Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner (https://www.trojaner-board.de/129751-zusaetzliche-eintraege-dienste-vermutlich-verursacht-trojaner.html)

hacori 18.01.2013 18:22
Zusätzliche Einträge in "Dienste" - vermutlich verursacht durch Trojaner
 
Hallo

Soeben bin ich (eher zufällig) darauf gekommen, dass auf dem Computer meiner Arbeitskollegin (Windows 7 Pro, 32bit) eine Menge "Dienste" mit der Beschreibung "New service would allow parents to control their children´s online activity." vorhanden sind.

Eine Suche bei Google hat mich auf den Forumeintrag http://www.trojaner-board.de/115453-...irefef-br.html gebracht. Ich weiss, dass auf dem Computer meiner Kollegin einmal ein Trojaner gefunden wurde, ob es der erwähnte "Trojan.Sirefef.BR" ist, kann ich allerdings nicht sagen, insbesondere weil ich damals noch nicht in der Firma gearbeitet habe. Der Chef hat damals den Trojaner (anscheinend nur teilweise) entfernt.

Alle diese zusätzlichen Dienste sind auf automatisch gesetzt, jedoch nicht gestartet. Wie sollen/können wir vorgehen, um diese zu entfernen?

Eine Anmerkung vorweg:
Da es ein Arbeitsplatz-PC und dazu nicht mein eigener ist, kann es z.T. etwas länger dauern, bis ich eine Rückmeldung auf empfohlene Schritte geben kann.

Danke schon im voraus für jede Hilfe.

markusg 18.01.2013 18:37
Hi,
arbeitsplatz pc heißt firmen pc? habt ihr ne IT abteilung?

hacori 21.01.2013 11:37
Zitat:
Zitat von markusg (Beitrag 993654)
Hi,
arbeitsplatz pc heißt firmen pc? habt ihr ne IT abteilung?
Zweimal ja, die Firma ist allerdings ein Kleinbetrieb - ich bin genau genommen selbst die IT Abteilung. Leider habe ich mit Viren/Trojanern noch wenig Erfahrung, daher die Anfrage.

markusg 21.01.2013 13:40
Ok.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hacori 23.01.2013 12:19
Leider scheitere ich bereits beim ausführen von OTL. Nach dem Herunterladen und rechtem Mausklick, ausführen als Administrator erscheint die folgende Fehlermeldung:

"Die Anwendung konnte nicht korrekt gestartet werden (0xc0000005). Klicken Sie auf "OK", um die Anwendung zu schliessen."

Was mir sonst noch aufgefallen ist: Der Dienst Windows Firewall existiert nicht und kann somit auch nicht gestartet werden. Beim Versuch, die empfohlenen Einstellungen in der Systemsteuerung zu aktivieren, erscheint ebenfalls eine Fehlermeldung:

"Einige der Einstellungen können von der Windows Firewall nicht geändert werden.
Fehlercode 0x80070424"

markusg 23.01.2013 13:15
hi
will mir etwas ansehen, aber ich denke, ich werd dir den Rat geben, das gerät neu aufzusetzen.
das ist bei Firmen pcs mit Malware das beste.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

hacori 23.01.2013 17:44
Hier die Logdatei, es wurden mehrere Einträge gefunden. Währenddessen hat das Antivirenprogramm (Norman Security Suite) ebenfalls mehrmals ein Popup-Fenster mit einer Trojaner-Erkennung angezeigt.


