23.0781 4700 usrbridg - ok
17:34:23.0781 4700 utscsi - ok
17:34:23.0812 4700 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:34:23.0844 4700 UxSms - ok
17:34:23.0844 4700 vaiomediaplatform-integratedserver-upnp - ok
17:34:23.0859 4700 vaiomediaplatform-mobile-gateway - ok
17:34:23.0859 4700 vaiomediaplatform-musicserver-appserver - ok
17:34:23.0875 4700 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:34:23.0890 4700 VaultSvc - ok
17:34:23.0890 4700 VC6SecS - ok
17:34:23.0906 4700 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:34:23.0937 4700 vdrvroot - ok
17:34:23.0953 4700 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:34:24.0015 4700 vds - ok
17:34:24.0015 4700 venturi2 - ok
17:34:24.0015 4700 vet-filt - ok
17:34:24.0031 4700 vetmsgnt - ok
17:34:24.0046 4700 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:24.0078 4700 vga - ok
17:34:24.0093 4700 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:34:24.0140 4700 VgaSave - ok
17:34:24.0156 4700 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:34:24.0203 4700 vhdmp - ok
17:34:24.0218 4700 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:34:24.0249 4700 viaagp - ok
17:34:24.0265 4700 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:34:24.0296 4700 ViaC7 - ok
17:34:24.0312 4700 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:34:24.0327 4700 viaide - ok
17:34:24.0327 4700 videX32 - ok
17:34:24.0343 4700 vmauthdservice - ok
17:34:24.0374 4700 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:34:24.0421 4700 vmbus - ok
17:34:24.0437 4700 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:34:24.0468 4700 VMBusHID - ok
17:34:24.0483 4700 vmm - ok
17:34:24.0483 4700 vmodem - ok
17:34:24.0483 4700 vmsprog - ok
17:34:24.0483 4700 vncdrv - ok
17:34:24.0499 4700 vnxservice - ok
17:34:24.0515 4700 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:34:24.0546 4700 volmgr - ok
17:34:24.0562 4700 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:34:24.0624 4700 volmgrx - ok
17:34:24.0624 4700 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:34:24.0671 4700 volsnap - ok
17:34:24.0671 4700 vpcnfltr - ok
17:34:24.0686 4700 vpcusb - ok
17:34:24.0702 4700 vsbus - ok
17:34:24.0718 4700 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:24.0764 4700 vsmraid - ok
17:34:24.0796 4700 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:34:24.0983 4700 VSS - ok
17:34:24.0983 4700 vvoice - ok
17:34:25.0014 4700 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:34:25.0061 4700 vwifibus - ok
17:34:25.0061 4700 VX1000 - ok
17:34:25.0061 4700 vzcdbsvc - ok
17:34:25.0061 4700 w200mdm - ok
17:34:25.0108 4700 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:34:25.0155 4700 W32Time - ok
17:34:25.0170 4700 w810obex - ok
17:34:25.0170 4700 W8335XP - ok
17:34:25.0170 4700 wacomkey - ok
17:34:25.0201 4700 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:34:25.0233 4700 WacomPen - ok
17:34:25.0248 4700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:34:25.0295 4700 WANARP - ok
17:34:25.0295 4700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:34:25.0311 4700 Wanarpv6 - ok
17:34:25.0326 4700 wanusb - ok
17:34:25.0326 4700 was - ok
17:34:25.0373 4700 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:25.0482 4700 WatAdminSvc - ok
17:34:25.0482 4700 WaveEnrollmentService - ok
17:34:25.0529 4700 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:34:25.0748 4700 wbengine - ok
17:34:25.0763 4700 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:34:25.0810 4700 WbioSrvc - ok
17:34:25.0826 4700 WcesComm - ok
17:34:25.0841 4700 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:34:25.0888 4700 wcncsvc - ok
17:34:25.0888 4700 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:25.0951 4700 WcsPlugInService - ok