Code:
17:33:10.0015 3744  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:33:10.0234 3744  ============================================================
17:33:10.0234 3744  Current date / time: 2013/01/23 17:33:10.0234
17:33:10.0234 3744  SystemInfo:
17:33:10.0234 3744 
17:33:10.0234 3744  OS Version: 6.1.7601 ServicePack: 1.0
17:33:10.0234 3744  Product type: Workstation
17:33:10.0234 3744  ComputerName: MARTINA4
17:33:10.0234 3744  UserName: Martina
17:33:10.0234 3744  Windows directory: C:\Windows
17:33:10.0234 3744  System windows directory: C:\Windows
17:33:10.0234 3744  Processor architecture: Intel x86
17:33:10.0234 3744  Number of processors: 2
17:33:10.0234 3744  Page size: 0x1000
17:33:10.0234 3744  Boot type: Normal boot
17:33:10.0234 3744  ============================================================
17:33:11.0420 3744  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:33:11.0451 3744  ============================================================
17:33:11.0451 3744  \Device\Harddisk0\DR0:
17:33:11.0451 3744  MBR partitions:
17:33:11.0451 3744  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
17:33:11.0451 3744  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x23BE2800
17:33:11.0451 3744  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23FE2800, BlocksNum 0x1447000
17:33:11.0451 3744  ============================================================
17:33:11.0467 3744  C: <-> \Device\Harddisk0\DR0\Partition2
17:33:11.0498 3744  D: <-> \Device\Harddisk0\DR0\Partition3
17:33:11.0498 3744  ============================================================
17:33:11.0498 3744  Initialize success
17:33:11.0498 3744  ============================================================
17:33:47.0819 4700  ============================================================
17:33:47.0819 4700  Scan started
17:33:47.0819 4700  Mode: Manual; SigCheck; TDLFS;
17:33:47.0819 4700  ============================================================
17:33:48.0225 4700  ================ Scan system memory ========================
17:33:48.0225 4700  System memory - ok
17:33:48.0225 4700  ================ Scan services =============================
17:33:48.0396 4700  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:33:48.0568 4700  1394ohci - ok
17:33:48.0584 4700  6to4 - ok
17:33:48.0584 4700  a016bus - ok
17:33:48.0599 4700  A88xXBar - ok
17:33:48.0599 4700  a8djavs - ok
17:33:48.0615 4700  abnetmon - ok
17:33:48.0615 4700  abp480n5 - ok
17:33:48.0677 4700  [ 00659E56339389469473AEC41587E706 ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
17:33:48.0755 4700  ac.sharedstore - ok
17:33:48.0787 4700  ACDaemon - ok
17:33:48.0787 4700  acdservice - ok
17:33:48.0802 4700  acedrv05 - ok
17:33:48.0818 4700  acermemusagecheckservice - ok
17:33:48.0818 4700  acmservice - ok
17:33:48.0818 4700  acnusvc - ok
17:33:48.0849 4700  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:33:48.0911 4700  ACPI - ok
17:33:48.0927 4700  acpiec - ok
17:33:48.0958 4700  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
17:33:49.0021 4700  AcpiPmi - ok
17:33:49.0036 4700  acprfmgrsvc - ok
17:33:49.0068 4700  acrsch2svc - ok
17:33:49.0083 4700  admservice - ok
17:33:49.0114 4700  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:49.0177 4700  AdobeARMservice - ok
17:33:49.0270 4700  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:33:49.0333 4700  AdobeFlashPlayerUpdateSvc - ok
17:33:49.0380 4700  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
17:33:49.0442 4700  adp94xx - ok
17:33:49.0473 4700  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
17:33:49.0505 4700  adpahci - ok
17:33:49.0536 4700  [ B89CFBE8CB247B57D8C10ADAA66B462B ] adpu160m        C:\Windows\system32\se44unic.dll
17:33:49.0551 4700  Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:33:49.0551 4700  adpu160m ( Backdoor.Multi.ZAccess.gen ) - infected
17:33:49.0551 4700  adpu160m - detected Backdoor.Multi.ZAccess.gen (0)
17:33:49.0583 4700  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
17:33:49.0645 4700  adpu320 - ok
17:33:49.0661 4700  aegisp - ok
17:33:49.0692 4700  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:33:49.0770 4700  AeLookupSvc - ok
17:33:49.0786 4700  AF15BDA - ok
17:33:49.0801 4700  Afc - ok
17:33:49.0818 4700  [ 8461978817841601ED6FBA20A7724BCA ] AFD            C:\Windows\system32\drivers\afd.sys
17:33:49.0865 4700  Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 8461978817841601ED6FBA20A7724BCA, Fake md5: 9EBBBA55060F786F0FCAA3893BFA2806
17:33:49.0865 4700  AFD ( Virus.Win32.ZAccess.g ) - infected
17:33:49.0865 4700  AFD - detected Virus.Win32.ZAccess.g (0)
17:33:49.0865 4700  AFGSp50 - ok
17:33:49.0865 4700  ageresoftmodem - ok
17:33:49.0880 4700  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:33:49.0911 4700  agp440 - ok
17:33:49.0911 4700  agrsrvce - ok
17:33:49.0927 4700  AGV - ok
17:33:49.0943 4700  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
17:33:49.0989 4700  aic78xx - ok
17:33:49.0989 4700  aiclient - ok
17:33:50.0005 4700  Airgo - ok
17:33:50.0021 4700  alertmanager - ok
17:33:50.0052 4700  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
17:33:50.0146 4700  ALG - ok
17:33:50.0161 4700  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:33:50.0192 4700  aliide - ok
17:33:50.0208 4700  alim1541 - ok
17:33:50.0224 4700  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:33:50.0255 4700  amdagp - ok
17:33:50.0270 4700  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:33:50.0286 4700  amdide - ok
17:33:50.0317 4700  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
17:33:50.0380 4700  AmdK8 - ok
17:33:50.0395 4700  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:33:50.0442 4700  AmdPPM - ok
17:33:50.0473 4700  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
17:33:50.0536 4700  amdsata - ok
17:33:50.0567 4700  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:33:50.0614 4700  amdsbs - ok
17:33:50.0614 4700  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
17:33:50.0630 4700  amdxata - ok
17:33:50.0649 4700  amfilter - ok
17:33:50.0659 4700  amoagent - ok
17:33:50.0659 4700  Angel2 - ok
17:33:50.0669 4700  anio - ok
17:33:50.0669 4700  aolavupd - ok
17:33:50.0679 4700  aolservice - ok
17:33:50.0711 4700  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
17:33:50.0820 4700  AppID - ok
17:33:50.0851 4700  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:33:50.0918 4700  AppIDSvc - ok
17:33:50.0960 4700  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
17:33:50.0992 4700  Appinfo - ok
17:33:51.0053 4700  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:33:51.0094 4700  Apple Mobile Device - ok
17:33:51.0110 4700  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
17:33:51.0184 4700  AppMgmt - ok
17:33:51.0194 4700  Appn - ok
17:33:51.0209 4700  AppnApi - ok
17:33:51.0225 4700  AR5523 - ok
17:33:51.0241 4700  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
17:33:51.0273 4700  arc - ok
17:33:51.0288 4700  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:33:51.0320 4700  arcsas - ok
17:33:51.0340 4700  arkbcfltr - ok
17:33:51.0340 4700  arp1394 - ok
17:33:51.0350 4700  ARSVC - ok
17:33:51.0367 4700  artdhcp - ok
17:33:51.0367 4700  asapiw2k - ok
17:33:51.0367 4700  AsDsm - ok
17:33:51.0367 4700  AsIO - ok
17:33:51.0378 4700  ASNDIS5 - ok
17:33:51.0398 4700  aspi32 - ok
17:33:51.0398 4700  aspnet_state - ok
17:33:51.0398 4700  asuskeyboardservice - ok
17:33:51.0429 4700  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:51.0538 4700  AsyncMac - ok
17:33:51.0585 4700  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
17:33:51.0616 4700  atapi - ok
17:33:51.0632 4700  athr - ok
17:33:51.0632 4700  atikmdag - ok
17:33:51.0632 4700  AtiPcie - ok
17:33:51.0648 4700  atitool - ok
17:33:51.0663 4700  atkdisplf - ok
17:33:51.0663 4700  ATKFUSService - ok
17:33:51.0663 4700  atksgt - ok
17:33:51.0710 4700  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:51.0819 4700  AudioEndpointBuilder - ok
17:33:51.0819 4700  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:33:51.0835 4700  Audiosrv - ok
17:33:51.0850 4700  autostore - ok
17:33:51.0850 4700  avcgbfl - ok
17:33:51.0850 4700  AVCSTRM - ok
17:33:51.0866 4700  avfilter - ok
17:33:51.0882 4700  avg7alrt - ok
17:33:51.0882 4700  AVRec - ok
17:33:51.0897 4700  avsinc - ok
17:33:51.0913 4700  avupdsvc - ok
17:33:51.0913 4700  awecho - ok
17:33:51.0944 4700  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:33:52.0116 4700  AxInstSV - ok
17:33:52.0116 4700  AYDrvNT_ALYAC - ok
17:33:52.0163 4700  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
17:33:52.0256 4700  b06bdrv - ok
17:33:52.0288 4700  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:33:52.0334 4700  b57nd60x - ok
17:33:52.0334 4700  backupexecnotificationserver - ok
17:33:52.0350 4700  BASFND - ok
17:33:52.0366 4700  bcoreusb - ok
17:33:52.0366 4700  bc_ip_f - ok
17:33:52.0381 4700  bc_ngn - ok
17:33:52.0397 4700  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:33:52.0475 4700  BDESVC - ok
17:33:52.0490 4700  bdftdif - ok
17:33:52.0490 4700  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:33:52.0553 4700  Beep - ok
17:33:52.0553 4700  bglivesvc - ok
17:33:52.0584 4700  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:33:52.0678 4700  BITS - ok
17:33:52.0693 4700  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:33:52.0740 4700  blbdrive - ok
17:33:52.0740 4700  blueservice - ok
17:33:52.0756 4700  bmwebcfg - ok
17:33:52.0756 4700  bobo - ok
17:33:52.0803 4700  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:33:52.0865 4700  Bonjour Service - ok
17:33:52.0881 4700  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:33:52.0943 4700  bowser - ok
17:33:52.0959 4700  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:33:53.0021 4700  BrFiltLo - ok
17:33:53.0021 4700  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:33:53.0068 4700  BrFiltUp - ok
17:33:53.0084 4700  brmfbags - ok
17:33:53.0115 4700  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
17:33:53.0162 4700  Browser - ok
17:33:53.0177 4700  BrScnUsb - ok
17:33:53.0224 4700  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
17:33:53.0271 4700  Brserid - ok
17:33:53.0286 4700  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:33:53.0333 4700  BrSerWdm - ok
17:33:53.0349 4700  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:33:53.0380 4700  BrUsbMdm - ok
17:33:53.0396 4700  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:33:53.0443 4700  BrUsbSer - ok
17:33:53.0458 4700  BsHelpCS - ok
17:33:53.0458 4700  btaudio - ok
17:33:53.0474 4700  btfirst - ok
17:33:53.0474 4700  bthidenum - ok
17:33:53.0474 4700  bthidmgr - ok
17:33:53.0489 4700  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:33:53.0552 4700  BTHMODEM - ok
17:33:53.0552 4700  bthpan - ok
17:33:53.0599 4700  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
17:33:53.0661 4700  bthserv - ok
17:33:53.0661 4700  btnetfilter - ok
17:33:53.0692 4700  btwaudio - ok
17:33:53.0692 4700  btwavdt - ok
17:33:53.0692 4700  btwhid - ok
17:33:53.0692 4700  btwrchid - ok
17:33:53.0708 4700  buslogic - ok
17:33:53.0708 4700  bwcsrv - ok
17:33:53.0708 4700  C-Dilla - ok
17:33:53.0708 4700  ca-messagequeuing - ok
17:33:53.0708 4700  CA561 - ok
17:33:53.0724 4700  cachemgr - ok
17:33:53.0724 4700  cacheserver - ok
17:33:53.0739 4700  CADlink - ok
17:33:53.0739 4700  caisafe - ok
17:33:53.0739 4700  CAMCAUD - ok
17:33:53.0739 4700  camdrl - ok
17:33:53.0755 4700  carboncopy32 - ok
17:33:53.0755 4700  Cardex - ok
17:33:53.0755 4700  ccflic0 - ok
17:33:53.0770 4700  CcmExec - ok
17:33:53.0770 4700  CdaC15BA - ok
17:33:53.0770 4700  cdaudio - ok
17:33:53.0786 4700  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:33:53.0833 4700  cdfs - ok
17:33:53.0864 4700  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
17:33:53.0926 4700  cdrom - ok
17:33:53.0926 4700  CDRPDACC - ok
17:33:53.0926 4700  cdudf_xp - ok
17:33:53.0926 4700  cebdaldr - ok
17:33:53.0973 4700  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
17:33:54.0020 4700  CertPropSvc - ok
17:33:54.0020 4700  cfsvcs - ok
17:33:54.0036 4700  cicssfs.scmmc223 - ok
17:33:54.0051 4700  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:33:54.0098 4700  circlass - ok
17:33:54.0114 4700  CiscoVpnInstallService - ok
17:33:54.0114 4700  citrixwmiservice - ok
17:33:54.0145 4700  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:33:54.0192 4700  CLFS - ok
17:33:54.0192 4700  clmtomcatstartersvc - ok
17:33:54.0192 4700  clr_optimization_v2.0.50215_32 - ok
17:33:54.0254 4700  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:54.0348 4700  clr_optimization_v2.0.50727_32 - ok
17:33:54.0395 4700  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:54.0520 4700  clr_optimization_v4.0.30319_32 - ok
17:33:54.0520 4700  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:54.0566 4700  CmBatt - ok
17:33:54.0582 4700  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:33:54.0613 4700  cmdide - ok
17:33:54.0613 4700  cmuda - ok
17:33:54.0660 4700  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG            C:\Windows\system32\Drivers\cng.sys
17:33:54.0691 4700  CNG - ok
17:33:54.0707 4700  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:33:54.0722 4700  Compbatt - ok
17:33:54.0754 4700  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:33:54.0800 4700  CompositeBus - ok
17:33:54.0800 4700  COMSysApp - ok
17:33:54.0816 4700  contentfilter - ok
17:33:54.0816 4700  cpqalert - ok
17:33:54.0832 4700  cqcpu - ok
17:33:54.0832 4700  cq_mem - ok
17:33:54.0847 4700  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
17:33:54.0879 4700  crcdisk - ok
17:33:54.0910 4700  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:33:54.0988 4700  CryptSvc - ok
17:33:55.0003 4700  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC            C:\Windows\system32\drivers\csc.sys
17:33:55.0081 4700  CSC - ok
17:33:55.0113 4700  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
17:33:55.0206 4700  CscService - ok
17:33:55.0206 4700  CTAudSvcService - ok
17:33:55.0222 4700  CTEDSPSY.DLL - ok
17:33:55.0222 4700  CTMSHD - ok
17:33:55.0238 4700  ctprxy2k - ok
17:33:55.0238 4700  cusrvc - ok
17:33:55.0253 4700  cvsnt - ok
17:33:55.0253 4700  cwafrmiregistry - ok
17:33:55.0269 4700  CX88AUD - ok
17:33:55.0269 4700  cxpt_service - ok
17:33:55.0269 4700  cyberpowerups - ok
17:33:55.0269 4700  datunidr - ok
17:33:55.0284 4700  db2das00 - ok
17:33:55.0300 4700  db2governor - ok
17:33:55.0300 4700  db2jds - ok
17:33:55.0316 4700  dbmanagerscheduler - ok
17:33:55.0316 4700  DCamUSBGrandTek - ok
17:33:55.0316 4700  DCFS2K - ok
17:33:55.0331 4700  DcLps - ok
17:33:55.0347 4700  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:33:55.0378 4700  DcomLaunch - ok
17:33:55.0378 4700  DcPTP - ok
17:33:55.0394 4700  ddxgb - ok
17:33:55.0409 4700  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
17:33:55.0472 4700  defragsvc - ok
17:33:55.0487 4700  Dell1100_FUService - ok
17:33:55.0487 4700  deltafw - ok
17:33:55.0487 4700  de_serv - ok
17:33:55.0518 4700  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:33:55.0581 4700  DfsC - ok
17:33:55.0612 4700  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:33:55.0675 4700  Dhcp - ok
17:33:55.0675 4700  DirectUpdate - ok
17:33:55.0690 4700  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:33:55.0737 4700  discache - ok
17:33:55.0768 4700  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:33:55.0799 4700  Disk - ok
17:33:55.0815 4700  dkeysync - ok
17:33:55.0815 4700  dktknsrv - ok
17:33:55.0831 4700  dladresn - ok
17:33:55.0831 4700  dlapoolm - ok
17:33:55.0831 4700  dlartl_n - ok
17:33:55.0831 4700  dlbx_device - ok
17:33:55.0831 4700  dlcc_device - ok
17:33:55.0846 4700  dlcf_device - ok
17:33:55.0846 4700  dlcj_device - ok
17:33:55.0846 4700  dmprimer - ok
17:33:55.0877 4700  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:33:55.0940 4700  Dnscache - ok
17:33:55.0940 4700  dnsexit - ok
17:33:55.0971 4700  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:33:56.0034 4700  dot3svc - ok
17:33:56.0034 4700  dot4 - ok
17:33:56.0034 4700  downloadmanagerlite - ok
17:33:56.0034 4700  dpc_srv_webcast - ok
17:33:56.0065 4700  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
17:33:56.0127 4700  DPS - ok
17:33:56.0158 4700  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:33:56.0190 4700  drmkaud - ok
17:33:56.0205 4700  drvnddm - ok
17:33:56.0236 4700  ds1 - ok
17:33:56.0252 4700  dsunidrv - ok
17:33:56.0252 4700  dtsrvc - ok
17:33:56.0252 4700  dwmrcs - ok
17:33:56.0283 4700  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:33:56.0330 4700  DXGKrnl - ok
17:33:56.0346 4700  e1000 - ok
17:33:56.0377 4700  [ 20C70A4226C9A066D2EAD0C814083A95 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
17:33:56.0408 4700  e1kexpress - ok
17:33:56.0424 4700  EACSvrMngr - ok
17:33:56.0439 4700  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
17:33:56.0502 4700  EapHost - ok
17:33:56.0502 4700  easdrv - ok
17:33:56.0580 4700  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
17:33:56.0798 4700  ebdrv - ok
17:33:56.0814 4700  edspport - ok
17:33:56.0830 4700  eectrl - ok
17:33:56.0830 4700  eeyeevnt - ok
17:33:56.0845 4700  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
17:33:56.0923 4700  EFS - ok
17:33:56.0986 4700  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:33:57.0095 4700  ehRecvr - ok
17:33:57.0095 4700  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
17:33:57.0173 4700  ehSched - ok
17:33:57.0189 4700  EIO_XP - ok
17:33:57.0189 4700  EL90X - ok
17:33:57.0189 4700  elaunidr - ok
17:33:57.0189 4700  eliservice - ok
17:33:57.0235 4700  [ 05CC05C83EFAE4E98EEAE223DC22234F ] eLoggerSvc6    C:\Program Files\Norman\Npm\Bin\elogsvc.exe
17:33:57.0329 4700  eLoggerSvc6 - ok
17:33:57.0345 4700  elotouchscreen - ok
17:33:57.0345 4700  elservice - ok
17:33:57.0376 4700  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
17:33:57.0423 4700  elxstor - ok
17:33:57.0438 4700  emAudio - ok
17:33:57.0438 4700  emitray - ok
17:33:57.0438 4700  emproxy - ok
17:33:57.0438 4700  entech - ok
17:33:57.0454 4700  Epfwndis - ok
17:33:57.0454 4700  epgspooler - ok
17:33:57.0454 4700  Eplpdx02 - ok
17:33:57.0470 4700  EpmPsd - ok
17:33:57.0470 4700  EPOWER - ok
17:33:57.0470 4700  epsonbidirectionalagent - ok
17:33:57.0470 4700  epstnt01 - ok
17:33:57.0470 4700  erecoveryservice - ok
17:33:57.0485 4700  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:33:57.0516 4700  ErrDev - ok
17:33:57.0532 4700  ersvc - ok
17:33:57.0532 4700  eventclientmultiplexer - ok
17:33:57.0563 4700  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
17:33:57.0594 4700  EventSystem - ok
17:33:57.0594 4700  evteng - ok
17:33:57.0626 4700  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
17:33:57.0672 4700  exfat - ok
17:33:57.0688 4700  Exportit - ok
17:33:57.0688 4700  F700iob - ok
17:33:57.0688 4700  F700ius - ok
17:33:57.0688 4700  fallback - ok
17:33:57.0735 4700  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:33:57.0797 4700  fastfat - ok
17:33:57.0813 4700  fasttrackinstallerservice - ok
17:33:57.0813 4700  fastuserswitchingcompatibility - ok
17:33:57.0829 4700  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
17:33:57.0875 4700  Fax - ok
17:33:57.0907 4700  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:33:57.0938 4700  fdc - ok
17:33:57.0953 4700  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
17:33:58.0000 4700  fdPHost - ok
17:33:58.0016 4700  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:33:58.0063 4700  FDResPub - ok
17:33:58.0078 4700  fetnd5bv - ok
17:33:58.0078 4700  FETNDIS - ok
17:33:58.0078 4700  filechecker - ok
17:33:58.0094 4700  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:33:58.0125 4700  FileInfo - ok
17:33:58.0125 4700  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:33:58.0188 4700  Filetrace - ok
17:33:58.0203 4700  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:58.0234 4700  flpydisk - ok
17:33:58.0266 4700  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:33:58.0297 4700  FltMgr - ok
17:33:58.0328 4700  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
17:33:58.0468 4700  FontCache - ok
17:33:58.0531 4700  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:33:58.0562 4700  FontCache3.0.0.0 - ok
17:33:58.0562 4700  Freedom - ok
17:33:58.0593 4700  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
17:33:58.0609 4700  FsDepends - ok
17:33:58.0625 4700  fshttps - ok
17:33:58.0625 4700  fsssvc - ok
17:33:58.0640 4700  FsVga - ok
17:33:58.0640 4700  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:33:58.0671 4700  Fs_Rec - ok
17:33:58.0687 4700  FTDIBUS - ok
17:33:58.0687 4700  ftpds - ok
17:33:58.0687 4700  ftpqueue - ok
17:33:58.0703 4700  FTSER2K - ok
17:33:58.0734 4700  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:33:58.0765 4700  fvevol - ok
17:33:58.0765 4700  FVNETusb - ok
17:33:58.0781 4700  FVXSCSI - ok
17:33:58.0796 4700  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:33:58.0827 4700  gagp30kx - ok
17:33:58.0827 4700  gbpoll - ok
17:33:58.0827 4700  gdihook5 - ok
17:33:58.0843 4700  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:33:58.0874 4700  GEARAspiWDM - ok
17:33:58.0874 4700  GENERICDRV - ok
17:33:58.0874 4700  [ B89CFBE8CB247B57D8C10ADAA66B462B ] genmcmn        C:\Windows\system32\se44unic.dll
17:33:58.0890 4700  Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:33:58.0890 4700  genmcmn ( Backdoor.Multi.ZAccess.gen ) - infected
17:33:58.0890 4700  genmcmn - detected Backdoor.Multi.ZAccess.gen (0)
17:33:58.0890 4700  ghostsec - ok
17:33:58.0890 4700  giveio - ok
17:33:58.0890 4700  GMSIPCI - ok
17:33:58.0906 4700  googledesktopmanager - ok
17:33:58.0906 4700  gpc - ok
17:33:58.0937 4700  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
17:33:58.0999 4700  gpsvc - ok
17:33:58.0999 4700  gtndis5 - ok
17:33:58.0999 4700  GTPTSER - ok
17:33:59.0015 4700  guardian2 - ok