17:34:25.0982 4700 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:34:26.0013 4700 Wd - ok
17:34:26.0044 4700 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:34:26.0107 4700 Wdf01000 - ok
17:34:26.0107 4700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:34:26.0169 4700 WdiServiceHost - ok
17:34:26.0185 4700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:34:26.0185 4700 WdiSystemHost - ok
17:34:26.0200 4700 WDM_YAMAHAAC97 - ok
17:34:26.0232 4700 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:34:26.0294 4700 WebClient - ok
17:34:26.0294 4700 webcompserver - ok
17:34:26.0294 4700 webrootenterpriseclientservice - ok
17:34:26.0294 4700 webrootenterpriseupdateservice - ok
17:34:26.0310 4700 websensecamserver - ok
17:34:26.0310 4700 websensewfreportserver - ok
17:34:26.0325 4700 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:34:26.0372 4700 Wecsvc - ok
17:34:26.0388 4700 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:34:26.0450 4700 wercplsupport - ok
17:34:26.0481 4700 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:34:26.0544 4700 WerSvc - ok
17:34:26.0591 4700 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:26.0637 4700 WfpLwf - ok
17:34:26.0637 4700 wg3n - ok
17:34:26.0637 4700 wg4n - ok
17:34:26.0669 4700 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:34:26.0684 4700 WIMMount - ok
17:34:26.0684 4700 winachcf - ok
17:34:26.0700 4700 WinDriver6 - ok
17:34:26.0700 4700 windrvNT - ok
17:34:26.0747 4700 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:34:26.0825 4700 Winmgmt - ok
17:34:26.0825 4700 winproxy - ok
17:34:26.0872 4700 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:34:27.0106 4700 WinRM - ok
17:34:27.0153 4700 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:27.0199 4700 WinUsb - ok
17:34:27.0215 4700 wkscfgsrv - ok
17:34:27.0246 4700 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:34:27.0387 4700 Wlansvc - ok
17:34:27.0418 4700 WLAN_USB - ok
17:34:27.0465 4700 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:27.0747 4700 wlidsvc - ok
17:34:27.0762 4700 wm - ok
17:34:27.0778 4700 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:34:27.0809 4700 WmiAcpi - ok
17:34:27.0840 4700 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:34:27.0872 4700 wmiApSrv - ok
17:34:27.0872 4700 wmp54gsvc - ok
17:34:27.0934 4700 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:34:28.0137 4700 WMPNetworkSvc - ok
17:34:28.0168 4700 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:34:28.0215 4700 WPCSvc - ok
17:34:28.0231 4700 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:34:28.0293 4700 WPDBusEnum - ok
17:34:28.0309 4700 wpsscannersvc - ok
17:34:28.0340 4700 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:34:28.0387 4700 ws2ifsl - ok
17:34:28.0387 4700 WSearch - ok
17:34:28.0402 4700 wstcodec - ok
17:34:28.0449 4700 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:34:28.0746 4700 wuauserv - ok
17:34:28.0777 4700 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:34:28.0808 4700 WudfPf - ok
17:34:28.0824 4700 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:28.0886 4700 WUDFRd - ok
17:34:28.0917 4700 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:34:28.0948 4700 wudfsvc - ok
17:34:28.0964 4700 WUSB54GCSVC - ok
17:34:28.0980 4700 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:34:29.0027 4700 WwanSvc - ok
17:34:29.0027 4700 X10UIF - ok
17:34:29.0042 4700 xaudioservice - ok
17:34:29.0042 4700 XBCD - ok
17:34:29.0042 4700 XDva004 - ok
17:34:29.0058 4700 XFX_program - ok
17:34:29.0058 4700 XUIF - ok
17:34:29.0058 4700 z525mdfl - ok
17:34:29.0073 4700 z800mgmt - ok
17:34:29.0073 4700 zdeviceservice - ok
17:34:29.0073 4700 zebrceb - ok
17:34:29.0089 4700 zebrsce - ok
17:34:29.0089 4700 zendcoreapache - ok
17:34:29.0089 4700 zfdwm - ok