17:33:59.0046 4700  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:59.0186 4700  gupdate - ok
17:33:59.0202 4700  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:59.0218 4700  gupdatem - ok
17:33:59.0249 4700  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:59.0389 4700  gusvc - ok
17:33:59.0389 4700  gv3 - ok
17:33:59.0405 4700  GVCplDrv - ok
17:33:59.0405 4700  hap17v2k - ok
17:33:59.0405 4700  HBtnKey - ok
17:33:59.0436 4700  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:33:59.0483 4700  hcw85cir - ok
17:33:59.0530 4700  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:59.0577 4700  HdAudAddService - ok
17:33:59.0592 4700  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:33:59.0655 4700  HDAudBus - ok
17:33:59.0670 4700  [ 88A67C34E37186665E916FD347B50D19 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
17:33:59.0717 4700  HECI - ok
17:33:59.0733 4700  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
17:33:59.0764 4700  HidBatt - ok
17:33:59.0780 4700  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:33:59.0826 4700  HidBth - ok
17:33:59.0826 4700  hidgame - ok
17:33:59.0858 4700  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
17:33:59.0889 4700  HidIr - ok
17:33:59.0920 4700  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
17:33:59.0983 4700  hidserv - ok
17:34:00.0014 4700  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:34:00.0045 4700  HidUsb - ok
17:34:00.0076 4700  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:34:00.0139 4700  hkmsvc - ok
17:34:00.0139 4700  hnmsvc - ok
17:34:00.0154 4700  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:34:00.0279 4700  HomeGroupListener - ok
17:34:00.0295 4700  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:34:00.0326 4700  HomeGroupProvider - ok
17:34:00.0357 4700  houdiniserver - ok
17:34:00.0404 4700  [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:34:00.0435 4700  HP Support Assistant Service - ok
17:34:00.0435 4700  hpci - ok
17:34:00.0482 4700  [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:34:00.0529 4700  HPDrvMntSvc.exe - ok
17:34:00.0529 4700  hpqddsvc - ok
17:34:00.0529 4700  hpqwmi - ok
17:34:00.0576 4700  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:34:00.0747 4700  hpqwmiex - ok
17:34:00.0779 4700  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:34:00.0810 4700  HpSAMD - ok
17:34:00.0810 4700  hpt3xx - ok
17:34:00.0825 4700  hsf_msft - ok
17:34:00.0825 4700  HssSrv - ok
17:34:00.0872 4700  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:34:00.0935 4700  HTTP - ok
17:34:00.0950 4700  httpfilter - ok
17:34:00.0950 4700  https-admserv61 - ok
17:34:00.0966 4700  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:34:00.0981 4700  hwpolicy - ok
17:34:01.0028 4700  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:34:01.0043 4700  i8042prt - ok
17:34:01.0108 4700  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\drivers\iastor.sys
17:34:01.0108 4700  iaStor - ok
17:34:01.0124 4700  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
17:34:01.0185 4700  iaStorV - ok
17:34:01.0185 4700  ibmsmbus - ok
17:34:01.0185 4700  IBM_LLC2 - ok
17:34:01.0201 4700  icam4usb - ok
17:34:01.0201 4700  ICAM5USB - ok
17:34:01.0201 4700  iclarityqosservice - ok
17:34:01.0216 4700  idebusdr - ok
17:34:01.0216 4700  idisw2km - ok
17:34:01.0249 4700  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:34:01.0366 4700  idsvc - ok
17:34:01.0510 4700  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:34:02.0143 4700  igfx - ok
17:34:02.0174 4700  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
17:34:02.0206 4700  iirsp - ok
17:34:02.0221 4700  iisadmin - ok
17:34:02.0252 4700  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:34:02.0362 4700  IKEEXT - ok
17:34:02.0362 4700  ikfilesec - ok
17:34:02.0377 4700  imap4d32 - ok
17:34:02.0377 4700  imonitor - ok
17:34:02.0393 4700  incdrec - ok
17:34:02.0393 4700  inspect - ok
17:34:02.0455 4700  [ D0A6C0CEB3B74A91884F804FF4F031C0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:34:02.0549 4700  IntcAzAudAddService - ok
17:34:02.0549 4700  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:34:02.0580 4700  intelide - ok
17:34:02.0611 4700  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:34:02.0643 4700  intelppm - ok
17:34:02.0643 4700  InterBaseGuardian - ok
17:34:02.0658 4700  iomdisk - ok
17:34:02.0658 4700  ip6fw - ok
17:34:02.0674 4700  ipahelper.exe - ok
17:34:02.0674 4700  iPassP - ok
17:34:02.0689 4700  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:34:02.0736 4700  IPBusEnum - ok
17:34:02.0752 4700  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:02.0814 4700  IpFilterDriver - ok
17:34:02.0830 4700  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
17:34:02.0861 4700  IPMIDRV - ok
17:34:02.0877 4700  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
17:34:02.0924 4700  IPNAT - ok
17:34:02.0955 4700  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:34:02.0970 4700  iPod Service - ok
17:34:02.0986 4700  IPSECSHM - ok
17:34:02.0986 4700  ipsraidn - ok
17:34:03.0002 4700  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:34:03.0064 4700  IRENUM - ok
17:34:03.0080 4700  irsir - ok
17:34:03.0080 4700  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:34:03.0111 4700  isapnp - ok
17:34:03.0111 4700  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:34:03.0158 4700  iScsiPrt - ok
17:34:03.0173 4700  isdrv120 - ok
17:34:03.0173 4700  ispwdsvc - ok
17:34:03.0173 4700  issvc - ok
17:34:03.0189 4700  iteatapi - ok
17:34:03.0204 4700  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:34:03.0329 4700  IviRegMgr - ok
17:34:03.0329 4700  ixiaendpoint - ok
17:34:03.0345 4700  JGOGO - ok
17:34:03.0345 4700  JRAID - ok
17:34:03.0345 4700  jsdaemon - ok
17:34:03.0361 4700  k750mgmt - ok
17:34:03.0361 4700  kavsvc - ok
17:34:03.0376 4700  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:34:03.0407 4700  kbdclass - ok
17:34:03.0423 4700  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:34:03.0470 4700  kbdhid - ok
17:34:03.0470 4700  kbstuff - ok
17:34:03.0470 4700  kerbkey - ok
17:34:03.0501 4700  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:34:03.0501 4700  KeyIso - ok
17:34:03.0501 4700  klif - ok
17:34:03.0517 4700  kpf4 - ok
17:34:03.0517 4700  kpfwsvc - ok
17:34:03.0532 4700  KR3NPXP - ok
17:34:03.0548 4700  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:34:03.0579 4700  KSecDD - ok
17:34:03.0595 4700  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
17:34:03.0642 4700  KSecPkg - ok
17:34:03.0642 4700  ksthunk - ok
17:34:03.0673 4700  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:34:03.0735 4700  KtmRm - ok
17:34:03.0735 4700  L6POD - ok
17:34:03.0782 4700  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:34:03.0844 4700  LanmanServer - ok
17:34:03.0876 4700  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:34:03.0954 4700  LanmanWorkstation - ok
17:34:03.0954 4700  lbrtfdc - ok
17:34:03.0969 4700  lbtserv - ok
17:34:03.0985 4700  LEX_AS_NIC_SERVICE_YNOS - ok
17:34:03.0985 4700  lhidflt2 - ok
17:34:03.0985 4700  LHidKe - ok
17:34:04.0001 4700  lhidusb - ok
17:34:04.0001 4700  livesrv - ok
17:34:04.0001 4700  liveupdate - ok
17:34:04.0016 4700  LKbdFlt2 - ok
17:34:04.0032 4700  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:34:04.0079 4700  lltdio - ok
17:34:04.0110 4700  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:34:04.0157 4700  lltdsvc - ok
17:34:04.0172 4700  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:34:04.0203 4700  lmhosts - ok
17:34:04.0203 4700  LMIRfsClientNP - ok
17:34:04.0219 4700  lmouflt2 - ok
17:34:04.0250 4700  [ 2763A02188FFB04287F5034EC5B6B451 ] LMS            C:\Program Files\Intel\AMT\LMS.exe
17:34:04.0438 4700  LMS - ok
17:34:04.0453 4700  lockmgr - ok
17:34:04.0453 4700  LoopBeMidi1 - ok
17:34:04.0453 4700  lp6nds35 - ok
17:34:04.0469 4700  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:34:04.0500 4700  LSI_FC - ok
17:34:04.0531 4700  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
17:34:04.0562 4700  LSI_SAS - ok
17:34:04.0578 4700  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:34:04.0609 4700  LSI_SAS2 - ok
17:34:04.0625 4700  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:34:04.0672 4700  LSI_SCSI - ok
17:34:04.0672 4700  ltck000c - ok
17:34:04.0687 4700  ltmodem5 - ok
17:34:04.0703 4700  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
17:34:04.0750 4700  luafv - ok
17:34:04.0765 4700  LUsbFilt - ok
17:34:04.0781 4700  LVCap138 - ok
17:34:04.0781 4700  lvckap - ok
17:34:04.0781 4700  lvhidsvc - ok
17:34:04.0797 4700  lxbs_device - ok
17:34:04.0797 4700  lxbt_device - ok
17:34:04.0797 4700  lxda_device - ok
17:34:04.0812 4700  lyncusbserv - ok
17:34:04.0812 4700  MA-620 - ok
17:34:04.0812 4700  MA8032U - ok
17:34:04.0812 4700  MagicTune - ok
17:34:04.0828 4700  magictuneengine - ok
17:34:04.0828 4700  MailService - ok
17:34:04.0843 4700  MASPINT - ok
17:34:04.0843 4700  matlabserver - ok
17:34:04.0843 4700  MA_CMIDI - ok
17:34:04.0843 4700  mbr - ok
17:34:04.0875 4700  mcmscsvc - ok
17:34:04.0875 4700  mcnasvc - ok
17:34:04.0890 4700  mcontrol - ok
17:34:04.0890 4700  mcredirector - ok
17:34:04.0890 4700  mcstrm - ok
17:34:04.0906 4700  mcsysmon - ok
17:34:04.0906 4700  mctaskmanager - ok
17:34:04.0921 4700  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:34:04.0954 4700  Mcx2Svc - ok
17:34:04.0969 4700  mdc8021x - ok
17:34:04.0969 4700  mdm - ok
17:34:04.0969 4700  mediamaxxlservice - ok
17:34:05.0000 4700  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
17:34:05.0016 4700  megasas - ok
17:34:05.0047 4700  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:34:05.0094 4700  MegaSR - ok
17:34:05.0110 4700  mfeavfk - ok
17:34:05.0110 4700  mfetdik - ok
17:34:05.0110 4700  mhndrv - ok
17:34:05.0172 4700  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:34:05.0219 4700  Microsoft Office Groove Audit Service - ok
17:34:05.0219 4700  mlkkbdntdriver - ok
17:34:05.0250 4700  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
17:34:05.0297 4700  MMCSS - ok
17:34:05.0297 4700  MMRTKRNL - ok
17:34:05.0328 4700  mnmdd - ok
17:34:05.0344 4700  mnsframework - ok
17:34:05.0359 4700  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
17:34:05.0406 4700  Modem - ok
17:34:05.0406 4700  modemcsa - ok
17:34:05.0437 4700  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:34:05.0469 4700  monitor - ok
17:34:05.0469 4700  motoswitchservice - ok
17:34:05.0484 4700  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:34:05.0516 4700  mouclass - ok
17:34:05.0547 4700  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:34:05.0578 4700  mouhid - ok
17:34:05.0594 4700  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:34:05.0625 4700  mountmgr - ok
17:34:05.0640 4700  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:34:05.0687 4700  mpio - ok
17:34:05.0703 4700  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:34:05.0750 4700  mpsdrv - ok
17:34:05.0765 4700  MREMP50a64 - ok
17:34:05.0765 4700  mrpostman - ok
17:34:05.0765 4700  MRV6X32P - ok
17:34:05.0796 4700  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:34:05.0843 4700  MRxDAV - ok
17:34:05.0859 4700  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:05.0921 4700  mrxsmb - ok
17:34:05.0937 4700  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:05.0999 4700  mrxsmb10 - ok
17:34:06.0015 4700  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:06.0062 4700  mrxsmb20 - ok
17:34:06.0062 4700  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:34:06.0093 4700  msahci - ok
17:34:06.0109 4700  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:34:06.0140 4700  msdsm - ok
17:34:06.0155 4700  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
17:34:06.0218 4700  MSDTC - ok
17:34:06.0234 4700  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:34:06.0280 4700  Msfs - ok
17:34:06.0280 4700  msftpsvc - ok
17:34:06.0280 4700  MSFWDrv - ok
17:34:06.0296 4700  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
17:34:06.0343 4700  mshidkmdf - ok
17:34:06.0374 4700  MSIRCOMM - ok
17:34:06.0374 4700  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:34:06.0405 4700  msisadrv - ok
17:34:06.0436 4700  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:34:06.0483 4700  MSiSCSI - ok
17:34:06.0483 4700  msiserver - ok
17:34:06.0530 4700  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:34:06.0577 4700  MSKSSRV - ok
17:34:06.0593 4700  msloop - ok
17:34:06.0593 4700  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:06.0639 4700  MSPCLOCK - ok
17:34:06.0655 4700  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:34:06.0702 4700  MSPQM - ok
17:34:06.0717 4700  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:34:06.0749 4700  MsRPC - ok
17:34:06.0749 4700  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:34:06.0764 4700  mssmbios - ok
17:34:06.0780 4700  MSSQL$AUTODESKVAULT - ok
17:34:06.0780 4700  mssql$sqlexpress - ok
17:34:06.0780 4700  mstdc - ok
17:34:06.0795 4700  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:34:06.0827 4700  MSTEE - ok
17:34:06.0827 4700  msvad_simple - ok
17:34:06.0827 4700  msvsmon90 - ok
17:34:06.0842 4700  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:34:06.0873 4700  MTConfig - ok
17:34:06.0889 4700  Mtlstrm - ok
17:34:06.0889 4700  MtxDma0 - ok
17:34:06.0905 4700  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
17:34:06.0920 4700  Mup - ok
17:34:06.0920 4700  mvdcodec - ok
17:34:06.0936 4700  mwspollserver - ok
17:34:06.0936 4700  mwssched - ok
17:34:06.0952 4700  mwstick - ok
17:34:06.0952 4700  MXOFX - ok
17:34:06.0952 4700  nalntservice - ok
17:34:06.0983 4700  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:34:07.0014 4700  napagent - ok
17:34:07.0061 4700  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:34:07.0139 4700  NativeWifiP - ok
17:34:07.0139 4700  NCPro - ok
17:34:07.0186 4700  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:34:07.0279 4700  NDIS - ok
17:34:07.0311 4700  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
17:34:07.0357 4700  NdisCap - ok
17:34:07.0389 4700  [ 725123F7AEBFEF717E3F26B25B149D7A ] Ndiskio        C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS
17:34:07.0404 4700  Ndiskio - ok
17:34:07.0404 4700  Ndismeetro - ok
17:34:07.0435 4700  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:07.0467 4700  NdisTapi - ok
17:34:07.0498 4700  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:07.0529 4700  Ndisuio - ok
17:34:07.0545 4700  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:07.0591 4700  NdisWan - ok
17:34:07.0607 4700  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:34:07.0670 4700  NDProxy - ok
17:34:07.0670 4700  neokdss - ok
17:34:07.0716 4700  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:34:07.0748 4700  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:07.0748 4700  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:07.0779 4700  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:34:07.0841 4700  NetBIOS - ok
17:34:07.0857 4700  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
17:34:07.0919 4700  NetBT - ok
17:34:07.0919 4700  netddedsdm - ok
17:34:07.0935 4700  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:34:07.0950 4700  Netlogon - ok
17:34:07.0997 4700  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:34:08.0060 4700  Netman - ok
17:34:08.0075 4700  NETMDUSB - ok
17:34:08.0091 4700  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:34:08.0122 4700  netprofm - ok
17:34:08.0138 4700  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:34:08.0169 4700  NetTcpPortSharing - ok
17:34:08.0169 4700  NETw3x32 - ok
17:34:08.0169 4700  NETw5x32 - ok
17:34:08.0169 4700  networkx - ok
17:34:08.0216 4700  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
17:34:08.0247 4700  nfrd960 - ok
17:34:08.0309 4700  [ 0D439F6337ADC15B1393060D108CA8D8 ] NGS            c:\program files\norman\ngs\bin\ngs.sys
17:34:08.0341 4700  NGS - ok
17:34:08.0356 4700  [ AF6AF4685FBA9EF80589B688C231CBAA ] NHS            C:\Program Files\Norman\Nvc\bin\nhs.exe
17:34:08.0544 4700  NHS - ok
17:34:08.0544 4700  nim32 - ok
17:34:08.0544 4700  nimdbgk - ok
17:34:08.0559 4700  nipxirmu - ok
17:34:08.0575 4700  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:34:08.0637 4700  NlaSvc - ok
17:34:08.0637 4700  nm - ok
17:34:08.0653 4700  Nmea - ok
17:34:08.0653 4700  NMSAccessU - ok
17:34:08.0653 4700  nmservice - ok
17:34:08.0668 4700  nmwcdc - ok
17:34:08.0668 4700  nmwcdcm - ok
17:34:08.0684 4700  [ EFB8638C018CD428B9DD78B7F89E2FAF ] NNFSVC          C:\Program Files\Norman\Ngs\Bin\Nnf.exe
17:34:08.0793 4700  NNFSVC - ok
17:34:08.0809 4700  nod32krn - ok
17:34:08.0825 4700  [ C4D2D678F08F11F0EDB3BB4E89CE2B7A ] Norman NJeeves  C:\Program Files\Norman\Npm\Bin\Njeeves.exe
17:34:08.0934 4700  Norman NJeeves - ok
17:34:08.0949 4700  [ 88CA218696CF13B260DB003787AB65AE ] Norman ZANDA    C:\Program Files\Norman\Npm\Bin\Zanda.exe
17:34:09.0105 4700  Norman ZANDA - ok
17:34:09.0121 4700  NOWMEMDF - ok
17:34:09.0121 4700  npapimon - ok
17:34:09.0137 4700  npfmntor - ok
17:34:09.0152 4700  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:34:09.0199 4700  Npfs - ok
17:34:09.0215 4700  npkcmsvc - ok
17:34:09.0215 4700  npkcusb - ok
17:34:09.0246 4700  [ 0FDDFE0CF41B5EB87689E465E34DDD18 ] NPROSEC        C:\Program Files\Norman\Ngs\Bin\nprosec.sys
17:34:09.0277 4700  NPROSEC - ok
17:34:09.0293 4700  [ A7C274DAB79D0F50BD4202A678684A71 ] NPROSECSVC      C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
17:34:09.0386 4700  NPROSECSVC - ok
17:34:09.0402 4700  [ 82A058999D0CFB5C285FC22856E235C2 ] nregsec        C:\Program Files\Norman\Ngs\Bin\nregsec.sys
17:34:09.0433 4700  nregsec - ok
17:34:09.0433 4700  nsctop - ok
17:34:09.0449 4700  [ 8634779EC283D55EEAFA9101733C6E93 ] nsesvc          C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
17:34:09.0574 4700  nsesvc - ok
17:34:09.0605 4700  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
17:34:09.0667 4700  nsi - ok
17:34:09.0683 4700  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:34:09.0730 4700  nsiproxy - ok
17:34:09.0745 4700  nsysaudm - ok
17:34:09.0792 4700  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:34:09.0917 4700  Ntfs - ok
17:34:09.0917 4700  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:34:09.0964 4700  Null - ok
17:34:09.0964 4700  nvax - ok
17:34:09.0995 4700  [ 464F8915E1D9E831D807ECD7B195423D ] NvcMFlt        C:\Windows\system32\DRIVERS\nvcv32mf.sys
17:34:10.0011 4700  NvcMFlt - ok
17:34:10.0042 4700  [ FF04B683F1260468789804C95077E1D4 ] nvcoas          C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
17:34:10.0167 4700  nvcoas - ok
17:34:10.0198 4700  [ 98CDB972FD946B904CD1C6D5ECF2E878 ] NVOY            C:\Program Files\Norman\npm\bin\nvoy.exe
17:34:10.0261 4700  NVOY - ok
17:34:10.0276 4700  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:34:10.0323 4700  nvraid - ok
17:34:10.0339 4700  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:34:10.0385 4700  nvstor - ok
17:34:10.0401 4700  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:34:10.0448 4700  nv_agp - ok
17:34:10.0448 4700  nwlnkspx - ok
17:34:10.0448 4700  nwrdr - ok
17:34:10.0448 4700  NwSapAgent - ok
17:34:10.0463 4700  NWUSBPort - ok
17:34:10.0463 4700  NxNetMon - ok
17:34:10.0510 4700  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:34:10.0573 4700  odserv - ok
17:34:10.0573 4700  odysseyIM3 - ok
17:34:10.0588 4700  OEM02Afx - ok
17:34:10.0588 4700  OEM02Dev - ok
17:34:10.0604 4700  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:34:10.0651 4700  ohci1394 - ok
17:34:10.0651 4700  omci - ok
17:34:10.0651 4700  omniinet - ok
17:34:10.0651 4700  omniusbl - ok
17:34:10.0666 4700  omsad - ok
17:34:10.0666 4700  oracleoradb10g_home1isql*plus - ok
17:34:10.0666 4700  oracleorahomeagent - ok
17:34:10.0666 4700  oracleorahomemanagementserver - ok
17:34:10.0698 4700  oracleorahomepagingserver - ok
17:34:10.0698 4700  oracleorahometnslistener - ok
17:34:10.0698 4700  oracle_load_balancer_60_client-forms6i - ok
17:34:10.0713 4700  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:10.0760 4700  ose - ok
17:34:10.0760 4700  p1131vid - ok
17:34:10.0760 4700  p17xfilt - ok
17:34:10.0791 4700  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:34:10.0854 4700  p2pimsvc - ok
17:34:10.0885 4700  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:34:10.0947 4700  p2psvc - ok
17:34:10.0947 4700  parallel - ok
17:34:10.0979 4700  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
17:34:11.0010 4700  Parport - ok
17:34:11.0025 4700  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:34:11.0057 4700  partmgr - ok
17:34:11.0072 4700  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:34:11.0103 4700  Parvdm - ok
17:34:11.0103 4700  patrolagent - ok
17:34:11.0119 4700  pavprsrv - ok
17:34:11.0135 4700  pav_security - ok
17:34:11.0150 4700  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:34:11.0181 4700  PcaSvc - ok
17:34:11.0181 4700  pchost - ok
17:34:11.0197 4700  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
17:34:11.0228 4700  pci - ok
17:34:11.0244 4700  pcidrv - ok
17:34:11.0259 4700  pcidump - ok
17:34:11.0259 4700  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:34:11.0291 4700  pciide - ok
17:34:11.0291 4700  pciSd - ok
17:34:11.0322 4700  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:34:11.0353 4700  pcmcia - ok
17:34:11.0353 4700  pcouffin - ok
17:34:11.0353 4700  pcradminserver - ok
17:34:11.0369 4700  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
17:34:11.0384 4700  pcw - ok
17:34:11.0400 4700  pcx1unic - ok
17:34:11.0400 4700  pdengine - ok
17:34:11.0416 4700  pdfcDispatcher - ok
17:34:11.0416 4700  pdfcreatormessages - ok
17:34:11.0416 4700  pdlnafac - ok
17:34:11.0431 4700  pdlndint - ok
17:34:11.0447 4700  pdlnebas - ok
17:34:11.0447 4700  pdlnslea - ok
17:34:11.0447 4700  pdlnsv25 - ok