17:34:29.0105 4700 zmxpzip - ok
17:34:29.0105 4700 zntport - ok
17:34:29.0120 4700 zpaction - ok
17:34:29.0120 4700 zpnodecollector - ok
17:34:29.0120 4700 ZSMC211 - ok
17:34:29.0136 4700 ZTEusbser6k - ok
17:34:29.0136 4700 ZuneBusEnum - ok
17:34:29.0151 4700 ZY202_XP - ok
17:34:29.0151 4700 {d31a0762-0ceb-444e-acff-b049a1f6fe91} - ok
17:34:29.0151 4700 ================ Scan global ===============================
17:34:29.0183 4700 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:34:29.0214 4700 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
17:34:29.0245 4700 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
17:34:29.0261 4700 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:34:29.0292 4700 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:34:29.0323 4700 [Global] - ok
17:34:29.0323 4700 ================ Scan MBR ==================================
17:34:29.0323 4700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:34:29.0588 4700 \Device\Harddisk0\DR0 - ok
17:34:29.0588 4700 ================ Scan VBR ==================================
17:34:29.0604 4700 [ 2D6D5916DD2F58F371D5B6E1D9485F05 ] \Device\Harddisk0\DR0\Partition1
17:34:29.0604 4700 \Device\Harddisk0\DR0\Partition1 - ok
17:34:29.0635 4700 [ 82CD3A24382267300A241513BBCADE94 ] \Device\Harddisk0\DR0\Partition2
17:34:29.0635 4700 \Device\Harddisk0\DR0\Partition2 - ok
17:34:29.0651 4700 [ 762BB35437253E2ED2210E0FC48C0061 ] \Device\Harddisk0\DR0\Partition3
17:34:29.0666 4700 \Device\Harddisk0\DR0\Partition3 - ok
17:34:29.0666 4700 ============================================================
17:34:29.0666 4700 Scan finished
17:34:29.0666 4700 ============================================================
17:34:29.0666 1120 Detected object count: 6
17:34:29.0666 1120 Actual detected object count: 6
17:35:09.0185 1120 adpu160m ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0185 1120 adpu160m ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:35:09.0185 1120 AFD ( Virus.Win32.ZAccess.g ) - skipped by user
17:35:09.0185 1120 AFD ( Virus.Win32.ZAccess.g ) - User select action: Skip
17:35:09.0185 1120 genmcmn ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0185 1120 genmcmn ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:35:09.0185 1120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:09.0185 1120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:09.0200 1120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:09.0200 1120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:09.0200 1120 snapman ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0200 1120 snapman ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
|
|
23.01.2013, 18:31
| #8 |
| /// Malware-holic | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Hi das ist das, was ich erwartet hab. wenn ihr von dem PC aus onlinebanking macht, lasst es wegen zero access rootkit sperren. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2013, 15:02
| #9 |
| | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner Danke für die Hilfe bzw die Ratschläge. Nach dem gestrigen Ergebnis von TDSSKiller habe ich schon befürchtet, dass die einzig wirklich sinnvolle Möglicheit das Neuaufsetzen des Computers ist. Onlinebanking läuft grundsätzlich nicht auf dem PC. Das erfolgt über eine Software, welche sich auf dem Server befindet. |
|
24.01.2013, 15:54
| #10 |
| /// Malware-holic | Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner ok, trotzdem ist das grade bei Arbeits pcs am besten neu aufzusetzen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner |
| automatisch, computer, control, dienste, eigener, einträge, entfernen, firma, gesetzt, google, länger, online, rückmeldung, schei, service, suche, trojaner, verursacht, vorgehen, vorhanden, windows, windows 7, zufällig, zusätzliche |
Linear-Darstellung