17:34:11.0462 4700  pdscheduler - ok
17:34:11.0478 4700  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:34:11.0572 4700  PEAUTH - ok
17:34:11.0603 4700  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
17:34:11.0775 4700  PeerDistSvc - ok
17:34:11.0775 4700  penrendezvous - ok
17:34:11.0790 4700  persfw - ok
17:34:11.0806 4700  pfmodnt - ok
17:34:11.0806 4700  PhilCam8116_XP - ok
17:34:11.0806 4700  phnxvcdservice - ok
17:34:11.0806 4700  pid_0928 - ok
17:34:11.0821 4700  pinetmgr - ok
17:34:11.0821 4700  pinnaclesys.mediaserver - ok
17:34:11.0868 4700  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
17:34:11.0977 4700  pla - ok
17:34:12.0024 4700  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:34:12.0102 4700  PlugPlay - ok
17:34:12.0102 4700  pmem - ok
17:34:12.0118 4700  pml - ok
17:34:12.0149 4700  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:34:12.0196 4700  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:12.0196 4700  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:12.0212 4700  pmounter - ok
17:34:12.0212 4700  pnkbstrk - ok
17:34:12.0212 4700  pnmsrv - ok
17:34:12.0227 4700  pnrouter - ok
17:34:12.0243 4700  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
17:34:12.0305 4700  PNRPAutoReg - ok
17:34:12.0336 4700  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
17:34:12.0352 4700  PNRPsvc - ok
17:34:12.0368 4700  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:34:12.0430 4700  PolicyAgent - ok
17:34:12.0446 4700  pop3d32 - ok
17:34:12.0477 4700  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
17:34:12.0524 4700  Power - ok
17:34:12.0524 4700  ppmoucls - ok
17:34:12.0524 4700  PPPoEWin - ok
17:34:12.0555 4700  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:34:12.0633 4700  PptpMiniport - ok
17:34:12.0633 4700  prepdrvr - ok
17:34:12.0649 4700  prevxagent - ok
17:34:12.0680 4700  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
17:34:12.0727 4700  Processor - ok
17:34:12.0727 4700  procmon10 - ok
17:34:12.0727 4700  profos - ok
17:34:12.0773 4700  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
17:34:12.0836 4700  ProfSvc - ok
17:34:12.0852 4700  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:12.0867 4700  ProtectedStorage - ok
17:34:12.0867 4700  proxyhostdriver - ok
17:34:12.0867 4700  proxyhostservice - ok
17:34:12.0898 4700  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:34:12.0945 4700  Psched - ok
17:34:12.0945 4700  psdvdisk - ok
17:34:12.0976 4700  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2      C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:34:13.0070 4700  PSI_SVC_2 - ok
17:34:13.0086 4700  PSSdk23 - ok
17:34:13.0086 4700  ptilink - ok
17:34:13.0086 4700  PTproct - ok
17:34:13.0086 4700  ptserial - ok
17:34:13.0101 4700  pwkntmon - ok
17:34:13.0101 4700  pxfhmdm - ok
17:34:13.0101 4700  pxfhserd - ok
17:34:13.0117 4700  qcdonner - ok
17:34:13.0117 4700  qkbfiltr - ok
17:34:13.0148 4700  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:34:13.0242 4700  ql2300 - ok
17:34:13.0273 4700  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:34:13.0320 4700  ql40xx - ok
17:34:13.0320 4700  qmofiltr - ok
17:34:13.0320 4700  qserver - ok
17:34:13.0320 4700  quickbooksdb - ok
17:34:13.0335 4700  QV2KUX - ok
17:34:13.0367 4700  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
17:34:13.0413 4700  QWAVE - ok
17:34:13.0429 4700  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:34:13.0460 4700  QWAVEdrv - ok
17:34:13.0460 4700  R300 - ok
17:34:13.0491 4700  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:34:13.0523 4700  RasAcd - ok
17:34:13.0570 4700  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:13.0616 4700  RasAgileVpn - ok
17:34:13.0648 4700  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
17:34:13.0694 4700  RasAuto - ok
17:34:13.0710 4700  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:13.0757 4700  Rasl2tp - ok
17:34:13.0788 4700  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:34:13.0835 4700  RasMan - ok
17:34:13.0850 4700  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:13.0882 4700  RasPppoe - ok
17:34:13.0913 4700  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:34:13.0960 4700  RasSstp - ok
17:34:13.0960 4700  Rawwan - ok
17:34:13.0975 4700  raysatxsi5_0server - ok
17:34:13.0975 4700  rbfilter - ok
17:34:14.0007 4700  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:34:14.0069 4700  rdbss - ok
17:34:14.0085 4700  RDID1007 - ok
17:34:14.0100 4700  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:34:14.0131 4700  rdpbus - ok
17:34:14.0147 4700  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:14.0194 4700  RDPCDD - ok
17:34:14.0209 4700  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
17:34:14.0272 4700  RDPDR - ok
17:34:14.0288 4700  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:34:14.0350 4700  RDPENCDD - ok
17:34:14.0366 4700  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:34:14.0412 4700  RDPREFMP - ok
17:34:14.0444 4700  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:34:14.0490 4700  RdpVideoMiniport - ok
17:34:14.0506 4700  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:34:14.0584 4700  RDPWD - ok
17:34:14.0600 4700  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:34:14.0647 4700  rdyboost - ok
17:34:14.0647 4700  regdefend - ok
17:34:14.0693 4700  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
17:34:14.0709 4700  regi - ok
17:34:14.0725 4700  regmon701 - ok
17:34:14.0725 4700  regsrvc - ok
17:34:14.0725 4700  relational - ok
17:34:14.0756 4700  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:34:14.0803 4700  RemoteAccess - ok
17:34:14.0834 4700  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:34:14.0896 4700  RemoteRegistry - ok
17:34:14.0896 4700  retrowdsvc - ok
17:34:14.0896 4700  RIOXDRV - ok
17:34:14.0912 4700  risdptsk - ok
17:34:14.0912 4700  rismxdp - ok
17:34:14.0912 4700  rksample - ok
17:34:14.0912 4700  rnadiagnosticsservice - ok
17:34:14.0927 4700  rnadirmultiplexor - ok
17:34:14.0959 4700  [ F7B9D92BFEAB3209070A43157BCBE765 ] ROCKEYNT        C:\Windows\system32\DRIVERS\Rockey4.sys
17:34:14.0990 4700  ROCKEYNT - ok
17:34:15.0021 4700  [ 6C181380C7C0AEF128B59C1B300EF53E ] Rockey_USB      C:\Windows\system32\DRIVERS\Rockey4USB.sys
17:34:15.0052 4700  Rockey_USB - ok
17:34:15.0052 4700  roxliveshare - ok
17:34:15.0068 4700  roxupnpserver - ok
17:34:15.0068 4700  rpcapd - ok
17:34:15.0099 4700  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:34:15.0146 4700  RpcEptMapper - ok
17:34:15.0177 4700  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:34:15.0224 4700  RpcLocator - ok
17:34:15.0224 4700  rpcnet - ok
17:34:15.0240 4700  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
17:34:15.0271 4700  RpcSs - ok
17:34:15.0271 4700  rpskt - ok
17:34:15.0271 4700  rpsupdaterr - ok
17:34:15.0286 4700  RR2Vbi - ok
17:34:15.0286 4700  rrrspy - ok
17:34:15.0302 4700  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:34:15.0364 4700  rspndr - ok
17:34:15.0364 4700  RT25USBAP - ok
17:34:15.0364 4700  rt2870 - ok
17:34:15.0364 4700  rtl8139 - ok
17:34:15.0380 4700  rtm - ok
17:34:15.0380 4700  rxfilter - ok
17:34:15.0380 4700  s117mdm - ok
17:34:15.0396 4700  s117unic - ok
17:34:15.0396 4700  s125mdm - ok
17:34:15.0396 4700  s125obex - ok
17:34:15.0396 4700  s217mgmt - ok
17:34:15.0411 4700  s217nd5 - ok
17:34:15.0427 4700  s217obex - ok
17:34:15.0458 4700  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
17:34:15.0505 4700  s3cap - ok
17:34:15.0521 4700  S3GIGP - ok
17:34:15.0521 4700  s3savagemx - ok
17:34:15.0521 4700  s616mdm - ok
17:34:15.0536 4700  s716mdfl - ok
17:34:15.0536 4700  s716mgmt - ok
17:34:15.0536 4700  SaiNtSub - ok
17:34:15.0552 4700  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
17:34:15.0567 4700  SamSs - ok
17:34:15.0567 4700  savscan - ok
17:34:15.0567 4700  sbcssvc - ok
17:34:15.0599 4700  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:34:15.0630 4700  sbp2port - ok
17:34:15.0692 4700  [ 55C1E4FDFD62A48FB5A2CE25F3AA8AE8 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:34:15.0864 4700  SBSDWSCService - ok
17:34:15.0864 4700  scanexplicit - ok
17:34:15.0880 4700  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:34:15.0942 4700  SCardSvr - ok
17:34:15.0973 4700  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:34:16.0020 4700  scfilter - ok
17:34:16.0051 4700  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:34:16.0129 4700  Schedule - ok
17:34:16.0145 4700  [ 5FD85727E19476C24ACB8E7BFFBCE26C ] Scheduler      C:\Program Files\Norman\Npm\Bin\scheduler.exe
17:34:16.0239 4700  Scheduler - ok
17:34:16.0270 4700  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:34:16.0285 4700  SCPolicySvc - ok
17:34:16.0285 4700  ScsiPort - ok
17:34:16.0301 4700  scsk4 - ok
17:34:16.0301 4700  sdcoreservice - ok
17:34:16.0301 4700  SDdriver - ok
17:34:16.0332 4700  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:34:16.0395 4700  SDRSVC - ok
17:34:16.0395 4700  SE26obex - ok
17:34:16.0395 4700  se27nd5 - ok
17:34:16.0395 4700  SE27obex - ok
17:34:16.0410 4700  SE2Bmdm - ok
17:34:16.0410 4700  SE2Cmdfl - ok
17:34:16.0410 4700  SE2Dmdfl - ok
17:34:16.0426 4700  SE2Dmdm - ok
17:34:16.0426 4700  se2Dunic - ok
17:34:16.0426 4700  SE2Ebus - ok
17:34:16.0426 4700  se44bus - ok
17:34:16.0441 4700  se45nd5 - ok
17:34:16.0441 4700  se45unic - ok
17:34:16.0441 4700  se59bus - ok
17:34:16.0473 4700  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:34:16.0520 4700  secdrv - ok
17:34:16.0535 4700  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:34:16.0598 4700  seclogon - ok
17:34:16.0598 4700  SED133x - ok
17:34:16.0613 4700  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:34:16.0660 4700  SENS - ok
17:34:16.0691 4700  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:34:16.0754 4700  SensrSvc - ok
17:34:16.0769 4700  ser2pl - ok
17:34:16.0769 4700  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:34:16.0816 4700  Serenum - ok
17:34:16.0832 4700  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:34:16.0863 4700  Serial - ok
17:34:16.0894 4700  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:34:16.0925 4700  sermouse - ok
17:34:16.0925 4700  servicemgr - ok
17:34:16.0925 4700  servidor - ok
17:34:16.0957 4700  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:34:17.0019 4700  SessionEnv - ok
17:34:17.0050 4700  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:34:17.0081 4700  sffdisk - ok
17:34:17.0097 4700  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:34:17.0113 4700  sffp_mmc - ok
17:34:17.0128 4700  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:34:17.0159 4700  sffp_sd - ok
17:34:17.0175 4700  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:17.0222 4700  sfloppy - ok
17:34:17.0222 4700  sfman - ok
17:34:17.0222 4700  sfsync02 - ok
17:34:17.0222 4700  sglfb - ok
17:34:17.0269 4700  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:34:17.0316 4700  SharedAccess - ok
17:34:17.0316 4700  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:17.0378 4700  ShellHWDetection - ok
17:34:17.0394 4700  shuttleengine - ok
17:34:17.0409 4700  si3114r - ok
17:34:17.0409 4700  SiS7018 - ok
17:34:17.0425 4700  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:34:17.0456 4700  sisagp - ok
17:34:17.0456 4700  SISNICXP - ok
17:34:17.0472 4700  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:34:17.0503 4700  SiSRaid2 - ok
17:34:17.0534 4700  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:34:17.0565 4700  SiSRaid4 - ok
17:34:17.0581 4700  sit_bus - ok
17:34:17.0581 4700  sit_mdm - ok
17:34:17.0690 4700  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:34:18.0065 4700  Skype C2C Service - ok
17:34:18.0112 4700  [ EF3B592545676301CDEB7C2609EED7BF ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
17:34:18.0268 4700  SkypeUpdate - ok
17:34:18.0283 4700  slapd-data52 - ok
17:34:18.0283 4700  slave - ok
17:34:18.0283 4700  sleepy - ok
17:34:18.0299 4700  slee_503_service - ok
17:34:18.0299 4700  slimsvc - ok
17:34:18.0299 4700  Slntamr - ok
17:34:18.0315 4700  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:34:18.0361 4700  Smb - ok
17:34:18.0361 4700  smservauth - ok
17:34:18.0361 4700  smstsmgr - ok
17:34:18.0377 4700  smwdm - ok
17:34:18.0408 4700  [ B89CFBE8CB247B57D8C10ADAA66B462B ] snapman        C:\Windows\system32\se44unic.dll
17:34:18.0408 4700  Suspicious file (NoAccess): C:\Windows\system32\se44unic.dll. md5: B89CFBE8CB247B57D8C10ADAA66B462B
17:34:18.0408 4700  snapman ( Backdoor.Multi.ZAccess.gen ) - infected
17:34:18.0408 4700  snapman - detected Backdoor.Multi.ZAccess.gen (0)
17:34:18.0424 4700  SndTDriverV32 - ok
17:34:18.0455 4700  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:34:18.0486 4700  SNMPTRAP - ok
17:34:18.0486 4700  SNTIE - ok
17:34:18.0502 4700  softfax - ok
17:34:18.0502 4700  sonicatheaterinstallerservice - ok
17:34:18.0502 4700  sonypvu1 - ok
17:34:18.0517 4700  sparrow - ok
17:34:18.0517 4700  spcsutilityservice - ok
17:34:18.0517 4700  SPCtl - ok
17:34:18.0517 4700  speakerphone - ok
17:34:18.0533 4700  speedfan - ok
17:34:18.0549 4700  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
17:34:18.0580 4700  spldr - ok
17:34:18.0595 4700  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
17:34:18.0642 4700  Spooler - ok
17:34:18.0705 4700  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:34:18.0908 4700  sppsvc - ok
17:34:18.0939 4700  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
17:34:19.0017 4700  sppuinotify - ok
17:34:19.0017 4700  sprtsvc_ddoctorv2 - ok
17:34:19.0017 4700  sptisrv - ok
17:34:19.0017 4700  sp_rssrv - ok
17:34:19.0032 4700  SQLAgent$LG_LP2 - ok
17:34:19.0032 4700  sqlagent$soshome22 - ok
17:34:19.0032 4700  SQLBrowser - ok
17:34:19.0048 4700  sqlserveragent - ok
17:34:19.0064 4700  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:34:19.0142 4700  srv - ok
17:34:19.0173 4700  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:34:19.0235 4700  srv2 - ok
17:34:19.0235 4700  SrvcEPECioctl - ok
17:34:19.0251 4700  srvdpi - ok
17:34:19.0251 4700  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:34:19.0313 4700  srvnet - ok
17:34:19.0313 4700  sr_service - ok
17:34:19.0329 4700  sscdmdfl - ok
17:34:19.0345 4700  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:34:19.0391 4700  SSDPSRV - ok
17:34:19.0407 4700  SSHDRV61 - ok
17:34:19.0407 4700  sskbfd - ok
17:34:19.0423 4700  ssm_bus - ok
17:34:19.0423 4700  ssoftservice - ok
17:34:19.0438 4700  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:34:19.0470 4700  SstpSvc - ok
17:34:19.0470 4700  stacsv - ok
17:34:19.0480 4700  StarOpen - ok
17:34:19.0480 4700  starwindservice - ok
17:34:19.0522 4700  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:34:19.0537 4700  stexstor - ok
17:34:19.0538 4700  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:34:19.0579 4700  StillCam - ok
17:34:19.0589 4700  stirusb - ok
17:34:19.0615 4700  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:34:19.0684 4700  StiSvc - ok
17:34:19.0695 4700  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
17:34:19.0736 4700  storflt - ok
17:34:19.0751 4700  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
17:34:19.0784 4700  StorSvc - ok
17:34:19.0815 4700  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
17:34:19.0835 4700  storvsc - ok
17:34:19.0845 4700  streamloadservice - ok
17:34:19.0845 4700  superproserver - ok
17:34:19.0855 4700  Sus2pl - ok
17:34:19.0855 4700  suservice - ok
17:34:19.0870 4700  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:34:19.0901 4700  swenum - ok
17:34:19.0901 4700  swmidi - ok
17:34:19.0923 4700  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
17:34:19.0995 4700  swprv - ok
17:34:19.0995 4700  symantecantibotdriver - ok
17:34:20.0010 4700  SymIM - ok
17:34:20.0026 4700  symmpi - ok
17:34:20.0026 4700  symndis - ok
17:34:20.0026 4700  symredrv - ok
17:34:20.0041 4700  symwsc - ok
17:34:20.0041 4700  syntp - ok
17:34:20.0042 4700  sysdown - ok
17:34:20.0073 4700  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
17:34:20.0166 4700  SysMain - ok
17:34:20.0176 4700  sysmgmthp - ok
17:34:20.0176 4700  szserver - ok
17:34:20.0207 4700  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:20.0254 4700  TabletInputService - ok
17:34:20.0254 4700  tandpl - ok
17:34:20.0285 4700  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:34:20.0332 4700  TapiSrv - ok
17:34:20.0332 4700  tavsvc - ok
17:34:20.0363 4700  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
17:34:20.0425 4700  TBS - ok
17:34:20.0425 4700  TClass2k - ok
17:34:20.0472 4700  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:34:20.0581 4700  Tcpip - ok
17:34:20.0628 4700  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:34:20.0644 4700  TCPIP6 - ok
17:34:20.0675 4700  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:34:20.0706 4700  tcpipreg - ok
17:34:20.0722 4700  TcUsb - ok
17:34:20.0737 4700  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:34:20.0800 4700  TDPIPE - ok
17:34:20.0800 4700  tdrpman - ok
17:34:20.0800 4700  tdsmapi - ok
17:34:20.0815 4700  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:34:20.0847 4700  TDTCP - ok
17:34:20.0878 4700  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:34:20.0925 4700  tdx - ok
17:34:20.0940 4700  TeamViewer - ok
17:34:21.0034 4700  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:34:21.0268 4700  TeamViewer8 - ok
17:34:21.0284 4700  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:34:21.0315 4700  TermDD - ok
17:34:21.0346 4700  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
17:34:21.0424 4700  TermService - ok
17:34:21.0440 4700  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:34:21.0487 4700  Themes - ok
17:34:21.0502 4700  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
17:34:21.0518 4700  THREADORDER - ok
17:34:21.0518 4700  tme3srv - ok
17:34:21.0533 4700  tmesbs32 - ok
17:34:21.0549 4700  TMMEmu - ok
17:34:21.0549 4700  TNaviSrv - ok
17:34:21.0549 4700  tng-dtmg - ok
17:34:21.0549 4700  tnidriver - ok
17:34:21.0565 4700  toscosrv - ok
17:34:21.0565 4700  tosrfnds - ok
17:34:21.0580 4700  tosrfsnd - ok
17:34:21.0580 4700  tossmbnt - ok
17:34:21.0580 4700  tpkmpsvc - ok
17:34:21.0596 4700  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM            C:\Windows\system32\drivers\tpm.sys
17:34:21.0627 4700  TPM - ok
17:34:21.0643 4700  TPPWRIF - ok
17:34:21.0643 4700  tpsrv - ok
17:34:21.0643 4700  transactional - ok
17:34:21.0658 4700  transbaseservice - ok
17:34:21.0658 4700  trcboot - ok
17:34:21.0690 4700  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:34:21.0752 4700  TrkWks - ok
17:34:21.0799 4700  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:21.0830 4700  TrustedInstaller - ok
17:34:21.0846 4700  tsdhd - ok
17:34:21.0846 4700  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:21.0892 4700  tssecsrv - ok
17:34:21.0924 4700  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:34:21.0986 4700  TsUsbFlt - ok
17:34:22.0002 4700  TuneUp.Defrag - ok
17:34:22.0002 4700  TuneUp.ProgramStatisticsSvc - ok
17:34:22.0033 4700  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:34:22.0111 4700  tunnel - ok
17:34:22.0111 4700  tunnelguardservice - ok
17:34:22.0111 4700  tvald - ok
17:34:22.0127 4700  tvtpktfilter - ok
17:34:22.0127 4700  twotrack - ok
17:34:22.0127 4700  tzontservice - ok
17:34:22.0142 4700  U2SP - ok
17:34:22.0158 4700  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:34:22.0173 4700  uagp35 - ok
17:34:22.0205 4700  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:34:22.0267 4700  udfs - ok
17:34:22.0298 4700  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:34:22.0345 4700  UI0Detect - ok
17:34:22.0361 4700  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:34:22.0376 4700  uliagpkx - ok
17:34:22.0408 4700  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
17:34:22.0439 4700  umbus - ok
17:34:22.0454 4700  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:34:22.0486 4700  UmPass - ok
17:34:22.0517 4700  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:34:22.0579 4700  UmRdpService - ok
17:34:22.0579 4700  UNDPX2A - ok
17:34:22.0657 4700  [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS            C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
17:34:22.0907 4700  UNS - ok
17:34:22.0907 4700  uploadmgr - ok
17:34:22.0938 4700  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:34:22.0985 4700  upnphost - ok
17:34:23.0001 4700  USB28xxOEM - ok
17:34:23.0032 4700  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
17:34:23.0110 4700  USBAAPL - ok
17:34:23.0126 4700  USBCamera - ok
17:34:23.0141 4700  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\drivers\usbccgp.sys
17:34:23.0219 4700  usbccgp - ok
17:34:23.0250 4700  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:34:23.0328 4700  usbcir - ok
17:34:23.0344 4700  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:34:23.0391 4700  usbehci - ok
17:34:23.0422 4700  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:34:23.0500 4700  usbhub - ok
17:34:23.0500 4700  usbmate - ok
17:34:23.0516 4700  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:34:23.0563 4700  usbohci - ok
17:34:23.0578 4700  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:34:23.0609 4700  usbprint - ok
17:34:23.0609 4700  usbscan - ok
17:34:23.0625 4700  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:23.0672 4700  USBSTOR - ok
17:34:23.0687 4700  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:23.0734 4700  usbuhci - ok
17:34:23.0750 4700  usb_rndisx - ok
17:34:23.0750 4700  USIUDF - ok
17:34:23.0765 4700  usprserv - ok
17:34:23.0765 4700  USR1806V - ok
17:34:23.0781 4700  usrbridg - ok
17:34:23.0781 4700  utscsi - ok
17:34:23.0812 4700  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
17:34:23.0844 4700  UxSms - ok
17:34:23.0844 4700  vaiomediaplatform-integratedserver-upnp - ok
17:34:23.0859 4700  vaiomediaplatform-mobile-gateway - ok
17:34:23.0859 4700  vaiomediaplatform-musicserver-appserver - ok
17:34:23.0875 4700  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:34:23.0890 4700  VaultSvc - ok
17:34:23.0890 4700  VC6SecS - ok
17:34:23.0906 4700  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:34:23.0937 4700  vdrvroot - ok
17:34:23.0953 4700  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
17:34:24.0015 4700  vds - ok
17:34:24.0015 4700  venturi2 - ok
17:34:24.0015 4700  vet-filt - ok
17:34:24.0031 4700  vetmsgnt - ok
17:34:24.0046 4700  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:24.0078 4700  vga - ok
17:34:24.0093 4700  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:34:24.0140 4700  VgaSave - ok
17:34:24.0156 4700  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
17:34:24.0203 4700  vhdmp - ok
17:34:24.0218 4700  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:34:24.0249 4700  viaagp - ok
17:34:24.0265 4700  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
17:34:24.0296 4700  ViaC7 - ok
17:34:24.0312 4700  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:34:24.0327 4700  viaide - ok
17:34:24.0327 4700  videX32 - ok
17:34:24.0343 4700  vmauthdservice - ok
17:34:24.0374 4700  [ C2F2911156FDC7817C52829C86DA494E ] vmbus          C:\Windows\system32\drivers\vmbus.sys
17:34:24.0421 4700  vmbus - ok
17:34:24.0437 4700  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:34:24.0468 4700  VMBusHID - ok
17:34:24.0483 4700  vmm - ok
17:34:24.0483 4700  vmodem - ok
17:34:24.0483 4700  vmsprog - ok
17:34:24.0483 4700  vncdrv - ok
17:34:24.0499 4700  vnxservice - ok
17:34:24.0515 4700  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:34:24.0546 4700  volmgr - ok
17:34:24.0562 4700  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:34:24.0624 4700  volmgrx - ok
17:34:24.0624 4700  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:34:24.0671 4700  volsnap - ok
17:34:24.0671 4700  vpcnfltr - ok
17:34:24.0686 4700  vpcusb - ok
17:34:24.0702 4700  vsbus - ok
17:34:24.0718 4700  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
17:34:24.0764 4700  vsmraid - ok
17:34:24.0796 4700  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
17:34:24.0983 4700  VSS - ok
17:34:24.0983 4700  vvoice - ok
17:34:25.0014 4700  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:34:25.0061 4700  vwifibus - ok
17:34:25.0061 4700  VX1000 - ok
17:34:25.0061 4700  vzcdbsvc - ok
17:34:25.0061 4700  w200mdm - ok
17:34:25.0108 4700  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
17:34:25.0155 4700  W32Time - ok
17:34:25.0170 4700  w810obex - ok
17:34:25.0170 4700  W8335XP - ok
17:34:25.0170 4700  wacomkey - ok
17:34:25.0201 4700  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:34:25.0233 4700  WacomPen - ok
17:34:25.0248 4700  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:34:25.0295 4700  WANARP - ok
17:34:25.0295 4700  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:34:25.0311 4700  Wanarpv6 - ok
17:34:25.0326 4700  wanusb - ok
17:34:25.0326 4700  was - ok
17:34:25.0373 4700  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:25.0482 4700  WatAdminSvc - ok
17:34:25.0482 4700  WaveEnrollmentService - ok
17:34:25.0529 4700  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:34:25.0748 4700  wbengine - ok
17:34:25.0763 4700  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:34:25.0810 4700  WbioSrvc - ok
17:34:25.0826 4700  WcesComm - ok
17:34:25.0841 4700  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:34:25.0888 4700  wcncsvc - ok
17:34:25.0888 4700  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:25.0951 4700  WcsPlugInService - ok
17:34:25.0982 4700  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:34:26.0013 4700  Wd - ok
17:34:26.0044 4700  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:34:26.0107 4700  Wdf01000 - ok
17:34:26.0107 4700  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:34:26.0169 4700  WdiServiceHost - ok
17:34:26.0185 4700  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:34:26.0185 4700  WdiSystemHost - ok
17:34:26.0200 4700  WDM_YAMAHAAC97 - ok
17:34:26.0232 4700  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
17:34:26.0294 4700  WebClient - ok
17:34:26.0294 4700  webcompserver - ok
17:34:26.0294 4700  webrootenterpriseclientservice - ok
17:34:26.0294 4700  webrootenterpriseupdateservice - ok
17:34:26.0310 4700  websensecamserver - ok
17:34:26.0310 4700  websensewfreportserver - ok
17:34:26.0325 4700  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:34:26.0372 4700  Wecsvc - ok
17:34:26.0388 4700  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:34:26.0450 4700  wercplsupport - ok
17:34:26.0481 4700  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:34:26.0544 4700  WerSvc - ok
17:34:26.0591 4700  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:26.0637 4700  WfpLwf - ok
17:34:26.0637 4700  wg3n - ok
17:34:26.0637 4700  wg4n - ok
17:34:26.0669 4700  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:34:26.0684 4700  WIMMount - ok
17:34:26.0684 4700  winachcf - ok
17:34:26.0700 4700  WinDriver6 - ok
17:34:26.0700 4700  windrvNT - ok
17:34:26.0747 4700  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:34:26.0825 4700  Winmgmt - ok
17:34:26.0825 4700  winproxy - ok
17:34:26.0872 4700  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
17:34:27.0106 4700  WinRM - ok
17:34:27.0153 4700  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:34:27.0199 4700  WinUsb - ok
17:34:27.0215 4700  wkscfgsrv - ok
17:34:27.0246 4700  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:34:27.0387 4700  Wlansvc - ok
17:34:27.0418 4700  WLAN_USB - ok
17:34:27.0465 4700  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:27.0747 4700  wlidsvc - ok
17:34:27.0762 4700  wm - ok
17:34:27.0778 4700  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
17:34:27.0809 4700  WmiAcpi - ok
17:34:27.0840 4700  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:34:27.0872 4700  wmiApSrv - ok
17:34:27.0872 4700  wmp54gsvc - ok
17:34:27.0934 4700  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
17:34:28.0137 4700  WMPNetworkSvc - ok
17:34:28.0168 4700  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:34:28.0215 4700  WPCSvc - ok
17:34:28.0231 4700  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:34:28.0293 4700  WPDBusEnum - ok
17:34:28.0309 4700  wpsscannersvc - ok
17:34:28.0340 4700  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:34:28.0387 4700  ws2ifsl - ok
17:34:28.0387 4700  WSearch - ok
17:34:28.0402 4700  wstcodec - ok
17:34:28.0449 4700  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:34:28.0746 4700  wuauserv - ok
17:34:28.0777 4700  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:34:28.0808 4700  WudfPf - ok
17:34:28.0824 4700  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:28.0886 4700  WUDFRd - ok
17:34:28.0917 4700  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:34:28.0948 4700  wudfsvc - ok
17:34:28.0964 4700  WUSB54GCSVC - ok
17:34:28.0980 4700  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
17:34:29.0027 4700  WwanSvc - ok
17:34:29.0027 4700  X10UIF - ok
17:34:29.0042 4700  xaudioservice - ok
17:34:29.0042 4700  XBCD - ok
17:34:29.0042 4700  XDva004 - ok
17:34:29.0058 4700  XFX_program - ok
17:34:29.0058 4700  XUIF - ok
17:34:29.0058 4700  z525mdfl - ok
17:34:29.0073 4700  z800mgmt - ok
17:34:29.0073 4700  zdeviceservice - ok
17:34:29.0073 4700  zebrceb - ok
17:34:29.0089 4700  zebrsce - ok
17:34:29.0089 4700  zendcoreapache - ok
17:34:29.0089 4700  zfdwm - ok
17:34:29.0105 4700  zmxpzip - ok
17:34:29.0105 4700  zntport - ok
17:34:29.0120 4700  zpaction - ok
17:34:29.0120 4700  zpnodecollector - ok
17:34:29.0120 4700  ZSMC211 - ok
17:34:29.0136 4700  ZTEusbser6k - ok
17:34:29.0136 4700  ZuneBusEnum - ok
17:34:29.0151 4700  ZY202_XP - ok
17:34:29.0151 4700  {d31a0762-0ceb-444e-acff-b049a1f6fe91} - ok
17:34:29.0151 4700  ================ Scan global ===============================
17:34:29.0183 4700  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:34:29.0214 4700  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
17:34:29.0245 4700  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
17:34:29.0261 4700  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:34:29.0292 4700  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:34:29.0323 4700  [Global] - ok
17:34:29.0323 4700  ================ Scan MBR ==================================
17:34:29.0323 4700  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:34:29.0588 4700  \Device\Harddisk0\DR0 - ok
17:34:29.0588 4700  ================ Scan VBR ==================================
17:34:29.0604 4700  [ 2D6D5916DD2F58F371D5B6E1D9485F05 ] \Device\Harddisk0\DR0\Partition1
17:34:29.0604 4700  \Device\Harddisk0\DR0\Partition1 - ok
17:34:29.0635 4700  [ 82CD3A24382267300A241513BBCADE94 ] \Device\Harddisk0\DR0\Partition2
17:34:29.0635 4700  \Device\Harddisk0\DR0\Partition2 - ok
17:34:29.0651 4700  [ 762BB35437253E2ED2210E0FC48C0061 ] \Device\Harddisk0\DR0\Partition3
17:34:29.0666 4700  \Device\Harddisk0\DR0\Partition3 - ok
17:34:29.0666 4700  ============================================================
17:34:29.0666 4700  Scan finished
17:34:29.0666 4700  ============================================================
17:34:29.0666 1120  Detected object count: 6
17:34:29.0666 1120  Actual detected object count: 6
17:35:09.0185 1120  adpu160m ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0185 1120  adpu160m ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:35:09.0185 1120  AFD ( Virus.Win32.ZAccess.g ) - skipped by user
17:35:09.0185 1120  AFD ( Virus.Win32.ZAccess.g ) - User select action: Skip
17:35:09.0185 1120  genmcmn ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0185 1120  genmcmn ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:35:09.0185 1120  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:09.0185 1120  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:09.0200 1120  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:09.0200 1120  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:09.0200 1120  snapman ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:35:09.0200 1120  snapman ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

markusg 23.01.2013 18:31
Hi
das ist das, was ich erwartet hab.
wenn ihr von dem PC aus onlinebanking macht, lasst es wegen zero access rootkit sperren.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

hacori 24.01.2013 15:02
Danke für die Hilfe bzw die Ratschläge.

Nach dem gestrigen Ergebnis von TDSSKiller habe ich schon befürchtet, dass die einzig wirklich sinnvolle Möglicheit das Neuaufsetzen des Computers ist.

Onlinebanking läuft grundsätzlich nicht auf dem PC. Das erfolgt über eine Software, welche sich auf dem Server befindet.

markusg 24.01.2013 15:54
ok,
trotzdem ist das grade bei Arbeits pcs am besten neu aufzusetzen


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19